docs(cis): add comment explaining squashfs/snap Ubuntu exclusion

2026-02-21 02:38:58 +01:00
parent e81ba76446
commit 221bb4d517
1 changed files with 1 additions and 0 deletions
--- a/roles/cis/tasks/modules.yml
+++ b/roles/cis/tasks/modules.yml
@@ -1,6 +1,7 @@
 ---
 - name: Disable Kernel Modules
  vars:
+    # Ubuntu uses squashfs for snap packages — blacklisting it breaks snap entirely
    cis_modules_squashfs: "{{ [] if os in ['ubuntu', 'ubuntu-lts'] else ['squashfs'] }}"
    cis_modules_all: "{{ cis_cfg.modules_blacklist + cis_modules_squashfs }}"
  ansible.builtin.copy: