[systemd-devel] Udev hardening
Adi Ml
maladi1747 at gmail.com
Mon Dec 14 14:30:58 UTC 2020
Hi,
Is there some way to detect which system calls, I am using in udev (in
order to filter it)?
I do not use any script, I just echo 0 to the authorized file in the device
connected in order to disable it when it is not the wanted device (the
match is based on serial number, vid, pid)
Thank you
בתאריך יום ב׳, 14 בדצמ׳ 2020, 15:40, מאת Greg KH <
gregkh at linuxfoundation.org>:
> On Mon, Dec 14, 2020 at 02:54:31PM +0200, Adi Ml wrote:
> > Hi,
> >
> > I would like to harden my udev service with the
> > SystemCallFilter option. What systemcalls should be permitted/allowed in
> > order to secure it and avoid irrelevant system calls?
>
> It all depends on what type of scripts/programs you want udev to be able
> to call. That's up to your and your specific hardware configuration.
>
> good luck!
>
> greg k-h
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20201214/4565f55e/attachment.htm>
More information about the systemd-devel
mailing list