On ven., 2014-08-08 at 18:26 -0400, Alan Stern wrote: > I'm not sure what you mean. You can toggle these values at any time, > but toggling them may not accomplish anything useful. What do you > want > to accomplish? The point would be to prevent new usb device to be plugged while a system is locked (or no one is logged in). Grsecurity has something like that using a custom sysctl, but Greg comment on the oss-sec made me thing it might have already been possible in mainline. > > Note that in addition to changing the default values, you can change > the actual authorization value for an existing device at any time by > writing to the device's "authorized" sysfs file. Yeah but that doesn't really work, because one would need to disable that at the bus level (for every bus), and that would also disable the currently plugged devices. Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part
