mirror of
https://git.launchpad.net/livecd-rootfs
synced 2025-10-17 01:54:06 +00:00
40 lines
1.2 KiB
Bash
Executable File
40 lines
1.2 KiB
Bash
Executable File
#! /bin/sh
|
|
|
|
set -eu
|
|
|
|
case ${PASS:-} in
|
|
*.live)
|
|
;;
|
|
*)
|
|
exit 0
|
|
;;
|
|
esac
|
|
|
|
mkdir -p /etc/initramfs-tools/conf.d/
|
|
cat <<EOF > /etc/initramfs-tools/conf.d/default-layer.conf
|
|
LAYERFS_PATH=${PASS}.squashfs
|
|
EOF
|
|
|
|
cat <<EOF > /etc/sysctl.d/20-apparmor.conf
|
|
# AppArmor restrictions of unprivileged user namespaces
|
|
|
|
# Allows to restrict the use of unprivileged user namespaces to applications
|
|
# which have an AppArmor profile loaded which specifies the userns
|
|
# permission. All other applications (whether confined by AppArmor or not) will
|
|
# be denied the use of unprivileged user namespaces.
|
|
#
|
|
# See
|
|
# https://gitlab.com/apparmor/apparmor/-/wikis/unprivileged_userns_restriction
|
|
# https://gitlab.com/apparmor/apparmor/-/wikis/unprivileged_unconfined
|
|
#
|
|
# If it is desired to disable this restriction, it is preferable to create an
|
|
# additional file named /etc/sysctl.d/20-apparmor.conf which will override this
|
|
# current file and sets this value to 0 rather than editing this current file
|
|
kernel.apparmor_restrict_unprivileged_userns = 0
|
|
kernel.apparmor_restrict_unprivileged_unconfined = 1
|
|
EOF
|
|
|
|
if which glib-compile-schemas >/dev/null 2>&1; then
|
|
glib-compile-schemas /usr/share/glib-2.0/schemas/
|
|
fi
|