From c6a054a53319eca27cdcc38cd6d60e8c8b6e3b87 Mon Sep 17 00:00:00 2001 From: Tom Dohrmann Date: Wed, 17 Jul 2024 14:22:32 +0200 Subject: [PATCH] kernel: set nousershstk --- image/system/mkosi.conf | 2 +- image/system/variants.bzl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/image/system/mkosi.conf b/image/system/mkosi.conf index fc956f06e..7b8bac9e7 100644 --- a/image/system/mkosi.conf +++ b/image/system/mkosi.conf @@ -13,7 +13,7 @@ Seed=0e9a6fe0-68f6-408c-bbeb-136054d20445 SourceDateEpoch=0 Bootable=yes Bootloader=uki -KernelCommandLine=preempt=full rd.shell=0 rd.emergency=reboot loglevel=8 +KernelCommandLine=preempt=full rd.shell=0 rd.emergency=reboot loglevel=8 nousershstk RemoveFiles=/var/log RemoveFiles=/var/cache RemoveFiles=/etc/pki/ca-trust/extracted/java/cacerts diff --git a/image/system/variants.bzl b/image/system/variants.bzl index 3cca05c95..d6b143248 100644 --- a/image/system/variants.bzl +++ b/image/system/variants.bzl @@ -50,7 +50,7 @@ CSPS = [ "qemu", ] -base_cmdline = "selinux=1 enforcing=0 audit=0" +base_cmdline = "selinux=1 enforcing=0 audit=0 nousershstk" csp_settings = { "aws": {