Does Xen/QubesOS use hardened_malloc? Can we request the use of hardened_malloc in dom0 and in the templates?
Fedora secureblue (Hardened Silverblue) has hardened malloc by default.
Could we request this template is included into the template manager?
What would be the best way to use dom0 and templates and an OS with hardened malloc?
You can use kicksecure template if you need template with hardened malloc:
How to get this template, it is in Template Manger?
Or you mean distro morph Debian?
You’ll need to morph it from debian template:
It’s not possible to morph Fedora into hardened Silverblue
sys-net and sys-firewall both use fedora it would be interesting if there was a means
of converting fedora into secureblue (Hardened Fedora Silverblue).
You can use other templates besides fedora for sys-net and sys-firewall, kicksecure included.
Have you tried this? Was it successful?
It worked for other users:
I’m not sure what that link tells me.
So sys-net based on kicksecure works for that user.
It says “mac randomization not working”.
It was fixed in the end, check the last post.
But are these steps required for every single distro morph?
What steps are you referring to?
And what do you mean “for every single distro morph”?
So I have to complete these steps every time I morph from debian into kicksecure?
Are you referring to these steps?
You need follow these steps to morph the debian template into kicksecure only once and after this you can use this kicksecure template for as long as you need.
I don’t understand what do you mean by morphing the debian to kicksecure every time.
So there’s no Qubes template that is already morphed. I was referring to the link you posted about MAC randomization being an issue, how did they solve this?