For some reasons I use syncthing inside a container with a volume that is located in my home directory. While it's designed to run on Docker, it also works fine with podman which is rootless.
Until SELinux kicks in.
In this post I will try to explained how I managed to make syncthing work inside a podman container on a host where SELinux is present and enforced.
Major warning: I'm not an SELinux expert, and I noticed that policies generated by udica are quite permissive. This is a quick & dirty & easy solution for those who don't want to turn off SELinux.
Lire la suite de SELinux: playing with podman + syncthing
AlmaLinux provides some "Live" images with various desktop environments. I installed the KDE "spin" and found out that there is a crap load of useless / unwanted packages. Here are my notes to disable them.
Packages that I don't need:
$ sudo dnf remove kmines kmahjongg kolourpaint kruler akregator kmail konversation dragon juk kamoso kaddressbook korganizer plasma-discover flatpak* sssd* java-11-openjdk-headless oddjob
You may want to keep sssd and oddjob if your workstation has membership to an Active Directory. You may also want to keep plasma-discover if you want a GUI to search for packages and have software updates notifications.
Softwares that can be a security issue on a workstation (they may listen for connections or allow unwanted remote access):
$ sudo dnf remove cockpit* krfb krdc hyperv* mariadb* open-vm-tools qemu-guest-agent spice-vdagent tcpdump openssh-server
It's a shame that AlmaLinux and RockyLinux do not provide a "minimal" KDE Live image, or a clear documentation to install a minimal set of packages. Let's hope that KDE gets more attention from Red Hat for the next major release!