From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 15 Jan 2022 14:12:03 +0000 (-0300)
Subject: Feat: thunderbolt and additional firewire kernel blocks
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=5b16f633b8a61f407fd041f5529c2ea071c1cc34;p=puppet-nodo.git

Feat: thunderbolt and additional firewire kernel blocks
---

diff --git a/files/etc/modprobe.d/blacklist.conf b/files/etc/modprobe.d/blacklist.conf
index 52ea5a4..d339c0d 100644
--- a/files/etc/modprobe.d/blacklist.conf
+++ b/files/etc/modprobe.d/blacklist.conf
@@ -77,6 +77,10 @@ install ohci1394 false
 # Iff we should ever load the ohci1394 module, force the use of the 'phys_dma=0' option.
 options ohci1394 phys_dma=0
 
+# See also https://github.com/lfit/itpol/blob/master/linux-workstation-security.md#blacklisting-modules
+blacklist firewire-core
+blacklist thunderbolt
+
 # PC Speaker
 blacklist pcspkr