mirror of
https://github.com/PrivSec-dev/privsec.dev
synced 2025-02-20 18:31:35 -05:00
Slightly reword
Signed-off-by: friendly-rabbit-35 <169707731+friendly-rabbit-35@users.noreply.github.com>
This commit is contained in:
friendly-rabbit-35
GitHub
parent
d0c4da7912
commit
75a6868704
@ -361,7 +361,7 @@ There are a few things in this config to keep in mind:
|
||||
|
||||
- Bluetooth is disabled. Comment out the `install bluetooth` and `install btusb` lines to use Bluetooth.
|
||||
- Thunderbolt is disabled. Comment out the `install thunderbolt` line to use Thunderbolt devices.
|
||||
- The `cdrom` and `sr_mod` modules are merely _blacklisted_; they can still be loaded at runtime with `modprobe`. If you have no intention to ever use CD‑ROM devices, they should be _disabled_ by replacing `blacklist` with `install` for the lines with the aforementioned modules. ([More about how this works on the ArchWiki](https://wiki.archlinux.org/title/Kernel_module#Using_files_in_/etc/modprobe.d/_2))
|
||||
- The `cdrom` and `sr_mod` modules are merely _blacklisted_; they can still be loaded at runtime with `modprobe`. If you have no intention to ever use CD‑ROM devices, they should be _disabled_ by replacing `blacklist` with `install` for the lines containing the aforementioned modules. ([More about how this works on the ArchWiki](https://wiki.archlinux.org/title/Kernel_module#Using_files_in_/etc/modprobe.d/_2))
|
||||
- Apple filesystems are disabled. While generally fine on non‑Apple systems, if you are using an Apple device you **must** check the filesystem of your EFI partition and comment out the relevant `install` line, otherwise your Linux install will not boot. For example, comment out the `install hfsplus` line if your ESP filesystem is HFS+.
|
||||
|
||||
#### Restricting access to /proc and /sys
|
||||
|
||||
Loading…
Reference in New Issue
Block a user