diff --git a/apt/files/51apt-sandbox b/apt/files/51apt-sandbox
new file mode 100644
index 0000000000000000000000000000000000000000..6f4b434798f63256d13c0517366eb904c62582e5
--- /dev/null
+++ b/apt/files/51apt-sandbox
@@ -0,0 +1 @@
+APT::Sandbox::Seccomp "true";
diff --git a/apt/tasks/main.yml b/apt/tasks/main.yml
index 3af814ecc856194847c67b3f5c0268be3a330d55..b861f4ea53a6353f3755524e79935230cee56e8d 100644
--- a/apt/tasks/main.yml
+++ b/apt/tasks/main.yml
@@ -24,13 +24,16 @@
- meta: flush_handlers
-- name: ensure fix of /tmp script bug
+- name: ensure apt and dpkg are configured
copy:
- src: 50debconf-exec-tmp
+ src: "{{ item }}"
dest: /etc/apt/apt.conf.d/
owner: root
group: root
mode: '0644'
+ with_items:
+ - 50debconf-exec-tmp
+ - 51apt-sandbox
tags:
- config
- apt
diff --git a/basic-system/tasks/logging.yml b/basic-system/tasks/logging.yml
index 1a3ecd544e55f0838c4d86b83b4ecf9a74407149..73ce55c7278f56ededf7d28f035bfd306c967ee7 100644
--- a/basic-system/tasks/logging.yml
+++ b/basic-system/tasks/logging.yml
@@ -4,7 +4,7 @@
- name: restrict dmesg access to only root
sysctl:
name: kernel.dmesg_restrict
- value: 1
+ value: '1'
state: present
sysctl_set: true
tags:
diff --git a/basic-system/tasks/network.yml b/basic-system/tasks/network.yml
index f7f3bf34039ab859edb3b725e4752f0325988906..84360828630f6c07313b085bfbefcbfa9927dbbf 100644
--- a/basic-system/tasks/network.yml
+++ b/basic-system/tasks/network.yml
@@ -54,7 +54,7 @@
- name: ensure deactivation of tcp_timestamps
sysctl:
name: net.ipv4.tcp_timestamps
- value: 0
+ value: '0'
state: present
sysctl_set: true
tags:
@@ -64,7 +64,7 @@
- name: ensure deactivation of ipv6 tempaddr (all)
sysctl:
name: net.ipv6.conf.all.use_tempaddr
- value: 0
+ value: '0'
state: present
sysctl_set: true
tags:
@@ -74,7 +74,7 @@
- name: ensure deactivation of ipv6 tempaddr (default)
sysctl:
name: net.ipv6.conf.default.use_tempaddr
- value: 0
+ value: '0'
state: present
sysctl_set: true
tags: