aboutsummaryrefslogtreecommitdiff
path: root/data/ModemManager-interface-initialization-sequence.dia
diff options
context:
space:
mode:
authorLubomir Rintel <lkundrak@v3.sk>2016-10-17 18:25:08 +0200
committerAleksander Morgado <aleksander@aleksander.es>2016-10-24 13:15:15 +0200
commitccea14ac476737535124b6e9e553fcdc57b67529 (patch)
tree918cac1d1b1e358aa3d1edf7a12aef30fe2d0e03 /data/ModemManager-interface-initialization-sequence.dia
parentda2b0064eec3ff7710ef2efd79df53b426d6ef7a (diff)
systemd: tighten the service security a bit
What's left enabled: * Access to /dev -- obviously * CAP_SYS_ADMIN -- this is needed by TIOCSSERIAL only. Too bad this also allows TIOCSTI, which allows for code injection unless something else (SELinux) disallows access to ttys with shells. Maybe kernel should use CAP_SYS_TTY_CONFIG for this. * socket(AF_NETLINK) -- udev & kernel device changes * socket(AF_UNIX) -- D-Bus
Diffstat (limited to 'data/ModemManager-interface-initialization-sequence.dia')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-06-08 00:27:05 +0000