Yes. Thats exactly what I mean (what mantas said)- ATTR{authorized}="0". I would like to have a usb whitelist via udev and want it to be enforced on devices which connected pre boot too.
authorized_default=0- it seems the same like ATTR{authorized}="0", isnt it? בתאריך יום א׳, 20 בדצמ׳ 2020, 15:59, מאת Mantas Mikulėnas < graw...@gmail.com>: > On Sun, Dec 20, 2020 at 3:49 PM Lennart Poettering <lenn...@poettering.net> > wrote: > >> On Sa, 19.12.20 15:37, Adi Ml (maladi1...@gmail.com) wrote: >> >> > I see. so if I have a rule against a certain usb in udev, it should be >> > blocked automatically during the boot. >> >> Hmm, "blocked"? What do you mean by that? I am not following... >> > > I suspect they mean something like ATTR{authorized}="0", which tells the > kernel to completely ignore that USB device. > > (Though it's more common to set authorized_default=0 on all hubs, then > allow only trusted devices, like USBGuard does.) > > -- > Mantas Mikulėnas >
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel