Daniel Kopeček
Daniel Kopeček
Log format documentation: http://www.sudo.ws/man/1.8.14/sudoers.man.html#x4c4f4720464f524d4154
Hi, this is achievable with the latest version in git (HEAD) and will be with the 0.6.3 release. Although there's no "screen locked" condition in the current rule language, there...
Related to #139
Hi and thank for the heads-up. Basic support for the thunderbolt bus should be easy to add. I'll have to read more about the security levels though.
I hope that this will be doable with the markdown -> roff (via pandoc) conversion path. I'll adopt this format if it works. Thanks for the feedback!
I tried to indent the sub-command description block in the markdown source file but it doesn't work :-( Any idea how to achieve this in markdown?
It is possible to set read-only flag for block devices using blockdev --setro /dev/sdX. Internally, it calls: ``` open("/dev/sdX", O_RDONLY); => 3 ioctl(3, BLKROSET, 1); close(3); ``` So it's quite...
This is probably a good candidate for a new keyword in the action section in a rule. E.g.: ``` allow 1234:1234 serial "abcdef" with-interface { 08:*:* } set-blockdev-ro ``` The...
The use case for this is **data leakage prevention**, i.e. if you want to allow access to USB flash disks but you don't want unprivileged users to be able to...
Alternative names for the keyword: - set-read-only - force-read-only the `set-blockdev-ro` name has the advantage of implying that the action is applicable to block devices only...