-
Notifications
You must be signed in to change notification settings - Fork 739
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Strongly recommend against disabling vfat by default #162
Labels
Comments
README.md sad vfat will be disabled. |
I'll close this issue. It's stated in the docs that vfat gets disabled. |
rndmh3ro
added a commit
to rndmh3ro/linux-baseline
that referenced
this issue
Jul 1, 2018
On UEFI-systems the boot-partition is FAT by default (see [here](https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface/System_partition)). If we disable vfat, these systems become unbootable. This has already bitten some users using ansible-os-hardening (dev-sec/ansible-collection-hardening#162, dev-sec/ansible-collection-hardening#145). Therefore I propose we do not check for a disabled vfat filesystem as vfat is often used on newer systems.
rndmh3ro
added a commit
to rndmh3ro/linux-baseline
that referenced
this issue
Jul 10, 2018
On UEFI-systems the boot-partition is FAT by default (see [here](https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface/System_partition)). If we disable vfat, these systems become unbootable. This has already bitten some users using ansible-os-hardening (dev-sec/ansible-collection-hardening#162, dev-sec/ansible-collection-hardening#145). Therefore I propose we do not check for a disabled vfat filesystem, if efi is used on these systems
divialth
pushed a commit
to divialth/ansible-collection-hardening
that referenced
this issue
Aug 3, 2022
yaml-lint update, refactor tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This should include a huge warning⚠️ with it. It stopped my system from booting because my EFI partition at
/boot/efi
is vfat. I later noticed the recommended whitelist in default.yml but many people will apply this role to their systems not expecting things to break so badly.The text was updated successfully, but these errors were encountered: