qoijjj
656bf9b5e2
feat: disable chromium internal pdf viewer
2024-04-19 16:22:38 -07:00
qoijjj
a86a3b7a02
feat: add additional chromium hardening based on vanadium
2024-04-17 22:53:33 -07:00
qoijjj
23020bab4e
docs: update vanadium comparison readme
2024-04-17 22:28:05 -07:00
qoijjj
e1f6b5ba9f
feat: add additional chromium policy hardening and drop chkrootkit as its false positives make it low-utility
2024-03-31 06:32:39 +00:00
qoijjj
d3f2ba5d2e
docs: fix broken links to the fedora chromium spec
2024-03-28 17:43:15 +00:00
qoijjj
8712beeb44
docs: add additional chromium documentation and fix existing documentation
2024-03-28 17:39:04 +00:00
qoijjj
67e114ce4b
fix: sudo timeout to 1min instead of 0min
2024-03-22 13:30:15 -07:00
qoijjj
e53449e86e
docs: fix broken markdown table
2024-03-20 17:47:03 -07:00
qoijjj
476252c130
chore: additional chromium improvements
2024-03-18 19:49:58 -07:00
qoijjj
b9f4abc3b8
feat: add chromium VAAPI flags
2024-03-18 19:11:41 -07:00
qoijjj
6732e2caa8
chore: remove unnecessary quotes
2024-03-18 18:46:03 -07:00
qoijjj
09032c19b0
docs: pull in new patch details from Vanadium
2024-03-18 15:53:20 -07:00
qoijjj
be9f5a54d4
docs: readability improvements
2024-03-18 15:01:22 -07:00
qoijjj
e53fac6fec
feat: additional chromium hardening
2024-03-18 14:54:17 -07:00
fiftydinar
efba15919d
fix: Assure that "disabling CoreDump tweak" is applied correctly ( #241 )
...
* fix: Assure that "disabling CoreDump tweak" is applied correctly
Since Fedora uses systemd, we need to make this change too, else it won't be applied throughout the system, but only in SSH/TTY sessions.
Bluefin had the same issue with open-file limits tweak here:
https://github.com/ublue-os/bluefin/pull/988
I usually put those config overrides to `/usr/lib`, but I will put them in `/usr/etc` to comply with the project's structure.
As far as I look, this is the only tweak which needs this systemd conf change.
* fix: Assure that "disabling CoreDump tweak" is applied correctly
Since Fedora uses systemd, we need to make this change too, else it won't be applied throughout the system, but only in SSH/TTY sessions.
Bluefin had the same issue with open-file limits tweak here:
https://github.com/ublue-os/bluefin/pull/988
I usually put those config overrides to `/usr/lib`, but I will put them in `/usr/etc` to comply with the project's structure.
As far as I look, this is the only tweak which needs this systemd conf change.
Signed-off-by: fiftydinar <65243233+fiftydinar@users.noreply.github.com >
---------
Signed-off-by: fiftydinar <65243233+fiftydinar@users.noreply.github.com >
2024-03-15 12:36:20 -07:00
qoijjj
83ad8d1377
improve: move upower workaround to scripts
2024-03-13 12:48:58 -07:00
qoijjj
a15fe0bc1c
docs: fix link to JIT setting
2024-03-10 00:31:03 -08:00
qoijjj
e485ec92eb
fix: revert one of the previous changes as it has no change from the default
2024-03-04 11:45:23 -08:00
qoijjj
073c40b456
improve: add additional chromium hardening policies
2024-03-04 10:14:54 -08:00
qoijjj
932a68d334
docs: additional update to reflect new upstream patches
2024-02-27 17:21:18 -08:00
qoijjj
d4b973a8ce
docs: update to reflect additional chromium patches
2024-02-27 17:16:24 -08:00
qoijjj
00d9871e70
chore: update chromium switches to match upstream JIT changes
2024-02-22 22:39:11 -08:00
qoijjj
993c66b6d0
chore: fix broken link
2024-02-22 13:24:10 -08:00
qoijjj
36feed3730
fix: remove duplicate line
2024-02-20 22:35:59 -08:00
qoijjj
2984116ec2
chore: disable bluetooth by default
2024-02-20 22:33:15 -08:00
qoijjj
dc9889eeec
chore: request compiler argument changes upstream
2024-02-19 19:56:11 -08:00
qoijjj
b1f85b7c76
chore: document secureblue counterpart for vanadium patches and add additional policies
2024-02-18 12:14:36 -08:00
qoijjj
ad9e8262b9
chore: document secureblue counterpart for vanadium patches and add additional policies
2024-02-18 01:11:54 -08:00
qoijjj
c701e2ae21
chore: add --noexpose_wasm to chromium flags for consistency
...
wasm is already disabled by --jitless, this gets rid of the warning.
2024-02-13 10:51:21 -08:00
qoijjj
5dc1f9198f
improve: only set nvidia power management for nvidia laptop images
2024-01-25 23:00:00 -08:00
qoijjj
c2a437c2ac
docs: source link for chrony config
2024-01-25 22:24:00 -08:00
qoijjj
6bc46d51d6
improve: switch to drop-ins instead of full overrides
2024-01-25 21:30:47 -08:00
trytomakeyouprivate
1f8f69ab8e
docs: fix formatting for chromium readme ( #178 )
...
docs: fix formatting for chromium readme (#178 )
2024-01-25 12:31:43 -08:00
qoijjj
0e7f763d61
docs: fix formatting
2024-01-25 11:37:38 -08:00
qoijjj
2f416b62b3
improve: add additional chromium hardening via policy
2024-01-25 11:31:31 -08:00
qoijjj
1ac1165238
improve: remove hardened_malloc-light override for wireplumber after upstream fix
2024-01-23 10:02:39 -08:00
qoijjj
6cbd0280a8
fix: resolved config
2024-01-22 21:54:30 -08:00
qoijjj
06f6aa788d
fix: switch to a resolved drop-in
2024-01-22 13:43:25 -08:00
qoijjj
e85fd07756
cleanup: login.defs file
2024-01-05 10:21:39 -08:00
Sadoon Al-Bader
24caa87dab
chromium: Disable VAAPI and enable wayland
2023-12-24 13:59:11 -08:00
qoijjj
38999d4123
Add userns-enabled variant to give the users choice on the tradeoff between userns and non-userns
2023-12-16 13:11:41 -08:00
qoijjj
5dd011c078
Disable io_uring, see inline comment for details
2023-12-11 10:49:16 -08:00
qoijjj
822f4f0277
Update ld.so.preload according to #119
...
https://github.com/secureblue/secureblue/issues/119
2023-12-11 09:04:49 -08:00
qoijjj
f24704397a
move jitless flag for chromium to the correct location for fedora
2023-12-10 00:47:48 -08:00
qoijjj
6c13b8293b
chronyd hardening
2023-12-09 23:30:23 -08:00
qoijjj
a3ddde977b
Hardened chromium config
2023-12-09 23:22:53 -08:00
34n0
3685fa6daa
feat: 🔒 harden and enable pam faillock, password encryption & quality suggestions
2023-12-08 13:40:46 -08:00
qoijjj
baf53da8b8
Add sericea images, add separate laptop images for tlp, and refactor
2023-12-07 16:06:50 -08:00
qoijjj
719016a526
Add chrony config to enable NTS.
2023-12-04 22:43:44 -08:00
qoijjj
dadc1ece43
Add warning about removing userns setting
2023-12-04 18:28:27 -08:00
