denyusb implementation - Githubissues

GrapheneOS / linux-hardened

Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.freenode.net ##linux-hardened. Currently maintained at https://github.com/anthraxx/linux-hardened.

https://grapheneos.org/

Other

397 stars 105 forks source link

denyusb implementation #47

Closed osteichthyes closed 7 years ago

osteichthyes commented 7 years ago

Not really an issue, more a request for clarification in the docs:

Is denyusb implemented with a sysctl like the grsec implementation was, if so what is the flag?

thestinger commented 7 years ago

The sysctl is kernel.deny_new_usb and there isn't a kernel configuration option. It was enabled with CONFIG_USB but now that's switched to CONFIG_USB_SUPPORT for the next release since CONFIG_USB is usually a module on traditional distributions so it wasn't being enabled there.