mirror of
https://github.com/optim-enterprises-bv/secureblue.git
synced 2025-11-03 03:48:22 +00:00
39 lines
681 B
Bash
39 lines
681 B
Bash
#!/usr/bin/env bash
|
|
|
|
# Tell build process to exit if there are any errors.
|
|
set -oue pipefail
|
|
|
|
echo "
|
|
|
|
# Disables user namespaces
|
|
# DO NOT REMOVE
|
|
# https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj
|
|
user.max_user_namespaces = 0
|
|
|
|
" >> /usr/etc/sysctl.d/hardening.conf
|
|
|
|
mkdir -p /usr/etc/systemd/system/upower.service.d/
|
|
|
|
echo "
|
|
|
|
[Service]
|
|
# Namespaces
|
|
PrivateUsers=no
|
|
|
|
" >> /usr/etc/systemd/system/upower.service.d/namespaces.conf
|
|
|
|
|
|
mkdir -p /usr/etc/systemd/system/colord.service.d/
|
|
|
|
echo "
|
|
|
|
[Service]
|
|
# Namespaces
|
|
PrivateUsers=no
|
|
|
|
" >> /usr/etc/systemd/system/colord.service.d/namespaces.conf
|
|
|
|
chown root:root /usr/bin/bwrap
|
|
chmod u+s /usr/bin/bwrap
|
|
|