scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-15 17:44:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
631 Commits 1 Branch 0 Tags
00d9871e70d691aef0cd469b6c256b04c712ffc2
Commit Graph

59 Commits

Author SHA1 Message Date
qoijjj
00d9871e70 chore: update chromium switches to match upstream JIT changes 2024-02-22 22:39:11 -08:00
qoijjj
993c66b6d0 chore: fix broken link 2024-02-22 13:24:10 -08:00
qoijjj
36feed3730 fix: remove duplicate line 2024-02-20 22:35:59 -08:00
qoijjj
2984116ec2 chore: disable bluetooth by default 2024-02-20 22:33:15 -08:00
qoijjj
dc9889eeec chore: request compiler argument changes upstream 2024-02-19 19:56:11 -08:00
qoijjj
b1f85b7c76 chore: document secureblue counterpart for vanadium patches and add additional policies 2024-02-18 12:14:36 -08:00
qoijjj
ad9e8262b9 chore: document secureblue counterpart for vanadium patches and add additional policies 2024-02-18 01:11:54 -08:00
trytomakeyouprivate
51ad6742e6 hardening: changed "debugfs" to experimental/breaking 2024-02-15 18:49:22 -08:00
qoijjj
c701e2ae21 chore: add --noexpose_wasm to chromium flags for consistency 
wasm is already disabled by --jitless, this gets rid of the warning.
 2024-02-13 10:51:21 -08:00
qoijjj
05723949f9 fix: move rpm-ostree yafti steps to POSTINSTALL-README 2024-02-01 17:33:58 -08:00
qoijjj
c737472a2d Merge branch 'template' into live 2024-01-27 17:22:45 -08:00
xyny
b16868f401 chore: remove yafti files (#229) 2024-01-27 16:12:51 +00:00
qoijjj
5dc1f9198f improve: only set nvidia power management for nvidia laptop images 2024-01-25 23:00:00 -08:00
qoijjj
c2a437c2ac docs: source link for chrony config 2024-01-25 22:24:00 -08:00
qoijjj
6bc46d51d6 improve: switch to drop-ins instead of full overrides 2024-01-25 21:30:47 -08:00
qoijjj
378f32202f improve: cleanup and document kargs 2024-01-25 21:14:53 -08:00
trytomakeyouprivate
1f8f69ab8e docs: fix formatting for chromium readme (#178) 
docs: fix formatting for chromium readme (#178)
 2024-01-25 12:31:43 -08:00
qoijjj
b096439521 improve: separate unstable kargs into a separate just command 2024-01-25 11:45:23 -08:00
qoijjj
0e7f763d61 docs: fix formatting 2024-01-25 11:37:38 -08:00
qoijjj
2f416b62b3 improve: add additional chromium hardening via policy 2024-01-25 11:31:31 -08:00
qoijjj
7f8802bd8d fix: kargs and karg documentation 2024-01-24 21:47:14 -08:00
qoijjj
1ac1165238 improve: remove hardened_malloc-light override for wireplumber after upstream fix 2024-01-23 10:02:39 -08:00
qoijjj
6cbd0280a8 fix: resolved config 2024-01-22 21:54:30 -08:00
qoijjj
06f6aa788d fix: switch to a resolved drop-in 2024-01-22 13:43:25 -08:00
qoijjj
c3f652528f fix: permit wheelless users to upgrade 2024-01-21 11:57:32 -08:00
qoijjj
c2893cbf16 fix location of server files 2024-01-08 01:37:36 -08:00
qoijjj
e768d4a0f6 fix: coreos images to allow image signing 2024-01-08 01:25:09 -08:00
qoijjj
e85fd07756 cleanup: login.defs file 2024-01-05 10:21:39 -08:00
qoijjj
d19116bd2b Fix cups just command 2024-01-05 00:15:42 -08:00
qoijjj
183b0234c2 Merge branch 'template' into live 2024-01-04 22:33:14 -08:00
xyny
f35d3c2544 fix: add single quotes for paths 2023-12-31 10:39:17 +00:00
xyny
d6806f9327 chore: migrate justfile to import 
https://github.com/ublue-os/config/issues/178
 2023-12-27 10:20:53 +00:00
Sadoon Al-Bader
24caa87dab chromium: Disable VAAPI and enable wayland 2023-12-24 13:59:11 -08:00
qoijjj
38999d4123 Add userns-enabled variant to give the users choice on the tradeoff between userns and non-userns 2023-12-16 13:11:41 -08:00
qoijjj
1cf19d4dbd Add kargs password prompt for yafti 2023-12-13 11:39:20 -08:00
qoijjj
5dd011c078 Disable io_uring, see inline comment for details 2023-12-11 10:49:16 -08:00
qoijjj
822f4f0277 Update ld.so.preload according to #119 
https://github.com/secureblue/secureblue/issues/119
 2023-12-11 09:04:49 -08:00
qoijjj
f24704397a move jitless flag for chromium to the correct location for fedora 2023-12-10 00:47:48 -08:00
qoijjj
bee997577b Add cups back to the image and disable it by default. Include a just command to enable it if the user chooses. 2023-12-10 00:03:13 -08:00
qoijjj
6c13b8293b chronyd hardening 2023-12-09 23:30:23 -08:00
qoijjj
a3ddde977b Hardened chromium config 2023-12-09 23:22:53 -08:00
34n0
3685fa6daa feat: 🔒 harden and enable pam faillock, password encryption & quality suggestions 2023-12-08 13:40:46 -08:00
qoijjj
baf53da8b8 Add sericea images, add separate laptop images for tlp, and refactor 2023-12-07 16:06:50 -08:00
qoijjj
0aa5d6aba7 Only allow sudoless rpm-ostree for upgrades and refreshes 2023-12-05 12:23:47 -08:00
qoijjj
f559a983f7 Add back yafti and include various new steps, including kernel and flatpak hardening automation 2023-12-05 00:06:49 -08:00
qoijjj
719016a526 Add chrony config to enable NTS. 2023-12-04 22:43:44 -08:00
qoijjj
dadc1ece43 Add warning about removing userns setting 2023-12-04 18:28:27 -08:00
qoijjj
25ac909ef8 Fix wireplumber issue with hardened malloc #92 2023-12-04 16:31:58 -08:00
qoijjj
28cb192d43 Fix upowerd for use without unprivileged usernamespaces 2023-11-30 14:35:35 -08:00
34n0
0b1c932fe8 feat: add per network mac randomization 2023-11-30 13:58:50 -08:00