diff --git a/config/filesystem_chroot_install.sh b/config/filesystem_chroot_install.sh
index 4b9521c..45e39a7 100644
--- a/config/filesystem_chroot_install.sh
+++ b/config/filesystem_chroot_install.sh
@@ -33,10 +33,6 @@ chmod u+s /usr/bin/ping
 mkdir -p ~/.config
 touch ~/.config/gnome-initial-setup-done
 
-#configure permissions for opensnitch firewall
-chown -R root:root /etc/opensnitchd/
-chmod 777 /etc/opensnitchd/settings.conf
-
 #enable services
 systemctl enable systemd-resolved
 systemctl enable systemd-networkd
@@ -51,3 +47,8 @@ curl -fsSLo /etc/apt/sources.list.d/brave-browser-release.sources https://brave-
 apt update
 apt install -y brave-browser
 
+#configure permissions for opensnitch firewall
+rsync -a /usr/src/opensnitchd/ /etc/opensnitchd/
+chown -R root:root /etc/opensnitchd/
+chmod 777 /etc/opensnitchd/settings.conf
+
diff --git a/scripts/build_filesystem.sh b/scripts/build_filesystem.sh
index c81e546..9246fb1 100755
--- a/scripts/build_filesystem.sh
+++ b/scripts/build_filesystem.sh
@@ -1,11 +1,22 @@
 #!/bin/bash
 set -e
 set -x
+
+#downloading graphene malloc
+if [ ! -f  ./dependencies/hardened_malloc/Makefile ]; then
+   cd "$(dirname "$0")"
+   DIR="$(dirname "$0")"
+   cd ..
+   cd ./dependencies/
+   git clone https://github.com/GrapheneOS/hardened_malloc.git
+fi
+
+#switching to root to perform chroot
 if [ "$(id -u)" -ne 0 ]; then
 	echo "switching from $(id -un) to root"
 	exec sudo "$0" "$@"
 fi
-set -e
+
 cd "$(dirname "$0")"
 DIR="$(dirname "$0")"
 cd ..
@@ -21,6 +32,7 @@ fi
 rsync -a ./outputs/root/ ./outputs/chroot/
 mkdir -p ./outputs/chroot/proc
 
+
 mount --bind /proc ./outputs/chroot/proc
 cp ./config/filesystem_chroot_install.sh ./outputs/chroot/filesystem_chroot_install.sh
 cp ./config/apply_initial_host_configuration.sh ./outputs/chroot/apply_initial_host_configuration.sh
@@ -28,9 +40,7 @@ cp ./config/config.json ./outputs/chroot/config.json
 
 #copy opensnitch rules.
 echo "copying firewall rules"
-mkdir -p ./outputs/chroot/etc/
-mkdir -p ./outputs/chroot/etc/opensnitchd/
-rsync -a ./config/settings/opensnitch/ ./outputs/chroot/etc/opensnitchd/
+rsync -a ./config/settings/opensnitch/ ./outputs/chroot/usr/src/opensnitchd/
 
 #setup user skeleton
 sudo mkdir -p ./outputs/chroot/etc/skel/.config
@@ -64,7 +74,6 @@ chroot ./outputs/chroot /bin/bash -c "/filesystem_chroot_install.sh"
 chroot ./outputs/chroot /bin/bash -c "/apply_initial_host_configuration.sh"
 cp ./config/settings/skel/autorun.desktop ./outputs/chroot/etc/xdg/autostart/autorun.desktop
 
-
 cd $DIR
 cd ..
 if mountpoint -q "./outputs/chroot/proc/"; then