I am evaluating Kicksecure for my desktop. I have some initial questions that I hope someone can answer:
Is it possible to use Kicksecure without enabling sudo for any users without loss of normal functionality? In other words, rely entirely on the rescue/recovery boot option to do any root operations like apt upgrade, etc.? Without the logged in user even being a member of privileged groups like wheel? I know doing so would be inconvenient. But I’m wondering if there are activities Kicksecure expects of users that require sudo.
Is there a place where one can put suid exes (not root-owned, and chattr +i’ed to prevent modification) that is safe from suid-prevention scripts and/or mount nosuid points? I plan to use multiple system user accounts controlled by suid exes, but I read that either Kicksecure currently checks or will in the near future check to prevent suids.
I plan on using bwrap for sandboxing. Does anyone in the Kicksecure community have opinions as to whether it should be installed and used suid with unprivileged namespaces disabled, or non-suid with unprivileged namespaces enabled? I’m on the fence about this. The biggest difference in functionality is that without unprivileged namespaces, there is no way to nest bwrap sandboxes. But I read that enabling unprivileged namespaces is risky.
I am considering starting with CLI Kicksecure and installing my own GUI configuration in order to sandbox Xorg and other parts of the desktop (a Qubes-like setup with sandboxes instead of VMs). What packages of the GUI Kicksecure should I consider after doing this, and are they separated enough from the standard XFCE install to use without it? Or am I better off starting with the XFCE GUI Kicksecure and retrofitting sandboxes?
Thanks in advance for any help with these questions!