Question fedora 43 kernel 6.19.11 issue?

[Victor M]

Fedora is more up-to-date

my reason for sticking with Fedora, attackers move fast, we have to move just as fast or faster.

 

[lokamoka820]

I'm considering installing Arch...

Try EndeavourOS for Arch without the hassle.

 

[simmerskool]

You can try it in your VM but Fedora is more stable.
If you decide to try Arch, check out CachyOS for easy installation and most things set up out of the box. It's also faster due to extra performance optimization done to the kernel and packages.
Most of the things that I learned about Linux were by using Arch (vanilla Arch). So as a learning experience, it's good to try it. Perhaps, you already tried it in the past and want to revisit.

well I ran centOS for years, but had help from techie friend, but I sorta learned Gnome & shell. then did not run linux for a few years but started again when I put VMware on this win10 host. I think I learned more in the last 2 years asking chatgpt how can I do this. I have heard Arch and its wiki is a good learning experience. thanks!

 

[simmerskool]

Nah, learn about SELinux instead. Out of the box you are 'unconfined_u'. I have made myself a 'staff_u' and some 'user_u' accounts. There is blast radius / damage control benefit, the users are now confined and more restricted in what they can do. Least privilege.

good idea. I do check selinux every day (created a systemcheck script that checks several basic things) but my selinux is basically enforcing at fedora default. I will put a focus on learning selinux more deeply.

 

[simmerskool]

Manjaro.

I ran manjaro for awhile, it was good, but I prefer fedora / gnome

 

[simmerskool]

actually they are all staff_u users, because Fedora currently bugs out with user_u GDM logins. But the main diff between staff_u and user_u is the ability to sudo, and when an account is not in the wheel group, then they can't sudo, no matter what the selinux policy says.

And I have also made requirements for Yubikey for login and sudo. Unlike pesky M$ and their requirement for Entra ID (azure) to do token logins, Fedora just works. No key, no escalation. Had my Yubikey for 10+ years already - definitely worth the investment of $50.(2x keys). Google Advanced Protection uses it, so all my google accounts are protected with phish proof hardware token 2FA.

I have 2 yubi keys, but a tad problematic (for me) in VMware... haven't yet felt the need "I must fix this."