cookiez/pam-fprint-grosshack
1
0
Fork 0
mirror of https://gitlab.com/mishakmak/pam-fprint-grosshack.git synced 2026-04-08 20:03:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

data: Only allow access to USB and SPI devices

Browse Source 
That is all that fprintd. Note that ProtectClock already restricts
device access and other device types need to be listed explicitly
because of this.
This commit is contained in:
Benjamin Berg
2021-06-29 20:48:16 +02:00
parent 00629fc374
commit fcd7e9bc76
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
data/fprintd.service.in
View File

@ -32,3 +32,8 @@ RestrictRealtime=true
# Privilege escalation
NoNewPrivileges=true
# Protect clock, allow USB and SPI device access
ProtectClock=yes
DeviceAllow=char-usb_device rw
DeviceAllow=char-spi rw