From e579cf0cf183b5c79ad0a262599de847a231510f Mon Sep 17 00:00:00 2001 From: Tommy Date: Fri, 5 Apr 2024 15:53:36 -0700 Subject: [PATCH] Disable mdns and dhcpv6-client for x86 QEMU Signed-off-by: Tommy --- x86-QEMU-Docker.ign | 2 +- x86-QEMU-Docker.yml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/x86-QEMU-Docker.ign b/x86-QEMU-Docker.ign index a110679..820639e 100644 --- a/x86-QEMU-Docker.ign +++ b/x86-QEMU-Docker.ign @@ -232,7 +232,7 @@ "name": "postinst.service" }, { - "contents": "[Unit]\nDescription=Initial System Setup Part 2\n# We run this after the packages have been overlayed\nAfter=network-online.target\nConditionPathExists=!/var/lib/%N.stamp\nConditionPathExists=/var/lib/postinst.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/echo 'libhardened_malloc.so' \u003e /etc/ld.so.preload\nExecStart=/usr/bin/systemctl enable --now firewalld\nExecStart=/usr/bin/firewall-cmd --lockdown-on\nExecStart=/usr/bin/touch /var/lib/%N.stamp\nExecStart=/usr/bin/systemctl --no-block reboot\n\n[Install]\nWantedBy=multi-user.target\n", + "contents": "[Unit]\nDescription=Initial System Setup Part 2\n# We run this after the packages have been overlayed\nAfter=network-online.target\nConditionPathExists=!/var/lib/%N.stamp\nConditionPathExists=/var/lib/postinst.stamp\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/bin/echo 'libhardened_malloc.so' \u003e /etc/ld.so.preload\nExecStart=/usr/bin/systemctl enable --now firewalld\nExecStart=/usr/bin/firewall-cmd --lockdown-on\nExecStart=/usr/bin/firewall-cmd --permanent --remove-service=mds\nExecStart=/usr/bin/firewall-cmd --permanent --remove-service=dhcpv6-client\nExecStart=/usr/bin/touch /var/lib/%N.stamp\nExecStart=/usr/bin/systemctl --no-block reboot\n\n[Install]\nWantedBy=multi-user.target\n", "enabled": true, "name": "postinst2.service" }, diff --git a/x86-QEMU-Docker.yml b/x86-QEMU-Docker.yml index 52d1a21..3b9c02a 100644 --- a/x86-QEMU-Docker.yml +++ b/x86-QEMU-Docker.yml @@ -79,6 +79,8 @@ systemd: ExecStart=/usr/bin/echo 'libhardened_malloc.so' > /etc/ld.so.preload ExecStart=/usr/bin/systemctl enable --now firewalld ExecStart=/usr/bin/firewall-cmd --lockdown-on + ExecStart=/usr/bin/firewall-cmd --permanent --remove-service=mds + ExecStart=/usr/bin/firewall-cmd --permanent --remove-service=dhcpv6-client ExecStart=/usr/bin/touch /var/lib/%N.stamp ExecStart=/usr/bin/systemctl --no-block reboot