Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening
Other
567
stars
56
forks
source link
refactor deny_new_usb syctl into usb core sysctl table registration #50
It's discouraged to define sysctls in kernel/sysctl.c but as the usb subsystem can be totally isolated into a kernel module, there are no appropriate places to put it in a clean way. It would be better to register a sysctl table in the usb core and use deny_new_usb there, which will work no matter if usb is compiled in or used as a module.
It's discouraged to define sysctls in
kernel/sysctl.c
but as the usb subsystem can be totally isolated into a kernel module, there are no appropriate places to put it in a clean way. It would be better to register a sysctl table in the usb core and usedeny_new_usb
there, which will work no matter if usb is compiled in or used as a module.