GrapheneOS
-The private and secure mobile operating system with Android app compatibility. +
Hakurei
+A security-focused Linux container runtime for desktop applications. Developed as a non-profit open source project.
- Install GrapheneOS + Install HakureiGet to know GrapheneOS
+Get to know Hakurei
About
-GrapheneOS is a privacy and security focused mobile OS with Android app - compatibility developed as a non-profit open source - project. It's focused on the research and development of privacy and security - technology including substantial improvements to sandboxing, exploit - mitigations and the permission model. It was founded in 2014 and was - formerly known as CopperheadOS.
+Hakurei is a security-focused Linux container runtime for running unmodified + desktop applications, developed as a non-profit open source + project. It also implements planterette, an + experimental self-contained Android-like package manager with modern security + features.
-GrapheneOS improves the privacy and security of the OS from the bottom up. - It deploys technologies to mitigate whole classes of vulnerabilities and make - exploiting the most common sources of vulnerabilities substantially more - difficult. It improves the security of both the OS and the apps running on it. - The app sandbox and other security boundaries are fortified. GrapheneOS tries - to avoid impacting the user experience with the privacy and security features. - Ideally, the features can be designed so that they're always enabled with no - impact on the user experience and no additional complexity like configuration - options. It's not always feasible, and GrapheneOS does add various toggles for - features like the Network permission, Sensors permission, restrictions when - the device is locked (USB-C / pogo pins, camera, quick tiles), etc. along with - more complex user-facing privacy and security features with their own UX.
+Security on the desktop has always left something to be desired. While Qubes OS provides excellent + security, its performance and usability limitations make it unsuitable for most + use cases. Hakurei attempts to fill that gap by running applications natively + while still establishing decent compartmentalisation enforced by the kernel.
-The features page provides an overview of the - substantial privacy and security improvements added by GrapheneOS to the - Android Open Source Project (AOSP). Many of our past features were contributed to AOSP, Linux and other projects to improve - privacy and security for billions of users so they're no longer listed on - our features page.
+Hakurei runs each container as a dedicated subordinate user and sets up the + container via unprivileged user namespaces as another layer of defense against + privilege escalation. Unprivileged user namespace creation is made unavailable + in containers by default to reduce attack surface, but can be optionally enabled + for applications with strong built-in sandboxes to avoid having to ruin their + sandbox.
-Official releases are available on the releases - page and installation instructions are on the install - page.
- -GrapheneOS also develops various apps and services with a focus on privacy - and security. Vanadium is a hardened variant of the Chromium browser and - WebView specifically built for GrapheneOS. GrapheneOS also includes our - minimal security-focused PDF Viewer, our hardware-based Auditor app / - attestation service providing local and remote verification of devices, - our modern privacy / security focused camera app, and the externally developed - Seedvault encrypted backup which was initially developed for inclusion in - GrapheneOS.
+Official releases are available via Gitea + and documentation for the included NixOS module can be found + here.
No Google apps or services
+OS Compatibility
-GrapheneOS will never include either Google Play services or another - implementation of Google services like microG. It's possible to install Play - services as a set of fully sandboxed apps without special privileges via our - sandboxed Google Play compatibility - layer. See the FAQ section for more - details on our plans for filling in the gaps from not shipping Play services - and Google apps.
-Hakurei does not try to support every major Linux distribution and their + configuration of the kernel. Most Debian-based distributions disable + unprivileged user namespace creation by default, and while that could be a + good way to reduce attack surface, it also disables a layer of security + where the kernel enforces strict limits on user namespaces created by + an unprivileged user. Having to set up the sandbox as root also adds + significant complexity to the setuid wrapper. + The reduction of attack surface is also made irrelevant since hakurei can + disable unprivileged user namespace creation on a per-container basis.
-Device support
+Users on affected kernels can switch to an unmodified (and up to date) kernel
+ or enable unprivileged user namespace creation by setting the
+ kernel.unprivileged_userns_clone sysctl to 1.
+ Whether or not it increases attack surface is largely dependent on what runs
+ on the system, however if all apps are spawned by Hakurei and the rest of the
+ system is sufficiently secured, enabling unprivileged user namespace creation
+ should not increase attack surface whatsoever.
See the FAQ section on device support.
+While Hakurei is primarily developed on NixOS and relies on Nix for its + integration test suite, it does not target NixOS or make assumptions that are + only true on NixOS. Unfortunately, mistakes do happen semi-often as the + architecture of NixOS can often hide bugs and assumptions. Please report such anomalies if you encounter them.