mirror of
https://github.com/tommytran732/Fedora-CoreOS-Ignition
synced 2024-11-09 11:41:34 -05:00
Compare commits
3 Commits
46285b769e
...
3f8465e696
Author | SHA1 | Date | |
---|---|---|---|
3f8465e696 | |||
0adadc1932 | |||
bf92773f86 |
@ -191,14 +191,6 @@
|
|||||||
{
|
{
|
||||||
"path": "/etc/systemd/system/multi-user.target.wants/tuned.service",
|
"path": "/etc/systemd/system/multi-user.target.wants/tuned.service",
|
||||||
"target": "/usr/lib/systemd/system/tuned.service"
|
"target": "/usr/lib/systemd/system/tuned.service"
|
||||||
},
|
|
||||||
{
|
|
||||||
"path": "/etc/systemd/system/kdump.service",
|
|
||||||
"target": "/dev/null"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"path": "/etc/systemd/system/debug-shell.service",
|
|
||||||
"target": "/dev/null"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
@ -243,6 +235,16 @@
|
|||||||
{
|
{
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"name": "sshd.socket"
|
"name": "sshd.socket"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"enabled": false,
|
||||||
|
"mask": true,
|
||||||
|
"name": "kdump.service"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"enabled": false,
|
||||||
|
"mask": true,
|
||||||
|
"name": "debug-shell.service"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -100,6 +100,12 @@ systemd:
|
|||||||
enabled: false
|
enabled: false
|
||||||
- name: sshd.socket
|
- name: sshd.socket
|
||||||
enabled: true
|
enabled: true
|
||||||
|
- name: kdump.service
|
||||||
|
enabled: false
|
||||||
|
mask: true
|
||||||
|
- name: debug-shell.service
|
||||||
|
enabled: false
|
||||||
|
mask: true
|
||||||
storage:
|
storage:
|
||||||
files:
|
files:
|
||||||
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
||||||
@ -178,10 +184,6 @@ storage:
|
|||||||
target: /usr/lib/systemd/system/unbound.service
|
target: /usr/lib/systemd/system/unbound.service
|
||||||
- path: /etc/systemd/system/multi-user.target.wants/tuned.service
|
- path: /etc/systemd/system/multi-user.target.wants/tuned.service
|
||||||
target: /usr/lib/systemd/system/tuned.service
|
target: /usr/lib/systemd/system/tuned.service
|
||||||
- path: /etc/systemd/system/kdump.service
|
|
||||||
target: /dev/null
|
|
||||||
- path: /etc/systemd/system/debug-shell.service
|
|
||||||
target: /dev/null
|
|
||||||
kernel_arguments:
|
kernel_arguments:
|
||||||
should_exist:
|
should_exist:
|
||||||
- mitigations=auto,nosmt
|
- mitigations=auto,nosmt
|
||||||
|
@ -26,3 +26,4 @@ ayf77gecLuCVt+LhCH1rFejeIZrl0QEw+udrTYrPt3BWUK2OOIzF8PqLHfyUF+7W
|
|||||||
ZuLgMxj0nGLMqOlPSszrQ6RxmL//GmXkmE3CeDNXV+7SpmMYe07pHzycg8+d/tNq
|
ZuLgMxj0nGLMqOlPSszrQ6RxmL//GmXkmE3CeDNXV+7SpmMYe07pHzycg8+d/tNq
|
||||||
EajUfLQJqUYj3m51MnKW2r+QUKjkIYsn4iFfk+2aeY5HX1RalWJ7d4NHJQ==
|
EajUfLQJqUYj3m51MnKW2r+QUKjkIYsn4iFfk+2aeY5HX1RalWJ7d4NHJQ==
|
||||||
=qpX+
|
=qpX+
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
@ -217,14 +217,6 @@
|
|||||||
{
|
{
|
||||||
"path": "/etc/systemd/system/multi-user.target.wants/tuned.service",
|
"path": "/etc/systemd/system/multi-user.target.wants/tuned.service",
|
||||||
"target": "/usr/lib/systemd/system/tuned.service"
|
"target": "/usr/lib/systemd/system/tuned.service"
|
||||||
},
|
|
||||||
{
|
|
||||||
"path": "/etc/systemd/system/kdump.service",
|
|
||||||
"target": "/dev/null"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"path": "/etc/systemd/system/debug-shell.service",
|
|
||||||
"target": "/dev/null"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
@ -236,7 +228,7 @@
|
|||||||
"name": "postinst.service"
|
"name": "postinst.service"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"contents": "[Unit]\nDescription=Initial System Setup Part 2\n# We run this after the packages have been overlayed\nAfter=network-online.target\nConditionPathExists=!/var/lib/%N.stamp\nConditionPathExists=/var/lib/postinst.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/echo 'libhardened_malloc.so' | tee /etc/ld.so.preload\nExecStart=/usr/bin/systemctl enable --now firewalld\nExecStart=/usr/bin/firewall-cmd --lockdown-on\nExecStart=/usr/bin/systemctl --no-block reboot\n\n[Install]\nWantedBy=multi-user.target\n",
|
"contents": "[Unit]\nDescription=Initial System Setup Part 2\n# We run this after the packages have been overlayed\nAfter=network-online.target\nConditionPathExists=!/var/lib/%N.stamp\nConditionPathExists=/var/lib/postinst.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/echo 'libhardened_malloc.so' | tee /etc/ld.so.preload\nExecStart=/usr/bin/systemctl enable --now firewalld\nExecStart=/usr/bin/firewall-cmd --lockdown-on\nExecStart=/usr/bin/touch /var/lib/%N.stamp\nExecStart=/usr/bin/systemctl --no-block reboot\n\n[Install]\nWantedBy=multi-user.target\n",
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"name": "postinst2.service"
|
"name": "postinst2.service"
|
||||||
},
|
},
|
||||||
@ -284,6 +276,16 @@
|
|||||||
{
|
{
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"name": "sshd.socket"
|
"name": "sshd.socket"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"enabled": false,
|
||||||
|
"mask": true,
|
||||||
|
"name": "kdump.service"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"enabled": false,
|
||||||
|
"mask": true,
|
||||||
|
"name": "debug-shell.service"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -72,6 +72,7 @@ systemd:
|
|||||||
ExecStart=/usr/bin/echo 'libhardened_malloc.so' | tee /etc/ld.so.preload
|
ExecStart=/usr/bin/echo 'libhardened_malloc.so' | tee /etc/ld.so.preload
|
||||||
ExecStart=/usr/bin/systemctl enable --now firewalld
|
ExecStart=/usr/bin/systemctl enable --now firewalld
|
||||||
ExecStart=/usr/bin/firewall-cmd --lockdown-on
|
ExecStart=/usr/bin/firewall-cmd --lockdown-on
|
||||||
|
ExecStart=/usr/bin/touch /var/lib/%N.stamp
|
||||||
ExecStart=/usr/bin/systemctl --no-block reboot
|
ExecStart=/usr/bin/systemctl --no-block reboot
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
@ -156,6 +157,12 @@ systemd:
|
|||||||
enabled: false
|
enabled: false
|
||||||
- name: sshd.socket
|
- name: sshd.socket
|
||||||
enabled: true
|
enabled: true
|
||||||
|
- name: kdump.service
|
||||||
|
enabled: false
|
||||||
|
mask: true
|
||||||
|
- name: debug-shell.service
|
||||||
|
enabled: false
|
||||||
|
mask: true
|
||||||
storage:
|
storage:
|
||||||
files:
|
files:
|
||||||
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
- path: /etc/zincati/config.d/51-rollout-wariness.toml
|
||||||
@ -244,10 +251,6 @@ storage:
|
|||||||
target: /usr/lib/systemd/system/unbound.service
|
target: /usr/lib/systemd/system/unbound.service
|
||||||
- path: /etc/systemd/system/multi-user.target.wants/tuned.service
|
- path: /etc/systemd/system/multi-user.target.wants/tuned.service
|
||||||
target: /usr/lib/systemd/system/tuned.service
|
target: /usr/lib/systemd/system/tuned.service
|
||||||
- path: /etc/systemd/system/kdump.service
|
|
||||||
target: /dev/null
|
|
||||||
- path: /etc/systemd/system/debug-shell.service
|
|
||||||
target: /dev/null
|
|
||||||
kernel_arguments:
|
kernel_arguments:
|
||||||
should_exist:
|
should_exist:
|
||||||
- mitigations=auto,nosmt
|
- mitigations=auto,nosmt
|
||||||
|
Loading…
Reference in New Issue
Block a user