scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2026-01-07 20:51:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

hardening: changed "debugfs" to experimental/breaking

Browse Source
This commit is contained in:
trytomakeyouprivate
2024-02-12 15:35:32 +00:00
committed by qoijjj
parent c701e2ae21
commit 51ad6742e6
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/files/usr/share/ublue-os/just/60-custom.just
View File

@@ -10,7 +10,6 @@ set-kargs-hardening:
--append-if-missing="page_alloc.shuffle=1" \
--append-if-missing="randomize_kstack_offset=on" \
--append-if-missing="vsyscall=none" \
--append-if-missing="debugfs=off" \
--append-if-missing="lockdown=confidentiality" \
--append-if-missing="random.trust_cpu=off" \
--append-if-missing="random.trust_bootloader=off" \
@@ -26,7 +25,8 @@ set-kargs-hardening:
set-kargs-hardening-unstable:
echo "Warning: setting these kargs may lead to boot issues on some hardware."
rpm-ostree kargs \
--append-if-missing="efi=disable_early_pci_dma"
--append-if-missing="efi=disable_early_pci_dma" \
--append-if-missing="debugfs=off"
harden-flatpak:
flatpak override --user --filesystem=host-os:ro --env=LD_PRELOAD=/var/run/host/usr/lib64/libhardened_malloc.so