mirror of
https://gitlab.freedesktop.org/libfprint/fprintd.git
synced 2026-05-05 11:08:01 +02:00
data: Only allow access to USB and SPI devices
That is all that fprintd. Note that ProtectClock already restricts device access and other device types need to be listed explicitly because of this.
This commit is contained in:
Benjamin Berg
parent
00629fc374
commit
fcd7e9bc76
1 changed files with 5 additions and 0 deletions
|
|
@ -32,3 +32,8 @@ RestrictRealtime=true
|
|||
|
||||
# Privilege escalation
|
||||
NoNewPrivileges=true
|
||||
|
||||
# Protect clock, allow USB and SPI device access
|
||||
ProtectClock=yes
|
||||
DeviceAllow=char-usb_device rw
|
||||
DeviceAllow=char-spi rw
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue