Customize your Linux installation and gain working knowledge of your system at the same time.

Most Linux users are content with a standard installation of their distribution of choice. However, many prefer a custom installation. They may simply prefer to do things their way without dozens of post-install tweaks. Others may want to know exactly what they are installing as a requirement for security. Still others may want a consistent installation for multiple machines or to learn more about their operating system step by step. Linux offers tools for all these purposes.

Admittedly, most of these tools are for major distributions. A survey of these tools shows that many are for time-tested distros like Debian or openSUSE. If you want a custom install of, say, KDE neon or Puppy Linux, you may not find a ready-made solution. But among the major distributions, you are like to find multiple solutions. Read on for some of the main options.

We are happy to announce the release of a new Calculate Linux Desktop flavour, featuring the LXQt desktop and therefore named CLDL. As well as other Calculates, it is backward compatible with Gentoo. As well as Gentoo, it uses Portage to install and manage packages. Our repository contains 13033 binary packages. The system boots with OpenRC. For network configuration, you have the choice between NetworkManager or OpenRC. For sound management, ALSA is suggested, PulseAudio is not needed.
CLDL is the fifth little one in the Calculate Linux Desktop family, providing a full-fledged workplace both in office and at home. This new distribution perfectly combines the advantages of Qt5, which is indeed the base for its interface, with the low system requirements of the Openbox window manager. CLDL is localized out-of-box in all standard European languages.

The design of CLIP OS 5 includes three elements: a bootloader, a core system, and the cages. The system uses secure boot with signed binaries. Only the x86 architecture was supported in the previous versions, and there are no other architectures in the plan for now. The core system is based on Hardened Gentoo. Finally, the cages provide user sessions, with applications and documents.

Processes running in separate cages cannot communicate directly. Instead, they must pass messages using special services on the core system; these services are unprivileged and confined on the cage system, but privileged on the core. These communication paths are shown in this architecture diagram from the documentation. Cages are also isolated from the core system itself — all interactions (system calls, for example) are checked and go through mediation services. The isolation between applications will be using containers, and the team plans to use the Flatpak format. The details of the CLIP OS 5 implementation are not available yet, as this feature is planned for the stable release.

A specific Linux security module (LSM) inspired from Linux-VServer will be used to add additional isolation between the cages, and between the cages and the core system. Linux-VServer is a virtual private server implementation designed for web hosting. It implements partitioning of a computer system in terms of CPU time, memory, the filesystem, and network addressing into security contexts. Starting and stopping a new virtual server corresponds to setting up and tearing down a security context.

ANSSI, the National Cybersecurity Agency of France, has released the sources of CLIP OS, that aims to build a hardened, multi-level operating system, based on the Linux kernel and a lot of free and open source software. We are happy to hear that it is based on Gentoo Hardened!