From 37cc7e8ae9560573a9f308b29a4ac6f5b5f5493b Mon Sep 17 00:00:00 2001
From: Charles <c4a@monocles.eu>
Date: Tue, 26 Nov 2024 18:42:24 -0500
Subject: [PATCH] Back to hardened_malloc

---
 Containerfile | 10 +++++-----
 README.md     |  4 ++--
 chrony.conf   |  2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Containerfile b/Containerfile
index 13d1c7b..3ad6a99 100644
--- a/Containerfile
+++ b/Containerfile
@@ -7,11 +7,11 @@ ADD chrony.conf /usr/etc/chrony.conf
 ADD tunables.conf /usr/lib/sysctl.d/tunables.conf
 RUN \
 set -x && \
-# Scudo
-curl --create-dirs -Lo /usr/lib64/libscudo.so https://github.com/charles8191/scudo/raw/refs/heads/main/libscudo.so && \
-chmod +x /usr/lib64/libscudo.so && \
-echo "/usr/lib64/libscudo.so" > /etc/ld.so.preload && \
-echo "/usr/lib64/libscudo.so" > /usr/etc/ld.so.preload && \
+# hardened_malloc
+curl --create-dirs -Lo /usr/lib64/libhardened_malloc.so https://github.com/charles8191/hardened_malloc/raw/refs/heads/main/libhardened_malloc-debian.so && \
+chmod +x /usr/lib64/libhardened_malloc.so && \
+echo "/usr/lib64/libhardened_malloc.so" > /etc/ld.so.preload && \
+echo "/usr/lib64/libhardened_malloc.so" > /usr/etc/ld.so.preload && \
 # Branding
 sed -i 's,centos.org,github.com/charles8191/netherite,g' /usr/lib/os-release && \
 sed -i 's,CentOS Stream,Netherite,g' /usr/lib/os-release && \
diff --git a/README.md b/README.md
index bb286e6..23610b1 100644
--- a/README.md
+++ b/README.md
@@ -10,10 +10,10 @@ Netherite is a secure & private operating system based on [Calcite](https://gith
 
 ## Features
 
-- [scudo](https://source.android.com/docs/security/test/scudo) using [weekly binaries](https://github.com/charles8191/scudo)
+- [hardened_malloc](https://github.com/GrapheneOS/hardened_malloc) using [weekly binaries](https://github.com/charles8191/hardened_malloc)
 - Some remediations from ANSSI-BP-028 Minimal
 - [Cromite](https://www.cromite.org/) swapped instead of Firefox
-- Custom chrony config (time.cifelli.xyz)
+- Custom chrony config (time.grapheneos.org)
 - Custom kernel tunables
 - Modified `os-release` file
 - Enhanced NetworkManager privacy
diff --git a/chrony.conf b/chrony.conf
index 93ca367..8c8488d 100644
--- a/chrony.conf
+++ b/chrony.conf
@@ -1,4 +1,4 @@
-server time.cifelli.xyz nts iburst
+server time.grapheneos.org iburst
 driftfile /var/lib/chrony/drift
 makestep 0.1 3
 rtcsync