Release 10.0.0 #100
|
@ -11,6 +11,7 @@ The **patch** part changes incrementally at each release.
|
|||
## [Unreleased]
|
||||
|
||||
### Added
|
||||
* evolinux-base: On debian 10 and later, add noexec on /dev/shm
|
||||
|
||||
### Changed
|
||||
* elasticsearch: listen on local interface only by default
|
||||
|
|
|
@ -67,6 +67,8 @@ evolinux_fstab_home: True
|
|||
evolinux_fstab_home_options: defaults,noexec,nosuid,nodev
|
||||
evolinux_fstab_var_tmp: True
|
||||
evolinux_fstab_var_tmp_options: defaults,noexec,nosuid,nodev,size=1024m
|
||||
evolinux_fstab_dev_shm: True
|
||||
evolinux_fstab_dev_shm_options: defaults,nodev,nosuid,noexec
|
||||
|
||||
# packages
|
||||
|
||||
|
|
|
@ -57,4 +57,15 @@
|
|||
when:
|
||||
- evolinux_fstab_var_tmp
|
||||
|
||||
- name: /dev/shm is created (Debian 10 and later)
|
||||
mount:
|
||||
src: tmpfs
|
||||
name: /dev/shm
|
||||
fstype: tmpfs
|
||||
opts: "{{ evolinux_fstab_dev_shm_options | mandatory }}"
|
||||
state: mounted
|
||||
when:
|
||||
- evolinux_fstab_dev_shm
|
||||
- ansible_distribution_major_version | version_compare('10', '>=')
|
||||
|
||||
- meta: flush_handlers
|
||||
|
|
Loading…
Reference in a new issue