mirror of
https://github.com/ben-grande/qusal.git
synced 2024-12-25 23:49:39 -05:00
| .. | ||
| files | ||
| clone.sls | ||
| clone.top | ||
| create.sls | ||
| create.top | ||
| init.top | ||
| install-developers.sls | ||
| install-developers.top | ||
| install-repo.sls | ||
| install-repo.top | ||
| install.sls | ||
| install.top | ||
| prefs.sls | ||
| prefs.top | ||
| README.md | ||
| template.jinja | ||
kicksecure-minimal
Kicksecure Minimal Template in Qubes OS.
Table of Contents
Description
Creates the Kicksecure Minimal template as well as a Disposable Template based on it.
Installation
- Top:
qubesctl top.enable kicksecure-minimal
qubesctl --targets=kicksecure-17-minimal state.apply
qubesctl top.disable kicksecure-minimal
qubesctl state.apply kicksecure-minimal.prefs
- State:
qubesctl state.apply kicksecure-minimal.create
qubesctl --skip-dom0 --targets=kicksecure-17-minimal state.apply kicksecure-minimal.install
qubesctl state.apply kicksecure-minimal.prefs
If you want to help improve Kicksecure integration on Qubes, install packages
that are known to be broken on Qubes and can break the boot of the Kicksecure
Qube, to report bugs upstream (get a terminal with qvm-console-dispvm):
qubesctl --skip-dom0 --targets=kicksecure-17-minimal state.apply kicksecure-minimal.install-developers
Usage
AppVMs and StandaloneVMs can be based on this template.
Kicksecure Developers
This is intended for Kicksecure Developers to test known to be broken hardening measures. It is not intended for other developers or users.
After you have ran the developers SaltFile, when reporting bugs upstream, share the following information of the customizations made by this formula:
hardened-malloc:
libhardened_malloc.so
hide-hardware-info:
sysfs_whitelist=0
cpuionfo_whitelist=0
permission-hardener:
whitelists_disable_all=true