From 9687180a62c5bd2530b4f2e021d21ccf86681dbc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Fri, 4 Jul 2014 04:28:50 +0200
Subject: [PATCH] udev: prevent dom0 processes from accessing templates root
 image

---
 system-config/00-qubes-ignore-devices.rules | 1 +
 1 file changed, 1 insertion(+)

diff --git a/system-config/00-qubes-ignore-devices.rules b/system-config/00-qubes-ignore-devices.rules
index 8a3ae57..dfa511d 100644
--- a/system-config/00-qubes-ignore-devices.rules
+++ b/system-config/00-qubes-ignore-devices.rules
@@ -3,3 +3,4 @@
 ACTION!="remove", SUBSYSTEM=="block", KERNEL=="loop*", ENV{DM_UDEV_DISABLE_DISK_RULES_FLAG}="1"
 # ENV{DM_NAME} not available yet
 ACTION!="remove", SUBSYSTEM=="block", ATTR{dm/name}=="snapshot-*", ENV{DM_UDEV_DISABLE_DISK_RULES_FLAG}="1"
+ACTION!="remove", SUBSYSTEM=="block", ATTR{dm/name}=="origin-*", ENV{DM_UDEV_DISABLE_DISK_RULES_FLAG}="1"