showpiece/showpiece-pi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

Use capsh to ensure file capabilities aren't set

Browse Source
This commit is contained in:
Serge Schneider
2016-11-14 23:55:45 +00:00
parent db10424a9b
commit c4fb032d3b
12 changed files with 20 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
stage1/01-sys-tweaks/00-run.sh
View File

@@ -5,7 +5,7 @@ install -m 644 files/noclear.conf ${ROOTFS_DIR}/etc/systemd/system/getty@tty1.se
install -m 744 files/policy-rc.d ${ROOTFS_DIR}/usr/sbin/policy-rc.d #TODO: Necessary in systemd?
install -v -m 644 files/fstab ${ROOTFS_DIR}/etc/fstab
on_chroot sh -e - <<EOF
on_chroot << EOF
if ! id -u pi >/dev/null 2>&1; then
adduser --disabled-password --gecos "" pi
fi

2
stage1/02-net-tweaks/00-run.sh
View File

@@ -4,6 +4,6 @@ install -m 644 files/ipv6.conf ${ROOTFS_DIR}/etc/modprobe.d/ipv6.conf
install -m 644 files/interfaces ${ROOTFS_DIR}/etc/network/interfaces
install -m 644 files/hostname ${ROOTFS_DIR}/etc/hostname
on_chroot sh -e - << EOF
on_chroot << EOF
dpkg-divert --add --local /lib/udev/rules.d/75-persistent-net-generator.rules
EOF