{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreib2oftsc75x6onnq5umpizzhsvfjsmmxqietyqficdh6hcwaciw4y",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mfpanseqzfp2"
  },
  "path": "/t/secure-blue-is-it-really-secure/35745#post_4",
  "publishedAt": "2026-02-25T17:49:38.000Z",
  "site": "https://discuss.privacyguides.net",
  "textContent": "> Where is the con?\n\n**If your cpu is vulnerable to SMT then half your cpu cores will be gone** no beginners would like to have this.\n\n**secureblue does hardening of the kernel’s cmdline and sysctls.**\n\ncompile hardening is secure than runtime hardening thats why for hardened system you should combine both to create a secure environment.\n\n> While confined users would be great, using confined Selinux users puts burden on the users and leads to breakage.\n\nThat’s why i told its deliberate choice by secureblue and also it breaks many things i already mentioned this in post.\n\n> Some things which come to mind, which don’t work ootb with `user_u:user_r:user_t`: Flatpaks, Appimages, document scanners and Tor Browser.\n\nI daily drive with confined user not just user_r role there are also few other roles. Yes ootb manythings doesnot work that’s why i mentioned use this for general browsing, coding and all other general tasks. One more thing Tor Browser works within user_r role i use it all time.",
  "title": "Secure Blue is it really Secure?"
}