-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathdebian-12-PrisonPC-inmate.dpkg.cfg
61 lines (60 loc) · 3.25 KB
/
debian-12-PrisonPC-inmate.dpkg.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# Inmates MUST be able to insert, mount, umount, and eject DVD discs.
# Inmates MUST NOT be able to access USB keys (thumb drives) the same way.
# That also applies to accessing content on external hard drives, smartphones, cameras, &c.
#
# Mechanically the main defense against this is compiling a custom kernel which entirely lacks the undesirable drivers.
# However, as defense-in-depth, it's desirable to
# delete drivers we are 99% sure are only used for Bad Things?
#
# NOTE: this breaks USB-attached DVD drives.
# We cannot leave uas.ko and remove mass-storage.ko:
#
# # modprobe uas
# modprobe: ERROR: ../libkmod/libkmod-module.c:191
# kmod_module_parse_depline()
# ctx=0x55bdf00fd2a0
# path=/lib/modules/6.5.0-0.deb12.4-amd64/kernel/drivers/usb/storage/usb-storage.ko
# error=No such file or directory
path-exclude=/lib/modules/*/kernel/drivers/usb/storage/*
# Fuck it let's also list a bunch of things we do not want.
# This is based on the MUST NOT entries from
# https://github.com/cyberitsolutions/bootstrap2020/blob/twb/debian-12-PrisonPC.packages/build-inmate-kernel.ini
path-exclude=/lib/modules/*/kernel/drivers/android/*
path-exclude=/lib/modules/*/kernel/drivers/bcma/*
path-exclude=/lib/modules/*/kernel/drivers/firewire/*
path-exclude=/lib/modules/*/kernel/drivers/gnss/*
path-exclude=/lib/modules/*/kernel/drivers/iio/*
path-exclude=/lib/modules/*/kernel/drivers/infiniband/*
path-exclude=/lib/modules/*/kernel/drivers/md/*
path-exclude=/lib/modules/*/kernel/drivers/media/firewire/*
path-exclude=/lib/modules/*/kernel/drivers/media/mmc/*
path-exclude=/lib/modules/*/kernel/drivers/memstick/*
path-exclude=/lib/modules/*/kernel/drivers/mmc/*
path-exclude=/lib/modules/*/kernel/drivers/mtd/*
path-exclude=/lib/modules/*/kernel/drivers/net/can/*
path-exclude=/lib/modules/*/kernel/drivers/net/hamradio/*
path-exclude=/lib/modules/*/kernel/drivers/net/wireless/*
path-exclude=/lib/modules/*/kernel/drivers/net/wwan/*
path-exclude=/lib/modules/*/kernel/drivers/nfc/*
path-exclude=/lib/modules/*/kernel/drivers/nvdimm/*
path-exclude=/lib/modules/*/kernel/drivers/parport/*
path-exclude=/lib/modules/*/kernel/drivers/platform/chrome/*
path-exclude=/lib/modules/*/kernel/drivers/platform/x86/*wireless*.ko
path-exclude=/lib/modules/*/kernel/drivers/platform/x86/x86-android-tablets/*
path-exclude=/lib/modules/*/kernel/drivers/spi/*
path-exclude=/lib/modules/*/kernel/drivers/ssb/*
path-exclude=/lib/modules/*/kernel/drivers/staging/wlan-ng/*
path-exclude=/lib/modules/*/kernel/drivers/tty/nozomi.ko
path-exclude=/lib/modules/*/kernel/drivers/usb/roles/intel-xhci-usb-role-switch.ko
path-exclude=/lib/modules/*/kernel/drivers/usb/serial/usb-serial-simple.ko
path-exclude=/lib/modules/*/kernel/drivers/usb/typec/*
path-exclude=/lib/modules/*/kernel/drivers/w1/*
path-exclude=/lib/modules/*/kernel/fs/pstore/*
path-exclude=/lib/modules/*/kernel/lib/memory-notifier-error-inject.ko
path-exclude=/lib/modules/*/kernel/net/6lowpan/*
path-exclude=/lib/modules/*/kernel/net/can/*
path-exclude=/lib/modules/*/kernel/net/nfc/*
path-exclude=/lib/modules/*/kernel/net/rfkill/*
path-exclude=/lib/modules/*/kernel/net/wireless/*
path-exclude=/lib/modules/*/kernel/sound/firewire/*
path-exclude=/lib/modules/*/kernel/sound/isa/*