mirror of
https://github.com/optim-enterprises-bv/secureblue.git
synced 2025-11-07 05:47:53 +00:00
20 lines
392 B
Bash
20 lines
392 B
Bash
#!/usr/bin/env bash
|
|
|
|
# Tell build process to exit if there are any errors.
|
|
set -oue pipefail
|
|
|
|
echo "
|
|
|
|
# Disables user namespaces
|
|
# DO NOT REMOVE
|
|
# https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj
|
|
user.max_user_namespaces = 0
|
|
kernel.unprivileged_userns_clone = 0
|
|
|
|
" >> /usr/etc/sysctl.d/hardening.conf
|
|
|
|
|
|
chown root:root /usr/bin/bwrap
|
|
chmod u+s /usr/bin/bwrap
|
|
|