summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoranonym <anonym@riseup.net>2017-03-05 14:51:03 +0100
committeranonym <anonym@riseup.net>2017-03-05 14:51:03 +0100
commitee8b2883b45b03ee9a5f7ed475fbb6bb297dbb82 (patch)
treec03b9416a47df82bb10be11eba35c8aaff5e107e
parentcc2e3b2c3a0aee46089f2605a9297dd7f3a62dc7 (diff)
parentb446df9ca5a97b2858ad0bf3f1dbcc15843e7d0d (diff)
Merge remote-tracking branch 'origin/stable' into stable
-rwxr-xr-xconfig/chroot_local-hooks/80-block-network4
-rw-r--r--config/chroot_local-includes/etc/modprobe.d/no-mei.conf4
-rw-r--r--config/chroot_local-includes/etc/modprobe.d/uncommon-network-protocols.conf4
-rwxr-xr-xconfig/chroot_local-includes/usr/local/lib/tails-spoof-mac3
4 files changed, 10 insertions, 5 deletions
diff --git a/config/chroot_local-hooks/80-block-network b/config/chroot_local-hooks/80-block-network
index f6b4dd0..1d375b3 100755
--- a/config/chroot_local-hooks/80-block-network
+++ b/config/chroot_local-hooks/80-block-network
@@ -5,6 +5,6 @@ set -e
echo "Generating blocklist for all network devices"
find /lib/modules/*/kernel/drivers/net \
- -name "*.ko" -printf "blacklist %f\n" | \
- sed 's/\.ko$//' | \
+ -name "*.ko" -printf "install %f /bin/true\n" | \
+ sed 's/\.ko / /' | \
sort -u > /etc/modprobe.d/all-net-blacklist.conf
diff --git a/config/chroot_local-includes/etc/modprobe.d/no-mei.conf b/config/chroot_local-includes/etc/modprobe.d/no-mei.conf
index 1d917d1..7a51479 100644
--- a/config/chroot_local-includes/etc/modprobe.d/no-mei.conf
+++ b/config/chroot_local-includes/etc/modprobe.d/no-mei.conf
@@ -1,2 +1,2 @@
-blacklist mei-me
-blacklist mei
+install mei-me /bin/true
+install mei /bin/true
diff --git a/config/chroot_local-includes/etc/modprobe.d/uncommon-network-protocols.conf b/config/chroot_local-includes/etc/modprobe.d/uncommon-network-protocols.conf
new file mode 100644
index 0000000..92966bd
--- /dev/null
+++ b/config/chroot_local-includes/etc/modprobe.d/uncommon-network-protocols.conf
@@ -0,0 +1,4 @@
+install dccp /bin/true
+install sctp /bin/true
+install rds /bin/true
+install tipc /bin/true
diff --git a/config/chroot_local-includes/usr/local/lib/tails-spoof-mac b/config/chroot_local-includes/usr/local/lib/tails-spoof-mac
index 774a347..b43811c 100755
--- a/config/chroot_local-includes/usr/local/lib/tails-spoof-mac
+++ b/config/chroot_local-includes/usr/local/lib/tails-spoof-mac
@@ -75,7 +75,8 @@ mac_spoof_panic() {
fi
module=$(get_module_used_by_nic "${nic}")
nic_name="$(get_name_of_nic ${nic})"
- echo "blacklist ${module}" >> /etc/modprobe.d/"${module}"-blacklist.conf
+ echo "install ${module} /bin/true" >> \
+ /etc/modprobe.d/"${module}"-blacklist.conf
unload_module_and_rev_deps "${module}" || :
if nic_exists "${nic}"; then
log "Failed to unload module ${module} of NIC ${nic}."