Strongly recommend against disabling vfat by default #162
Labels
Comments
|
README.md sad vfat will be disabled. |
|
I'll close this issue. It's stated in the docs that vfat gets disabled. |
rndmh3ro
added a commit
to rndmh3ro/linux-baseline
that referenced
this issue
Jul 1, 2018
On UEFI-systems the boot-partition is FAT by default (see [here](https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface/System_partition)). If we disable vfat, these systems become unbootable. This has already bitten some users using ansible-os-hardening (dev-sec/ansible-collection-hardening#162, dev-sec/ansible-collection-hardening#145). Therefore I propose we do not check for a disabled vfat filesystem as vfat is often used on newer systems.
rndmh3ro
added a commit
to rndmh3ro/linux-baseline
that referenced
this issue
Jul 10, 2018
On UEFI-systems the boot-partition is FAT by default (see [here](https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface/System_partition)). If we disable vfat, these systems become unbootable. This has already bitten some users using ansible-os-hardening (dev-sec/ansible-collection-hardening#162, dev-sec/ansible-collection-hardening#145). Therefore I propose we do not check for a disabled vfat filesystem, if efi is used on these systems
divialth
pushed a commit
to divialth/ansible-collection-hardening
that referenced
this issue
Aug 3, 2022
yaml-lint update, refactor tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This should include a huge warning⚠️ with it. It stopped my system from booting because my EFI partition at
/boot/efiis vfat. I later noticed the recommended whitelist in default.yml but many people will apply this role to their systems not expecting things to break so badly.The text was updated successfully, but these errors were encountered: