qoijjj
31b1339fa5
chore: disable yafti run on config change as it causes user confusion
2024-08-11 04:49:00 -07:00
Ivo Damjanović
94eca70c71
fix: container policy hardening script for cosmic images ( #367 )
2024-08-10 20:54:31 -07:00
qoijjj
3b927dc8ed
fix: check only the first string token when searching lsattr
2024-08-10 03:56:35 -07:00
qoijjj
872cb784ef
feat: add ujust command to lock bash environment files to mitigate LD… ( #365 )
2024-08-09 16:14:44 -07:00
qoijjj
0104d6a697
fix: revert container policy hardening migration to /etc until upstream migrates
2024-08-08 17:28:44 -07:00
fiftydinar
378caba43f
docs: clarify disablement of GNOME user extensions better ( #364 )
2024-08-08 15:59:25 -07:00
qoijjj
3fb96ece10
chore: move /usr/etc to /etc per upstream rpm-ostree recommendation
2024-08-08 15:48:30 -07:00
SnuggleCovenant
4c85413563
remove gnome videos (totem) from yafti.yml ( #363 )
...
the totem app is abandoned
2024-08-07 14:53:34 -07:00
fiftydinar
e1a130f6f9
feat: Disable user Gnome extensions & user-installation of them ( #361 )
2024-08-06 17:14:30 -07:00
qoijjj
78b531846d
chore: fix build by isolating silverblue-only package
2024-08-06 10:39:05 -07:00
qoijjj
2318f83a9a
chore: ensure package consistency across images
2024-08-06 10:01:13 -07:00
qoijjj
f75215cfdf
fix: set permissions for xwayland file in ujust command
2024-08-03 12:19:43 -07:00
spaceoden
c21a697252
Update 60-custom.just.readme.md to put new kargs in the correct section ( #357 )
...
the new kargs were added to set-kargs-hardening, not set-kargs-hardening-unstable
2024-08-02 13:01:52 -07:00
qoijjj
9f56f2ff06
feat: set additional kargs to override suboptimal defaults
2024-08-01 22:43:23 -07:00
qoijjj
084fe1a40c
fix: remove usbguard-dbus due to insufficient systemd sandboxing ( #352 )
2024-07-31 14:20:49 -07:00
qoijjj
eea350af56
fix: remove comments from harden-flatpak ujust command to fix just parsing
2024-07-30 16:26:34 -07:00
spaceoden
7c0976da7e
feat: add to harden-flatpak logic that applies the highest supported hwcap ( #346 )
2024-07-30 15:31:43 -07:00
qoijjj
b31aff0994
fix: prevent bluefin yafti from starting
2024-07-30 00:22:30 -07:00
qoijjj
298bbda019
fix: ujust command typos
2024-07-30 00:03:25 -07:00
qoijjj
b9fc6e4826
feat: remove xwayland by default ( #347 )
2024-07-29 23:02:10 -07:00
Root
9a843f3861
docs: add docs to JIT disable in Gnome ( #345 )
...
* Add docs to JIT disable in Gnome
* Properly add env file in ujust
2024-07-29 09:57:15 -07:00
Root
1a55f1549b
feat: add ujust to toggle Gnome JS JIT ( #344 )
...
* Add ujust to toggle Gnome JS JIT
* Disable Gnome JIT by default
2024-07-28 21:48:48 -07:00
qoijjj
abcdd4e3ac
chore: remove chsh
2024-07-28 21:39:58 -07:00
qoijjj
45c9506980
feat: switch to hardened-chromium ( #343 )
...
* fix: selinux policy for chrome suid sandbox
* feat: switch to hardened-chromium
2024-07-28 21:12:45 -07:00
Tommy
be1effa83d
Remove net.ipv4.conf.*.secure_redirects = 0 ( #315 )
...
squash
2024-07-27 12:38:16 -07:00
HryshcIlya
1106f0e897
docs: update URLs to reflect new file structure ( #333 )
...
* docs: update URLs to reflect new file structure
This commit updates various documentation and configuration file URLs to match the new directory structure for the secureblue project. These changes ensure that links resolve correctly and point to the appropriate files after the recent reorganization.
* chore: delete file vanadium_comparison.readme.md
---------
Co-authored-by: qoijjj <129108030+qoijjj@users.noreply.github.com >
2024-07-26 21:22:31 -07:00
qoijjj
c16debbdd4
Revert "feat: switch to hardened-chromium ( #332 )"
...
This reverts commit 721ad757b5
2024-07-25 00:15:25 -07:00
qoijjj
721ad757b5
feat: switch to hardened-chromium ( #332 )
2024-07-24 23:35:23 -07:00
qoijjj
23fde33ad6
feat: disable geoclue by default
2024-07-22 17:38:27 -07:00
qoijjj
3187065cbf
chore: add back executable bit where needed
2024-07-21 14:35:26 -07:00
qoijjj
0c1551df09
chore: bump dependencies and migrate to bluebuild 1.6
2024-07-21 14:33:53 -07:00
