mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-29 04:16:11 -05:00
add LKRG compatibility settings automation for VirtualBox hosts
https://github.com/openwall/lkrg/issues/82
This commit is contained in:
parent
0f86ffef04
commit
257cef24ba
5
lib/systemd/system/lkrg.service.d/40-virtualbox.conf
Normal file
5
lib/systemd/system/lkrg.service.d/40-virtualbox.conf
Normal file
@ -0,0 +1,5 @@
|
||||
## Copyright (C) 2021 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
||||
## See the file COPYING for copying conditions.
|
||||
|
||||
[Service]
|
||||
ExecStartPre=/usr/share/security-misc/lkrg/lkrg-virtualbox
|
31
usr/share/security-misc/lkrg/30-lkrg-virtualbox.conf
Normal file
31
usr/share/security-misc/lkrg/30-lkrg-virtualbox.conf
Normal file
@ -0,0 +1,31 @@
|
||||
## Copyright (C) 2021 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
||||
## See the file COPYING for copying conditions.
|
||||
|
||||
## DO NOT EDIT THIS FILE /etc/sysctl.d/30-lkrg-dkms.conf AS EDITS WILL BE LOST!
|
||||
## This is an auto generated file.
|
||||
|
||||
## Please use "/etc/sysctl.d/50-user.conf" for your custom
|
||||
## configuration, which will override the defaults found here.
|
||||
|
||||
## gets copied from:
|
||||
## /usr/share/security-misc/lkrg/30-lkrg-virtualbox.conf
|
||||
## to:
|
||||
## /etc/sysctl.d/30-lkrg-virtualbox.conf
|
||||
## by package security-misc, files:
|
||||
## /usr/share/security-misc/lkrg/lkrg-virtualbox
|
||||
## /lib/systemd/system/lkrg.service.d/40-virtualbox.conf
|
||||
|
||||
## https://forums.whonix.org/t/linux-kernel-runtime-guard-lkrg-linux-kernel-runtime-integrity-checking-and-exploit-detection/8477/32
|
||||
## https://www.openwall.com/lists/lkrg-users/2020/01/24/2
|
||||
## https://www.openwall.com/lists/lkrg-users/2020/01/25/2
|
||||
## https://github.com/openwall/lkrg/issues/82
|
||||
## https://github.com/openwall/lkrg/blob/main/scripts/bootup/lkrg.conf
|
||||
## https://github.com/openwall/lkrg/blob/main/scripts/bootup/systemd/lkrg.service
|
||||
## /etc/sysctl.d/30-lkrg-dkms.conf
|
||||
## /lib/systemd/system/lkrg.service
|
||||
|
||||
## Already LKRG upstream default.
|
||||
#lkrg.msr_validate = 0
|
||||
|
||||
lkrg.pcfi_validate = 1
|
||||
lkrg.profile_validate = 2
|
24
usr/share/security-misc/lkrg/lkrg-virtualbox
Executable file
24
usr/share/security-misc/lkrg/lkrg-virtualbox
Executable file
@ -0,0 +1,24 @@
|
||||
#!/bin/bash
|
||||
|
||||
## Copyright (C) 2021 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
||||
## See the file COPYING for copying conditions.
|
||||
|
||||
set -x
|
||||
set -e
|
||||
|
||||
if ! command -v vboxmanage &>/dev/null ; then
|
||||
if test -f /etc/sysctl.d/30-lkrg-virtualbox.conf ; then
|
||||
rm --force --verbose /etc/sysctl.d/30-lkrg-virtualbox.conf
|
||||
fi
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if ! test -d /etc/sysctl.d ; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if ! test -f /usr/share/security-misc/lkrg/30-lkrg-virtualbox.conf ; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
cp --verbose /usr/share/security-misc/lkrg/30-lkrg-virtualbox.conf /etc/sysctl.d/30-lkrg-virtualbox.conf
|
Loading…
Reference in New Issue
Block a user