-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, Mar 14, 2022 at 06:12:44PM -0400, Demi Marie Obenour wrote: > On Sun, Mar 13, 2022 at 08:13:39PM +0000, 'awokd' via qubes-users wrote: > > Demi Marie Obenour: > > > > > > + # "r|.*|" ] > > > > > > > I see how it allows crypt-luks volumes in general, along with nvme, > > > > sata, > > > > and raid. What does that last line allow? > > > > > > /dev/md.* matches devices provided by the Linux Multiple Device (RAID) > > > driver. > > > > Thanks; I should have specified what does "r|.*|" cover? > > It is a generic deny-all. LVM sadly defaults to allow-all.
Marek, should we patch LVM to add a trailing "r|.*|" if none is present? Not having it creates a vulnerable system, which is bad. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmIvx2oACgkQsoi1X/+c IsFd5RAAk8Vi3MeA/J3uEgRwfFdZDhUBTO7e17dRl0IP4oIjNXW70axe12n4mGGE ddByGs1dFF2efilzesm1A6GBjQeUNWqO1wKNO3lRvrtFuct8oHeWcPMZer15Kyjo BHBzok2vCT//HJ2atSG1tlB9u7LQ3EcDl42NwPBLtntUtQyV+blOBg2wHqfIcdQV Wca80Ev20t9YhxrerFsDkFIHyvEEkXjvI1hQVKQq8NtXQq1DziIyvAHgkLlMhtr8 8aHFthIbG30pp7m5e83jLqcLk1TKamliQZNIQvjbx0GeZxExEW/ob/f2xp4jXz7Z HYAjxBUc8+fsCKy5sa3uZHtHx091nakjAH7CDKZopR1PJzWzgmGIVTaoHksNzqZh sVrxeQ+OvSQwcTJgltHnAUDEx85DZrGt+0GMBCTc64dSD6oVas45CWKITkuXU97v LYChsyqxUb1vJBmxUjm0ZkaFEzShDHu+tEkfl8RpNQ9W/B9hKpbdRYY7c+xYnzXr mGp3GzrwjKsUTcEuZrinFJaxlMaryQuWknSUQ+YznuH0GTcPfNk7TgUAug1O0CvH Irzbzx1XUVRXCv2n734JFD+NjZm6HxN/7hyuRchi+prJFPjwv6QHD8BJcRWIVDKP vgvbf3ymEIF9SxjTbIz5MLAs+2YJBlA0cmNgtxgWH8RRZp1j/iI= =woZS -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yi/HaXRXKMWxcZcA%40itl-email.