mirror of
https://github.com/tommytran732/Fedora-CoreOS-Ignition
synced 2024-11-22 09:21:32 -05:00
Setup Chrony seccomp filter
Signed-off-by: Thien Tran <contact@tommytran.io>
This commit is contained in:
parent
f66bce02e9
commit
3ee9f7c9d1
@ -115,6 +115,14 @@
|
|||||||
"source": "data:;base64,H4sIAAAAAAAC/4yQsU78MAyHdz9Fpf/cyxNkuL8OIVaO6oaqQ0hMz2pqB8cB+vYM1QmBGNh+0vf5GzwOTDbBCWtUKkbC/thM1mAUu6GkYKhwfDFUnyQuqIeK+kYR4RFfGylWz2jvoksvnInxYEFntC/84wzG874mGCqqVxGDe5VW9nkRXYjnEylGE928K8GuzsTtoT7KWqSiSzcD/t19YDxbUPOuVXXPxG4m60rLGX5h30N/1Vrp+gRPW0EvjPUqBjA+cLWQ8wSXwIbp/+bXlo36VlFvn/gMAAD//9CerLZjAQAA"
|
"source": "data:;base64,H4sIAAAAAAAC/4yQsU78MAyHdz9Fpf/cyxNkuL8OIVaO6oaqQ0hMz2pqB8cB+vYM1QmBGNh+0vf5GzwOTDbBCWtUKkbC/thM1mAUu6GkYKhwfDFUnyQuqIeK+kYR4RFfGylWz2jvoksvnInxYEFntC/84wzG874mGCqqVxGDe5VW9nkRXYjnEylGE928K8GuzsTtoT7KWqSiSzcD/t19YDxbUPOuVXXPxG4m60rLGX5h30N/1Vrp+gRPW0EvjPUqBjA+cLWQ8wSXwIbp/+bXlo36VlFvn/gMAAD//9CerLZjAQAA"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"overwrite": true,
|
||||||
|
"path": "/etc/sysconfig/chronyd",
|
||||||
|
"contents": {
|
||||||
|
"compression": "",
|
||||||
|
"source": "data:,%23%20Command-line%20options%20for%20chronyd%0AOPTIONS%3D%22-F%201%22%0A"
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"overwrite": true,
|
"overwrite": true,
|
||||||
"path": "/etc/unbound/unbound.conf",
|
"path": "/etc/unbound/unbound.conf",
|
||||||
|
@ -173,6 +173,12 @@ storage:
|
|||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
- path: /etc/sysconfig/chronyd
|
||||||
|
overwrite: true
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
# Command-line options for chronyd
|
||||||
|
OPTIONS="-F 1"
|
||||||
- path: /etc/unbound/unbound.conf
|
- path: /etc/unbound/unbound.conf
|
||||||
overwrite: true
|
overwrite: true
|
||||||
contents:
|
contents:
|
||||||
|
10
Generic.ign
10
Generic.ign
@ -108,12 +108,20 @@
|
|||||||
"source": "data:,GSSAPIAuthentication%20no%0AVerifyHostKeyDNS%20yes%0A"
|
"source": "data:,GSSAPIAuthentication%20no%0AVerifyHostKeyDNS%20yes%0A"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"overwrite": true,
|
||||||
|
"path": "/etc/sysconfig/chronyd",
|
||||||
|
"contents": {
|
||||||
|
"compression": "",
|
||||||
|
"source": "data:,%23%20Command-line%20options%20for%20chronyd%0AOPTIONS%3D%22-F%201%22%0A"
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"overwrite": true,
|
"overwrite": true,
|
||||||
"path": "/etc/unbound/unbound.conf",
|
"path": "/etc/unbound/unbound.conf",
|
||||||
"contents": {
|
"contents": {
|
||||||
"compression": "gzip",
|
"compression": "gzip",
|
||||||
"source": "data:;base64,H4sIAAAAAAAC/6xSQWvcPBC9768Q/s5jezfZ5MNQ6CWFQktL00uPE2lsD5ElZzTa1Pn1RbtdlyyFQqkNxp4373ne0ySSA0m3McaOEqN2pqo2G2MwawSVnBQw2DEK9OypM1VzQGk8PzQ5PMQcXFNY9SMt1caYV4TEQ0DPYejMQmljTOmER1ogUVAO5E9A4fkElkThIQdXftOQ2iYl35RqaiweYe7ZolKqreiZxfNIkjpTff7y6d37D3dv7r/df737eDQxsiMYVWfIiQRwoKDnYY4YuzKJLq+KRxMnD6/qB5LEMaxDOwoLYPhFRnEUAP0QwcXnMAg6ugA9ykDwlEmY0gUm1JMIephRxwssjfGYTp/4ZdXkIUQhsA56j2vKE36H7GY4dV61t7tSjC57AhtDz0NnqgN6dqhRDCtJeSnH9xRwIpg48MQJlWOApMJ2DS2HZwxKDoRmv4COQmmM3nVm256u0pQILM4J+ijAbs0rZh0ihwHm4mUmmVgLcXcNN/v91b70zCUEtav983dZm59CfZRnFAcvMVDZ2zJzZ6q6GDhjZTPynFQIp7PUGUPnpDPbuty7t//vr/5LZLOwLrX1MbveoxC4kGobp9/w2rr9C97upr3prm/b9vTottvtPxBp2z+L/AgAAP//qRxiA+IDAAA="
|
"source": "data:;base64,H4sIAAAAAAAC/6xSQWvcPBC9768Q/s5jezfZ5MNQ6CWFQktL00uPE2lsD5ElZzTa1Pn1RbtdlyyFQqkNxp4373ne0ySSA0m3McaOEqN2pqo2G2MwawSVnBQw2DEK9OypM1VzQGk8PzQ5PMQcXFNY9SMt1caYV4TEQ0DPYejMQmljTOmER1ogUVAO5E9A4fkElkThIQdXftOQ2iYl35RqaiweYe7ZolKqreiZxfNIkjpTff7y6d37D3dv7r/df737eDQxsiMYVWfIiQRwoKDnYY4YuzKJLq+KRxMnD6/qB5LEMaxDOwoLYPhFRnEUAP0QwcXnMAg6ugA9ykDwlEmY0gUm1JMIephRxwssjfGYTp/4ZdXkIUQhsA56j2vKE36H7GY4dV61t7tSjC57AhtDz0NnqgN6dqhRDCtJeSnH9xRwIpg48MQJlWOApMJ2DS2HZwxKDoRmv4COQmmM3nVm256u0pQILM4J+ijAbs0rZh0ihwHm4mUmmVgLcXcNN/v91b70zCUEtav983dZm59CfZRnFAcvMVDZ2zJzZ6q6GDhjZTPynFQIp7PUGUPnpDPbuty7t//vr/5LZLOwLrX1MbveoxC4kGobp9/w2rr9C97upr3prm/b9vTottvtPxBp2z+K9P3mRwAAAP//CV2iuOQDAAA="
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -171,6 +171,12 @@ storage:
|
|||||||
inline: |
|
inline: |
|
||||||
GSSAPIAuthentication no
|
GSSAPIAuthentication no
|
||||||
VerifyHostKeyDNS yes
|
VerifyHostKeyDNS yes
|
||||||
|
- path: /etc/sysconfig/chronyd
|
||||||
|
overwrite: true
|
||||||
|
contents:
|
||||||
|
inline: |
|
||||||
|
# Command-line options for chronyd
|
||||||
|
OPTIONS="-F 1"
|
||||||
- path: /etc/unbound/unbound.conf
|
- path: /etc/unbound/unbound.conf
|
||||||
overwrite: true
|
overwrite: true
|
||||||
contents:
|
contents:
|
||||||
@ -213,7 +219,7 @@ storage:
|
|||||||
forward-addr: 1.1.1.2@853#security.cloudflare-dns.com
|
forward-addr: 1.1.1.2@853#security.cloudflare-dns.com
|
||||||
forward-addr: 1.0.0.2@853#security.cloudflare-dns.com
|
forward-addr: 1.0.0.2@853#security.cloudflare-dns.com
|
||||||
forward-addr: 2606:4700:4700::1112@853#security.cloudflare-dns.com
|
forward-addr: 2606:4700:4700::1112@853#security.cloudflare-dns.com
|
||||||
forward-addr: 2606:4700:4700::1002@853#security.cloudflare-dns.com
|
forward-addr: 2606:4700:4700::1002@853#security.cloudflare-dns.comff
|
||||||
- path: /etc/systemd/system/unbound.service.d/override.conf
|
- path: /etc/systemd/system/unbound.service.d/override.conf
|
||||||
contents:
|
contents:
|
||||||
inline: |
|
inline: |
|
||||||
|
Loading…
Reference in New Issue
Block a user