Security and Privacy
Mandatory Access Controls
Ultramarine Linux uses SELinux, a software that implements Mandatory Access Control. This prevents applications (and users) from accessing files they shouldnât be able to.
Users will usually be required to have root access to modify system files, and even then, SELinux may prevent you from doing so unless you have set the correct contexts for the files.
By default, SELinux is in âEnforcingâ mode, which means that it will prevent you from modifying system files unless you have the correct permissions. This shouldnât cause any issues. If you would like to disable SELinux you can runsudo setenforce 0
. We donât recommend this as it makes your system less secure.
Learn more about Permissions â
Privilege Control
Ultramarine Linux includes polkit, a tool used to manage privilege elevation. If youâve ever gotten a graphical password prompt on your system, youâve interacted with polkit.
Use the pkexec
command instead of sudo
to give polkit a try.
polkit also manages communication between privileged and non privileged applications.
Disk Encryption
Ultramarine Linux offers the option to encrypt your entire disk at install time. This protects your data from physical attacks and theft.
Sandboxing
When you install an app as a Flatpak, itâs contained within a sandbox, meaning it canât see what other apps are doing, and canât see files it isnât allowed to.
Restricted Memory Access
Ultramarine Linux and Fedora restrict access to physical memory. This should prevent most memory injection attacks.