Patrick Schleizer
|
86f91e3030
|
revert umask 027 by default
because broken because this also happens for root while it should not
https://github.com/Kicksecure/security-misc/issues/185
|
2024-01-06 09:11:54 -05:00 |
|
Patrick Schleizer
|
3f1304403f
|
disable MAC randomization in Network Manager (NM) because it breaks VirtualBox DHCP
https://github.com/Kicksecure/security-misc/issues/184
|
2024-01-06 08:15:31 -05:00 |
|
Patrick Schleizer
|
e8f8dcd0fb
|
bumped changelog version
|
2024-01-04 02:03:26 +00:00 |
|
Patrick Schleizer
|
70a86fa994
|
Merge remote-tracking branch 'github-kicksecure/master'
|
2024-01-03 05:12:48 -05:00 |
|
Patrick Schleizer
|
71060f1f53
|
Merge pull request #182 from raja-grewal/io_uring
Clarify validity of disabling io_uring
|
2024-01-03 05:00:41 -05:00 |
|
Raja Grewal
|
74afcc9c63
|
Clarify validity of disabling io_uring
|
2024-01-03 17:52:23 +11:00 |
|
Patrick Schleizer
|
db0503e71d
|
bumped changelog version
|
2024-01-02 14:55:13 +00:00 |
|
Patrick Schleizer
|
a94f2a3f46
|
Merge remote-tracking branch 'github-kicksecure/master'
|
2024-01-02 05:30:49 -05:00 |
|
Patrick Schleizer
|
8daf97ab01
|
Merge pull request #178 from raja-grewal/io_uring
Disable asynchronous I/O
|
2024-01-02 05:29:35 -05:00 |
|
Patrick Schleizer
|
94c0e26a08
|
bumped changelog version
|
2023-12-29 20:15:50 +00:00 |
|
Patrick Schleizer
|
5b36599c0c
|
/dev/, /dev/shm, /tmp
https://github.com/Kicksecure/security-misc/issues/157#issuecomment-1869073716
|
2023-12-29 14:57:38 -05:00 |
|
Patrick Schleizer
|
e15596e7af
|
bumped changelog version
|
2023-12-25 16:28:10 +00:00 |
|
Patrick Schleizer
|
f64a869bfd
|
readme
|
2023-12-25 11:03:22 -05:00 |
|
Patrick Schleizer
|
c86c83cef7
|
formatting
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 10:31:58 -05:00 |
|
Patrick Schleizer
|
971ff687b1
|
do not mount /dev/cdrom by default
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 10:30:35 -05:00 |
|
Patrick Schleizer
|
9fce67fcd9
|
remove superfluous, broken remount mount option
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 10:28:47 -05:00 |
|
Patrick Schleizer
|
40fd8cb608
|
no nofail mount option to avoid breaking the boot of a system
unit testing belongs elsewhere
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 09:51:09 -05:00 |
|
Patrick Schleizer
|
4aa645f29f
|
comment
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 09:46:33 -05:00 |
|
Patrick Schleizer
|
2b7aeedb4a
|
mount /dev/cdrom to /mnt/cdrom (instead of /mnt/cdrom0) and
nodev,nosuid,noexec
as per:
https://www.debian.org/doc/manuals/securing-debian-manual/ch04s10.en.html
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 09:44:51 -05:00 |
|
Patrick Schleizer
|
0d9e9780da
|
formatting
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 09:37:14 -05:00 |
|
Patrick Schleizer
|
00f9ab4394
|
/dev devtmpfs
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 09:36:05 -05:00 |
|
Patrick Schleizer
|
55709b3aa0
|
/tmp tmpfs
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 09:30:57 -05:00 |
|
Patrick Schleizer
|
b0dd967611
|
usrmerge
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 09:28:08 -05:00 |
|
Patrick Schleizer
|
269fada14a
|
combine bind lines
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-25 09:25:14 -05:00 |
|
Patrick Schleizer
|
0810c1ce3c
|
fix bluetooth in readme
fixes https://github.com/Kicksecure/security-misc/issues/180
|
2023-12-25 09:10:31 -05:00 |
|
Patrick Schleizer
|
37b4ab15a8
|
readme
|
2023-12-25 09:04:10 -05:00 |
|
Patrick Schleizer
|
79f398d219
|
formatting
|
2023-12-25 08:45:20 -05:00 |
|
Patrick Schleizer
|
c90ada3c39
|
pandoc -f markdown -t markdown --wrap=auto --columns=80 README.md -o README.md
|
2023-12-25 08:37:23 -05:00 |
|
Patrick Schleizer
|
34bf297bd1
|
formatting
|
2023-12-25 08:32:34 -05:00 |
|
Patrick Schleizer
|
d5fc9f6201
|
improve bluetooth in readme
as suggested by @monsieuremre
https://github.com/Kicksecure/security-misc/issues/180
|
2023-12-25 08:26:03 -05:00 |
|
Patrick Schleizer
|
7fa597deca
|
bumped changelog version
|
2023-12-22 16:31:58 +00:00 |
|
Patrick Schleizer
|
f70a034da2
|
exclude hardened malloc from SUID disabler
fixes https://github.com/Kicksecure/security-misc/issues/179
|
2023-12-22 08:31:58 -05:00 |
|
Raja Grewal
|
f055fe5da2
|
Disable asynchronous I/O
io_uring creation is disabled for all processes. io_uring_setup always fails with -EPERM. Existing io_uring instances can still be used.
|
2023-12-15 08:33:36 +00:00 |
|
Patrick Schleizer
|
99f2edd4f6
|
bumped changelog version
|
2023-12-12 16:51:21 +00:00 |
|
Patrick Schleizer
|
039de1dc9b
|
add hardened fstab /usr/share/doc/security-misc/fstab-vm
to the documentation folder as an example
not directly used by security-misc
will later be used by Kicksecure VM build process
https://github.com/Kicksecure/security-misc/issues/157
|
2023-12-12 11:50:11 -05:00 |
|
Patrick Schleizer
|
dcaafa6c8b
|
bumped changelog version
|
2023-12-04 17:06:45 +00:00 |
|
Patrick Schleizer
|
5a73817a95
|
move to /usr/lib/issue.d/20_security-misc.issue
https://github.com/Kicksecure/security-misc/pull/167
|
2023-12-04 11:38:49 -05:00 |
|
Patrick Schleizer
|
dfaea492c7
|
remove etc/issue.net.d/20_security-misc
since not mentioned on debian.org
|
2023-12-04 11:37:02 -05:00 |
|
Patrick Schleizer
|
69c895af09
|
Merge remote-tracking branch 'github-kicksecure/master'
|
2023-12-04 11:27:53 -05:00 |
|
Patrick Schleizer
|
36850f89fb
|
Merge pull request #167 from monsieuremre/patch-4
Non-Identifiable and Generic Issue Banners that include the Recommended Keywords
|
2023-12-04 11:27:16 -05:00 |
|
Patrick Schleizer
|
c9ea7a4dca
|
use amd_iommu=force_isolation instead of amd_iommu=force_enable
because we set `iommu=force` already anyhow
fixes https://github.com/Kicksecure/security-misc/issues/175
|
2023-12-04 11:02:55 -05:00 |
|
Patrick Schleizer
|
e83c1d7ed6
|
Merge remote-tracking branch 'github-kicksecure/master'
|
2023-12-04 11:01:02 -05:00 |
|
Patrick Schleizer
|
befd21e0c0
|
Merge pull request #176 from monsieuremre/patch-1
Iommu Kernel Parameters
|
2023-12-04 11:00:29 -05:00 |
|
Patrick Schleizer
|
c4e21ca5f4
|
added development philosophy
https://github.com/Kicksecure/security-misc/issues/154
|
2023-12-04 10:58:16 -05:00 |
|
Patrick Schleizer
|
feab1432f9
|
clarify scope
https://github.com/Kicksecure/security-misc/issues/154
|
2023-12-04 10:48:27 -05:00 |
|
Patrick Schleizer
|
dc04040cb3
|
typo
|
2023-12-04 10:36:48 -05:00 |
|
Patrick Schleizer
|
2634dbff2b
|
shuffle
|
2023-12-04 10:36:21 -05:00 |
|
monsieuremre
|
f2ad8383cf
|
fix
|
2023-12-03 19:51:38 +00:00 |
|
monsieuremre
|
dd15823a97
|
undo superfluousness
|
2023-12-03 19:50:07 +00:00 |
|
monsieuremre
|
83e13bb62d
|
Update 40_enable_iommu.cfg
|
2023-12-03 19:42:34 +00:00 |
|