Verified Commit eb64ecaf authored by Giancarlo Razzolini's avatar Giancarlo Razzolini
Browse files

roles/hardening: Change the lockdown file creation to run only at boot

Since after enabling lockdown you cannot change the file anymore until reboot,
change the tmpfile setting to use ! and run only at boot time. This makes
systemd-tmpfiles --create command to not fail, since it cannot write to the lockdown
file.
parent b665e425
w /sys/kernel/security/lockdown - - - - integrity
w! /sys/kernel/security/lockdown - - - - integrity
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment