From 3f8465e6966399f6e5226929d31366afdd43d6a3 Mon Sep 17 00:00:00 2001 From: Tommy Date: Tue, 27 Feb 2024 21:56:58 -0700 Subject: [PATCH] Use systemd units section to disable kdump and debug-shell Signed-off-by: Tommy --- UTM-Chrony.ign | 18 ++++++++++-------- UTM-Chrony.yml | 10 ++++++---- x86-QEMU-Docker.ign | 18 ++++++++++-------- x86-QEMU-Docker.yml | 10 ++++++---- 4 files changed, 32 insertions(+), 24 deletions(-) diff --git a/UTM-Chrony.ign b/UTM-Chrony.ign index 41d5780..cdaea82 100644 --- a/UTM-Chrony.ign +++ b/UTM-Chrony.ign @@ -191,14 +191,6 @@ { "path": "/etc/systemd/system/multi-user.target.wants/tuned.service", "target": "/usr/lib/systemd/system/tuned.service" - }, - { - "path": "/etc/systemd/system/kdump.service", - "target": "/dev/null" - }, - { - "path": "/etc/systemd/system/debug-shell.service", - "target": "/dev/null" } ] }, @@ -243,6 +235,16 @@ { "enabled": true, "name": "sshd.socket" + }, + { + "enabled": false, + "mask": true, + "name": "kdump.service" + }, + { + "enabled": false, + "mask": true, + "name": "debug-shell.service" } ] } diff --git a/UTM-Chrony.yml b/UTM-Chrony.yml index c3f770b..051ec38 100644 --- a/UTM-Chrony.yml +++ b/UTM-Chrony.yml @@ -100,6 +100,12 @@ systemd: enabled: false - name: sshd.socket enabled: true + - name: kdump.service + enabled: false + mask: true + - name: debug-shell.service + enabled: false + mask: true storage: files: - path: /etc/zincati/config.d/51-rollout-wariness.toml @@ -178,10 +184,6 @@ storage: target: /usr/lib/systemd/system/unbound.service - path: /etc/systemd/system/multi-user.target.wants/tuned.service target: /usr/lib/systemd/system/tuned.service - - path: /etc/systemd/system/kdump.service - target: /dev/null - - path: /etc/systemd/system/debug-shell.service - target: /dev/null kernel_arguments: should_exist: - mitigations=auto,nosmt diff --git a/x86-QEMU-Docker.ign b/x86-QEMU-Docker.ign index 5944f53..12526a2 100644 --- a/x86-QEMU-Docker.ign +++ b/x86-QEMU-Docker.ign @@ -217,14 +217,6 @@ { "path": "/etc/systemd/system/multi-user.target.wants/tuned.service", "target": "/usr/lib/systemd/system/tuned.service" - }, - { - "path": "/etc/systemd/system/kdump.service", - "target": "/dev/null" - }, - { - "path": "/etc/systemd/system/debug-shell.service", - "target": "/dev/null" } ] }, @@ -284,6 +276,16 @@ { "enabled": true, "name": "sshd.socket" + }, + { + "enabled": false, + "mask": true, + "name": "kdump.service" + }, + { + "enabled": false, + "mask": true, + "name": "debug-shell.service" } ] } diff --git a/x86-QEMU-Docker.yml b/x86-QEMU-Docker.yml index e20f42b..5fc540a 100644 --- a/x86-QEMU-Docker.yml +++ b/x86-QEMU-Docker.yml @@ -157,6 +157,12 @@ systemd: enabled: false - name: sshd.socket enabled: true + - name: kdump.service + enabled: false + mask: true + - name: debug-shell.service + enabled: false + mask: true storage: files: - path: /etc/zincati/config.d/51-rollout-wariness.toml @@ -245,10 +251,6 @@ storage: target: /usr/lib/systemd/system/unbound.service - path: /etc/systemd/system/multi-user.target.wants/tuned.service target: /usr/lib/systemd/system/tuned.service - - path: /etc/systemd/system/kdump.service - target: /dev/null - - path: /etc/systemd/system/debug-shell.service - target: /dev/null kernel_arguments: should_exist: - mitigations=auto,nosmt