sec: polish THREAT-MODEL.md for v0.7 public launch #10

Merged

s8n merged 1 commit from feat/sec-threat-model-polish into main

2026-05-06 13:46:59 +01:00

Author	SHA1	Message	Date
s8n-ru	e4b6516f1c	sec: polish THREAT-MODEL.md for v0.7 public launch Some checks failed Lint / Kickstart syntax (pull_request) Failing after 0s Details Lint / Shell scripts (pull_request) Failing after 0s Details Lint / No personal/onyx leaks (pull_request) Failing after 0s Details Status flipped Draft → Final. In-scope rows now cite specific config files / settings (auditable from clean checkout): - LUKS2 params from kickstart/veilor-os.ks - sysctl knobs file path - USBGuard policy mode + rule type - sshd_config drop-in path + every directive - auditd rule path + watched paths - chrony NTS endpoints - systemd-resolved DoT settings - bootloader kernel args (lockdown, slab_nomerge, init_on_alloc/free, etc.) Out-of-scope rows un-hedged. 'May not always' phrasings removed; each adversary states unambiguously what veilor-os does NOT do.	2026-05-06 11:14:34 +01:00

Author

SHA1

Message

Date

s8n-ru

e4b6516f1c

sec: polish THREAT-MODEL.md for v0.7 public launch

Lint / Kickstart syntax (pull_request) Failing after 0s

Details

Lint / Shell scripts (pull_request) Failing after 0s

Details

Lint / No personal/onyx leaks (pull_request) Failing after 0s

Details

Status flipped Draft → Final.

In-scope rows now cite specific config files / settings (auditable
from clean checkout):
  - LUKS2 params from kickstart/veilor-os.ks
  - sysctl knobs file path
  - USBGuard policy mode + rule type
  - sshd_config drop-in path + every directive
  - auditd rule path + watched paths
  - chrony NTS endpoints
  - systemd-resolved DoT settings
  - bootloader kernel args (lockdown, slab_nomerge, init_on_alloc/free, etc.)

Out-of-scope rows un-hedged. 'May not always' phrasings removed; each
adversary states unambiguously what veilor-os does NOT do.

2026-05-06 11:14:34 +01:00