roles/hardening: Change the lockdown file creation to run only at boot

Since after enabling lockdown you cannot change the file anymore until reboot, change the tmpfile setting to use ! and run only at boot time. This makes systemd-tmpfiles --create command to not fail, since it cannot write to the lockdown file.

roles/hardening: Change the lockdown file creation to run only at boot
Since after enabling lockdown you cannot change the file anymore until reboot, change the tmpfile setting to use ! and run only at boot time. This makes systemd-tmpfiles --create command to not fail, since it cannot write to the lockdown file.
eb64ecaf · Giancarlo Razzolini · b665e425 · eb64ecaf
Verified Commit eb64ecaf authored Feb 13, 2020 by Giancarlo Razzolini
--- a/roles/hardening/files/50-lockdown.conf
+++ b/roles/hardening/files/50-lockdown.conf
-w /sys/kernel/security/lockdown - - - - integrity
+w! /sys/kernel/security/lockdown - - - - integrity