mirror of
https://github.com/tommytran732/Fedora-CoreOS-Ignition
synced 2024-12-22 14:42:16 -05:00
Use secureblue hardenedmalloc
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
37ab9797c7
commit
d9bd0f9563
@ -201,7 +201,7 @@
|
||||
"name": "postinst.service"
|
||||
},
|
||||
{
|
||||
"contents": "[Unit]\nDescription=Initial System Setup Part 3\n# We run this after the packages have been overlayed\nAfter=firewalld.service\nConditionPathExists=!/var/lib/%N.stamp\nConditionPathExists=/var/lib/postinst.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/systemctl enable --now firewalld\nExecStart=/usr/bin/firewall-cmd --lockdown-on\nExecStart=/usr/bin/firewall-cmd --permanent --add-service=ntp\nExecStart=/usr/bin/firewall-cmd --reload\n\n[Install]\nWantedBy=multi-user.target\n",
|
||||
"contents": "[Unit]\nDescription=Initial System Setup Part 3\n# We run this after the packages have been overlayed\nAfter=firewalld.service\nConditionPathExists=!/var/lib/%N.stamp\nConditionPathExists=/var/lib/postinst.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/echo 'libhardened_malloc.so' \u003e /etc/ld.so.preload\nExecStart=/usr/bin/systemctl enable --now firewalld\nExecStart=/usr/bin/firewall-cmd --lockdown-on\nExecStart=/usr/bin/firewall-cmd --permanent --add-service=ntp\nExecStart=/usr/bin/firewall-cmd --reload\n\n[Install]\nWantedBy=multi-user.target\n",
|
||||
"enabled": true,
|
||||
"name": "postinst2.service"
|
||||
},
|
||||
|
@ -70,6 +70,7 @@ systemd:
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart=/usr/bin/echo 'libhardened_malloc.so' > /etc/ld.so.preload
|
||||
ExecStart=/usr/bin/systemctl enable --now firewalld
|
||||
ExecStart=/usr/bin/firewall-cmd --lockdown-on
|
||||
ExecStart=/usr/bin/firewall-cmd --permanent --add-service=ntp
|
||||
|
@ -69,6 +69,12 @@
|
||||
"source": "https://raw.githubusercontent.com/TommyTran732/Fedora-CoreOS-Ignition/main/etc/zincati/config.d/55-updates-strategy.toml"
|
||||
}
|
||||
},
|
||||
{
|
||||
"path": "/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:secureblue:hardened_malloc.repo",
|
||||
"contents": {
|
||||
"source": "https://raw.githubusercontent.com/TommyTran732/Fedora-CoreOS-Ignition/main/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:secureblue:hardened_malloc.repo"
|
||||
}
|
||||
},
|
||||
{
|
||||
"path": "/etc/yum.repos.d/docker-ce.repo",
|
||||
"contents": {
|
||||
@ -81,18 +87,6 @@
|
||||
"source": "https://raw.githubusercontent.com/TommyTran732/Fedora-CoreOS-Ignition/main/etc/docker/daemon.json"
|
||||
}
|
||||
},
|
||||
{
|
||||
"path": "/etc/yum.repos.d/divested-release.repo",
|
||||
"contents": {
|
||||
"source": "https://raw.githubusercontent.com/TommyTran732/Fedora-CoreOS-Ignition/main/etc/yum.repos.d/divested-release.repo"
|
||||
}
|
||||
},
|
||||
{
|
||||
"path": "/etc/pki/rpm-gpg/RPM-GPG-KEY-divested",
|
||||
"contents": {
|
||||
"source": "https://raw.githubusercontent.com/TommyTran732/Fedora-CoreOS-Ignition/main/etc/pki/rpm-gpg/RPM-GPG-KEY-divested"
|
||||
}
|
||||
},
|
||||
{
|
||||
"overwrite": true,
|
||||
"path": "/etc/chrony.conf",
|
||||
|
@ -180,18 +180,15 @@ storage:
|
||||
- path: /etc/zincati/config.d/55-updates-strategy.toml
|
||||
contents:
|
||||
source: https://raw.githubusercontent.com/TommyTran732/Fedora-CoreOS-Ignition/main/etc/zincati/config.d/55-updates-strategy.toml
|
||||
- path: /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:secureblue:hardened_malloc.repo
|
||||
contents:
|
||||
source: https://raw.githubusercontent.com/TommyTran732/Fedora-CoreOS-Ignition/main/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:secureblue:hardened_malloc.repo
|
||||
- path: /etc/yum.repos.d/docker-ce.repo
|
||||
contents:
|
||||
source: https://raw.githubusercontent.com/TommyTran732/Fedora-CoreOS-Ignition/main/etc/yum.repos.d/docker-ce.repo
|
||||
- path: /etc/docker/daemon.json
|
||||
contents:
|
||||
source: https://raw.githubusercontent.com/TommyTran732/Fedora-CoreOS-Ignition/main/etc/docker/daemon.json
|
||||
- path: /etc/yum.repos.d/divested-release.repo
|
||||
contents:
|
||||
source: https://raw.githubusercontent.com/TommyTran732/Fedora-CoreOS-Ignition/main/etc/yum.repos.d/divested-release.repo
|
||||
- path: /etc/pki/rpm-gpg/RPM-GPG-KEY-divested
|
||||
contents:
|
||||
source: https://raw.githubusercontent.com/TommyTran732/Fedora-CoreOS-Ignition/main/etc/pki/rpm-gpg/RPM-GPG-KEY-divested
|
||||
- path: /etc/chrony.conf
|
||||
contents:
|
||||
source: https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf
|
||||
|
Loading…
Reference in New Issue
Block a user