You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add documentation for the CIS_HARDENING build parameter that enables
CIS Ubuntu 22.04 LTS Benchmark security controls during image build.
Note: Should be used for Palette appliance builds only.
Co-Authored-By: Warp <[email protected]>
Copy file name to clipboardExpand all lines: README.md
+3-2Lines changed: 3 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -236,8 +236,9 @@ cp .arg.template .arg
236
236
| HTTPS_PROXY | URL of the HTTPS Proxy server to be used if needed (Optional) | string ||
237
237
| NO_PROXY | URLS that should be excluded from proxying (Optional) | string ||
238
238
| UPDATE_KERNEL | Determines whether to upgrade the Kernel version to the latest from the upstream OS provider | boolean |`false`|
239
-
| DISABLE_SELINUX | Disable selinux in the operating system. Some applications (like Kubevirt) do not like selinux | boolean |`true`|
240
-
| CLUSTERCONFIG | Path of the cluster config | string ||
239
+
| DISABLE_SELINUX | Disable selinux in the operating system. Some applications (like Kubevirt) do not like selinux | boolean |`true`|
240
+
| CIS_HARDENING | Enable CIS Benchmark hardening for the image. When set to `true`, applies CIS Ubuntu 22.04 LTS Benchmark security controls during the build. Only supported for Ubuntu 22.04. **Note: Should be used for Palette appliance builds only.**| boolean |`false`|
241
+
| CLUSTERCONFIG | Path of the cluster config | string ||
| UKI_BRING_YOUR_OWN_KEYS | Bring your own public/private key pairs if this is set to true. Otherwise, CanvOS will generate the key pair. | boolean |`false`|
243
244
| INCLUDE_MS_SECUREBOOT_KEYS | Include Microsoft 3rd Party UEFI CA certificate in generated keys | boolean |`true`|
0 commit comments