From b12f01d9af54d78ab46ecc6d10b1c9d3119d875e Mon Sep 17 00:00:00 2001
From: TommyTran732 <57488583+tommytran732@users.noreply.github.com>
Date: Thu, 15 Apr 2021 02:10:58 -0400
Subject: [PATCH] Update install.sh

---
 install.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/install.sh b/install.sh
index 422bfe6..a8bcea1 100644
--- a/install.sh
+++ b/install.sh
@@ -146,7 +146,7 @@ sed -i -e 's,modconf block filesystems keyboard,keyboard keymap modconf block en
 UUID=$(blkid $Cryptroot | cut -f2 -d'"')
 sed -i 's/#\(GRUB_ENABLE_CRYPTODISK=y\)/\1/' /mnt/etc/default/grub
 sed -i -e "s,quiet,quiet cryptdevice=UUID=$UUID:cryptroot root=$BTRFS,g" /mnt/etc/default/grub
-sed -i -e "s#root=/dev/mapper/cryptroot#root=/dev/mapper/cryptroot lsm=lockdown,yama,apparmor,bpf lockdown=confidentiality#g" /mnt/etc/default/grub
+sed -i -e "s#root=/dev/mapper/cryptroot#root=/dev/mapper/cryptroot lsm=lockdown,yama,apparmor,bpf lockdown=integrity#g" /mnt/etc/default/grub
 echo "" >> /mnt/etc/default/grub
 echo -e "# Booting with BTRFS subvolume\nGRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETECTION=true" >> /mnt/etc/default/grub
 
@@ -228,7 +228,7 @@ fs.protected_hardlinks = 1
 fs.protected_symlinks = 1
 net.core.bpf_jit_harden = 2
 kernel.yama.ptrace_scope = 3
-# module.sig_enforce = 1
+module.sig_enforce = 1
 EOF
 
 #Blacklist Firewire SBP2