Use systemd units section to disable kdump and debug-shell

Signed-off-by: Tommy <contact@tommytran.io>
2024-02-27 21:56:58 -07:00 · 2024-02-27 21:56:58 -07:00 · 3f8465e696
parent 0adadc1932
commit 3f8465e696
4 changed files with 32 additions and 24 deletions
--- a/UTM-Chrony.ign
+++ b/UTM-Chrony.ign
@ -191,14 +191,6 @@
      {
        "path": "/etc/systemd/system/multi-user.target.wants/tuned.service",
        "target": "/usr/lib/systemd/system/tuned.service"
-      },
-      {
-        "path": "/etc/systemd/system/kdump.service",
-        "target": "/dev/null"
-      },
-      {
-        "path": "/etc/systemd/system/debug-shell.service",
-        "target": "/dev/null"
      }
    ]
  },
@ -243,6 +235,16 @@
      {
        "enabled": true,
        "name": "sshd.socket"
+      },
+      {
+        "enabled": false,
+        "mask": true,
+        "name": "kdump.service"
+      },
+      {
+        "enabled": false,
+        "mask": true,
+        "name": "debug-shell.service"
      }
    ]
  }
--- a/UTM-Chrony.yml
+++ b/UTM-Chrony.yml
@ -100,6 +100,12 @@ systemd:
      enabled: false
    - name: sshd.socket
      enabled: true
+    - name: kdump.service
+      enabled: false
+      mask: true
+    - name: debug-shell.service
+      enabled: false
+      mask: true
 storage:
  files:
    - path: /etc/zincati/config.d/51-rollout-wariness.toml
@ -178,10 +184,6 @@ storage:
      target: /usr/lib/systemd/system/unbound.service
    - path: /etc/systemd/system/multi-user.target.wants/tuned.service
      target: /usr/lib/systemd/system/tuned.service
-    - path: /etc/systemd/system/kdump.service
-      target: /dev/null
-    - path: /etc/systemd/system/debug-shell.service
-      target: /dev/null
 kernel_arguments:
  should_exist:
    - mitigations=auto,nosmt
--- a/x86-QEMU-Docker.ign
+++ b/x86-QEMU-Docker.ign
@ -217,14 +217,6 @@
      {
        "path": "/etc/systemd/system/multi-user.target.wants/tuned.service",
        "target": "/usr/lib/systemd/system/tuned.service"
-      },
-      {
-        "path": "/etc/systemd/system/kdump.service",
-        "target": "/dev/null"
-      },
-      {
-        "path": "/etc/systemd/system/debug-shell.service",
-        "target": "/dev/null"
      }
    ]
  },
@ -284,6 +276,16 @@
      {
        "enabled": true,
        "name": "sshd.socket"
+      },
+      {
+        "enabled": false,
+        "mask": true,
+        "name": "kdump.service"
+      },
+      {
+        "enabled": false,
+        "mask": true,
+        "name": "debug-shell.service"
      }
    ]
  }
--- a/x86-QEMU-Docker.yml
+++ b/x86-QEMU-Docker.yml
@ -157,6 +157,12 @@ systemd:
      enabled: false
    - name: sshd.socket
      enabled: true
+    - name: kdump.service
+      enabled: false
+      mask: true
+    - name: debug-shell.service
+      enabled: false
+      mask: true
 storage:
  files:
    - path: /etc/zincati/config.d/51-rollout-wariness.toml
@ -245,10 +251,6 @@ storage:
      target: /usr/lib/systemd/system/unbound.service
    - path: /etc/systemd/system/multi-user.target.wants/tuned.service
      target: /usr/lib/systemd/system/tuned.service
-    - path: /etc/systemd/system/kdump.service
-      target: /dev/null
-    - path: /etc/systemd/system/debug-shell.service
-      target: /dev/null
 kernel_arguments:
  should_exist:
    - mitigations=auto,nosmt