Don't probe disk contents of loop* or xvd*

Adds a standalone rule to the very top of 60-persistent-storage.rules.
This commit is contained in:
Rusty Bird 2016-06-26 12:51:20 +00:00
parent e85363da20
commit ae7656e348
No known key found for this signature in database
GPG Key ID: 469D78F47AAF2ADF

View File

@ -1,3 +1,9 @@
# Qubes: Prevent probing of domU controlled disk contents. Note that it would
# nevertheless be insecure to attach block devices from domU to dom0 (xvd*) due
# to automatic kernel partition table scanners -- which are disabled for loop*
# devices created without LO_FLAGS_PARTSCAN.
SUBSYSTEM=="block", KERNEL=="loop*|xvd*", GOTO="persistent_storage_end"
# do not edit this file, it will be overwritten on update
# persistent storage links: /dev/disk/{by-id,by-uuid,by-label,by-path}