mirror of
https://github.com/PrivSec-dev/privsec.dev
synced 2024-11-09 08:21:32 -05:00
Clarify the location of Chrony's EnvironmentFile
Signed-off-by: Thien Tran <contact@tommytran.io>
This commit is contained in:
parent
90dce6a30b
commit
f8fea8190a
@ -388,13 +388,15 @@ If decide on using NTS with chronyd, consider using multiple, independent time p
|
|||||||
|
|
||||||
GrapheneOS uses a [quite nice chrony configuration](https://github.com/GrapheneOS/infrastructure/blob/main/chrony.conf) for their infrastructure. I recommend that you replicate their `chrony.conf` on your system.
|
GrapheneOS uses a [quite nice chrony configuration](https://github.com/GrapheneOS/infrastructure/blob/main/chrony.conf) for their infrastructure. I recommend that you replicate their `chrony.conf` on your system.
|
||||||
|
|
||||||
You should also enable the secommp filter for chronyd in `/etc/sysconfig/chronyd`:
|
Next, enable the secommp filter for chronyd. On Fedora and Arch Linux, you will need to edit Chrony's environment file in `/etc/sysconfig/chronyd`:
|
||||||
|
|
||||||
```
|
```
|
||||||
# Command-line options for chronyd
|
# Command-line options for chronyd
|
||||||
OPTIONS="-F 1"
|
OPTIONS="-F 1"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
On Ubuntu and Debian, the environment file is `/etc/default/chrony`, and the seccomp filter should already be enabled by default.
|
||||||
|
|
||||||
![Verifying NTS configuration](/images/nts.png)
|
![Verifying NTS configuration](/images/nts.png)
|
||||||
|
|
||||||
### Pluggable Authentication Modules (PAM)
|
### Pluggable Authentication Modules (PAM)
|
||||||
|
Loading…
Reference in New Issue
Block a user