Kernel build - remove wireless/bluetooth modules #2726
Labels
Comments
|
Build logic for securedrop kernels can be found in https://github.com/freedomofpress/ansible-role-grsecurity-build The config for kernels for prod instances can be found in : https://github.com/freedomofpress/ansible-role-grsecurity-build/blob/master/files/config-securedrop-4.4 The goal of this task would be to unset as many wireless modules (e.g: WLAN, Bluetooth) as possible in the aforementioned kernel config. |
This was referenced Dec 18, 2018
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature request
Description
We currently blacklist and disable certain kernel modules related to bluetooth and wireless at install time. This should be done at the kernel build level though to prevent them from ever being turned back on in the first place.
User Stories
As a securedrop admin and maintainer, I want to ensure that wireless protocols are not inadvertently re-enabled on the securedrop servers.
The text was updated successfully, but these errors were encountered: