Em dezembro 23, 2019 11:49 Jelle van der Waa escreveu:
> Hi All,
>
> I've deployed a new Linux hardening setting on all our VPS'es which is
> available since 5.4. Which makes it harder for root to modify the
> running kernel by shielding off some functionality for userland. [1]
>
> No application should rely on this features so everything should still
> work as normal.
>
> Currently it is deployed as tmpfiles.d file which is suboptimal but
> adding it to our bootloader seems to be hard since we currently already
> enable btrfs via lineinfile. Maybe the grub configuration should live in
> our ansible repository?
>
> [1] https://git.archlinux.org/infrastructure.git/commit/?id=2c7538040f6353633adf4f6dc55ea23229a33bda
>
> Greetings,
>
> Jelle
>

+1 for having grub configuration on ansible.