secureblue

mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-06 13:27:51 +00:00

Author	SHA1	Message	Date
qoijjj	e53449e86e	docs: fix broken markdown table	2024-03-20 17:47:03 -07:00
qoijjj	476252c130	chore: additional chromium improvements	2024-03-18 19:49:58 -07:00
qoijjj	b9f4abc3b8	feat: add chromium VAAPI flags	2024-03-18 19:11:41 -07:00
qoijjj	6732e2caa8	chore: remove unnecessary quotes	2024-03-18 18:46:03 -07:00
qoijjj	09032c19b0	docs: pull in new patch details from Vanadium	2024-03-18 15:53:20 -07:00
qoijjj	be9f5a54d4	docs: readability improvements	2024-03-18 15:01:22 -07:00
qoijjj	e53fac6fec	feat: additional chromium hardening	2024-03-18 14:54:17 -07:00
fiftydinar	efba15919d	fix: Assure that "disabling CoreDump tweak" is applied correctly (#241 ) * fix: Assure that "disabling CoreDump tweak" is applied correctly Since Fedora uses systemd, we need to make this change too, else it won't be applied throughout the system, but only in SSH/TTY sessions. Bluefin had the same issue with open-file limits tweak here: https://github.com/ublue-os/bluefin/pull/988 I usually put those config overrides to `/usr/lib`, but I will put them in `/usr/etc` to comply with the project's structure. As far as I look, this is the only tweak which needs this systemd conf change. * fix: Assure that "disabling CoreDump tweak" is applied correctly Since Fedora uses systemd, we need to make this change too, else it won't be applied throughout the system, but only in SSH/TTY sessions. Bluefin had the same issue with open-file limits tweak here: https://github.com/ublue-os/bluefin/pull/988 I usually put those config overrides to `/usr/lib`, but I will put them in `/usr/etc` to comply with the project's structure. As far as I look, this is the only tweak which needs this systemd conf change. Signed-off-by: fiftydinar <65243233+fiftydinar@users.noreply.github.com> --------- Signed-off-by: fiftydinar <65243233+fiftydinar@users.noreply.github.com>	2024-03-15 12:36:20 -07:00
qoijjj	83ad8d1377	improve: move upower workaround to scripts	2024-03-13 12:48:58 -07:00
qoijjj	a15fe0bc1c	docs: fix link to JIT setting	2024-03-10 00:31:03 -08:00
qoijjj	e485ec92eb	fix: revert one of the previous changes as it has no change from the default	2024-03-04 11:45:23 -08:00
qoijjj	073c40b456	improve: add additional chromium hardening policies	2024-03-04 10:14:54 -08:00
qoijjj	932a68d334	docs: additional update to reflect new upstream patches	2024-02-27 17:21:18 -08:00
qoijjj	d4b973a8ce	docs: update to reflect additional chromium patches	2024-02-27 17:16:24 -08:00
qoijjj	00d9871e70	chore: update chromium switches to match upstream JIT changes	2024-02-22 22:39:11 -08:00
qoijjj	993c66b6d0	chore: fix broken link	2024-02-22 13:24:10 -08:00
qoijjj	36feed3730	fix: remove duplicate line	2024-02-20 22:35:59 -08:00
qoijjj	2984116ec2	chore: disable bluetooth by default	2024-02-20 22:33:15 -08:00
qoijjj	dc9889eeec	chore: request compiler argument changes upstream	2024-02-19 19:56:11 -08:00
qoijjj	b1f85b7c76	chore: document secureblue counterpart for vanadium patches and add additional policies	2024-02-18 12:14:36 -08:00
qoijjj	ad9e8262b9	chore: document secureblue counterpart for vanadium patches and add additional policies	2024-02-18 01:11:54 -08:00
qoijjj	c701e2ae21	chore: add --noexpose_wasm to chromium flags for consistency wasm is already disabled by --jitless, this gets rid of the warning.	2024-02-13 10:51:21 -08:00
qoijjj	5dc1f9198f	improve: only set nvidia power management for nvidia laptop images	2024-01-25 23:00:00 -08:00
qoijjj	c2a437c2ac	docs: source link for chrony config	2024-01-25 22:24:00 -08:00
qoijjj	6bc46d51d6	improve: switch to drop-ins instead of full overrides	2024-01-25 21:30:47 -08:00
trytomakeyouprivate	1f8f69ab8e	docs: fix formatting for chromium readme (#178 ) docs: fix formatting for chromium readme (#178)	2024-01-25 12:31:43 -08:00
qoijjj	0e7f763d61	docs: fix formatting	2024-01-25 11:37:38 -08:00
qoijjj	2f416b62b3	improve: add additional chromium hardening via policy	2024-01-25 11:31:31 -08:00
qoijjj	1ac1165238	improve: remove hardened_malloc-light override for wireplumber after upstream fix	2024-01-23 10:02:39 -08:00
qoijjj	6cbd0280a8	fix: resolved config	2024-01-22 21:54:30 -08:00
qoijjj	06f6aa788d	fix: switch to a resolved drop-in	2024-01-22 13:43:25 -08:00
qoijjj	e85fd07756	cleanup: login.defs file	2024-01-05 10:21:39 -08:00
Sadoon Al-Bader	24caa87dab	chromium: Disable VAAPI and enable wayland	2023-12-24 13:59:11 -08:00
qoijjj	38999d4123	Add userns-enabled variant to give the users choice on the tradeoff between userns and non-userns	2023-12-16 13:11:41 -08:00
qoijjj	5dd011c078	Disable io_uring, see inline comment for details	2023-12-11 10:49:16 -08:00
qoijjj	822f4f0277	Update ld.so.preload according to #119 https://github.com/secureblue/secureblue/issues/119	2023-12-11 09:04:49 -08:00
qoijjj	f24704397a	move jitless flag for chromium to the correct location for fedora	2023-12-10 00:47:48 -08:00
qoijjj	6c13b8293b	chronyd hardening	2023-12-09 23:30:23 -08:00
qoijjj	a3ddde977b	Hardened chromium config	2023-12-09 23:22:53 -08:00
34n0	3685fa6daa	feat: 🔒 harden and enable pam faillock, password encryption & quality suggestions	2023-12-08 13:40:46 -08:00
qoijjj	baf53da8b8	Add sericea images, add separate laptop images for tlp, and refactor	2023-12-07 16:06:50 -08:00
qoijjj	719016a526	Add chrony config to enable NTS.	2023-12-04 22:43:44 -08:00
qoijjj	dadc1ece43	Add warning about removing userns setting	2023-12-04 18:28:27 -08:00
qoijjj	25ac909ef8	Fix wireplumber issue with hardened malloc #92	2023-12-04 16:31:58 -08:00
qoijjj	28cb192d43	Fix upowerd for use without unprivileged usernamespaces	2023-11-30 14:35:35 -08:00
34n0	0b1c932fe8	feat: ✨ add per network mac randomization	2023-11-30 13:58:50 -08:00
qoijjj	b940ca7cf5	Rename sudoers timeout file (#50 )	2023-11-26 19:49:25 -08:00
qoijjj	7d89b54264	Require sudo password every time	2023-11-26 18:46:37 -08:00
qoijjj	cb11fbcaae	Rebase secureblue with a new, clean commit history	2023-11-26 16:42:27 -08:00

49 Commits