fixes

privacyguides · Dec 30, 2021 · 7b243d1 · 7b243d1
1 parent 85a71f0
commit 7b243d1
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/_data/operating-systems/linux-desktop-immutable/1_fedora-silverblue.yml b/_data/operating-systems/linux-desktop-immutable/1_fedora-silverblue.yml
@@ -13,4 +13,4 @@ description: |
   <a href="https://www.flatpak.org">Flatpak</a> is the primary package installation method on these distrbutions, as rpm-ostree is only meant to overlay packages cannot stay inside of a container on top of the base image. Alternatively, the user can use <a href="https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/">Toolbox</a> to create <a href="https://podman.io">Podman</a> containers with a shared home directory with the host operating system and mimic a traditional Fedora environment.
 
 website: 'https://silverblue.fedoraproject.org'
-privacy_policy: 'https://wiki.archlinux.org/index.php/ArchWiki:Privacy_policy'
+privacy_policy: 'https://fedoraproject.org/wiki/Legal:PrivacyPolicy#:~:text=Fedora%20may%20share%20your%20personal,described%20in%20this%20Privacy%20Statement.'
diff --git a/collections/_evergreen/linux-desktop.html b/collections/_evergreen/linux-desktop.html
@@ -171,7 +171,8 @@ <h5>Hardened memory allocator</h5>
 <p>The <a href="https://github.com/GrapheneOS/hardened_malloc">hardened memory allocator</a> from <a href="https://grapheneos.org/">GrapheneOS</a> can be used on Linux distributions. It is available by default on Whonix and is available as an <a href="https://wiki.archlinux.org/title/Security#Hardened_malloc">AUR package</a> on Arch based distributions. If you are using the AUR package, consider setting up <code>LD_PRELOAD</code> as described in the <a href="https://wiki.archlinux.org/title/Security#Hardened_malloc">Arch Wiki</a>.</p>
 
 <h5>Umask</h5>
-<p>Consider changing the default UMASK for both regular users and root to 077.</p>
+<p>If you are not using openSUSE, consider changing the default UMASK for both regular users and root to 077.</p>
+<p>Changing UMASK to 077 tends to break snapper on openSUSE and is not recommended.</p>
 
 <h5>Mountpoint hardening</h5>
 Consider adding <code>nodev</code>, <code>noexec</code>, <code>nosuid</code> to mountpoints which do not need them. Typically, these could be applied to <code>/boot</code>, <code>/boot/efi</code>, <code>/home</code>, <code>/root</code>, <code>/var</code>.