From 51ad6742e6991ae7007cc93a2f572b802a8a9449 Mon Sep 17 00:00:00 2001
From: trytomakeyouprivate
 <113100745+trytomakeyouprivate@users.noreply.github.com>
Date: Mon, 12 Feb 2024 15:35:32 +0000
Subject: [PATCH] hardening: changed "debugfs" to experimental/breaking

---
 config/files/usr/share/ublue-os/just/60-custom.just | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/files/usr/share/ublue-os/just/60-custom.just b/config/files/usr/share/ublue-os/just/60-custom.just
index a2b6a15..c92b55c 100644
--- a/config/files/usr/share/ublue-os/just/60-custom.just
+++ b/config/files/usr/share/ublue-os/just/60-custom.just
@@ -10,7 +10,6 @@ set-kargs-hardening:
       --append-if-missing="page_alloc.shuffle=1" \
       --append-if-missing="randomize_kstack_offset=on" \
       --append-if-missing="vsyscall=none" \
-      --append-if-missing="debugfs=off" \
       --append-if-missing="lockdown=confidentiality" \
       --append-if-missing="random.trust_cpu=off" \
       --append-if-missing="random.trust_bootloader=off" \
@@ -26,7 +25,8 @@ set-kargs-hardening:
 set-kargs-hardening-unstable:
     echo "Warning: setting these kargs may lead to boot issues on some hardware."
     rpm-ostree kargs \
-      --append-if-missing="efi=disable_early_pci_dma"
+      --append-if-missing="efi=disable_early_pci_dma" \
+      --append-if-missing="debugfs=off"
 
 harden-flatpak:
     flatpak override --user --filesystem=host-os:ro --env=LD_PRELOAD=/var/run/host/usr/lib64/libhardened_malloc.so