Feat: thunderbolt and additional firewire kernel blocks

author Silvio Rhatto <rhatto@riseup.net>

Sat, 15 Jan 2022 14:12:03 +0000 (11:12 -0300)

committer Silvio Rhatto <rhatto@riseup.net>

Sat, 15 Jan 2022 14:12:03 +0000 (11:12 -0300)
author Silvio Rhatto <rhatto@riseup.net>
Sat, 15 Jan 2022 14:12:03 +0000 (11:12 -0300)
committer Silvio Rhatto <rhatto@riseup.net>
Sat, 15 Jan 2022 14:12:03 +0000 (11:12 -0300)
diff --git a/files/etc/modprobe.d/blacklist.conf b/files/etc/modprobe.d/blacklist.conf

index 52ea5a458f1c9c4eb71503dc91bf48b586eb4cc5..d339c0dcb24822c6c4d97a509eb5b99ed9558a87 100644 (file)
--- a/files/etc/modprobe.d/blacklist.conf
+++ b/files/etc/modprobe.d/blacklist.conf
@@ -77,6 +77,10 @@ install ohci1394 false
  # Iff we should ever load the ohci1394 module, force the use of the 'phys_dma=0' option.
  options ohci1394 phys_dma=0
  
+# See also https://github.com/lfit/itpol/blob/master/linux-workstation-security.md#blacklisting-modules
+blacklist firewire-core
+blacklist thunderbolt
+
  # PC Speaker
  blacklist pcspkr
author	Silvio Rhatto <rhatto@riseup.net>
	Sat, 15 Jan 2022 14:12:03 +0000 (11:12 -0300)
committer	Silvio Rhatto <rhatto@riseup.net>
	Sat, 15 Jan 2022 14:12:03 +0000 (11:12 -0300)