From 1865cafe446c6a525bc63caa7ce1097ce573b877 Mon Sep 17 00:00:00 2001 From: raja-grewal Date: Fri, 21 Nov 2025 12:42:10 +0000 Subject: [PATCH] Move joydev from blacklist to disable --- README.md | 2 ++ .../30_security-misc_blacklist.conf#security-misc-shared | 1 - .../30_security-misc_disable.conf#security-misc-shared | 6 ++++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 909eaf9..5ee8c50 100644 --- a/README.md +++ b/README.md @@ -380,6 +380,8 @@ Miscellaneous modules: - Framebuffer (fbdev): Disabled as these drivers are well-known to be buggy, cause kernel panics, and are generally only used by legacy devices. +- Joysticks: Disabled to reduce attack surface. + - Replaced Modules: Disabled legacy drivers that have been entirely replaced and superseded by newer drivers. diff --git a/etc/modprobe.d/30_security-misc_blacklist.conf#security-misc-shared b/etc/modprobe.d/30_security-misc_blacklist.conf#security-misc-shared index c70b53e..f3bd87b 100644 --- a/etc/modprobe.d/30_security-misc_blacklist.conf#security-misc-shared +++ b/etc/modprobe.d/30_security-misc_blacklist.conf#security-misc-shared @@ -35,7 +35,6 @@ blacklist sr_mod #blacklist cfg80211 #blacklist intel_agp #blacklist ip_tables -blacklist joydev #blacklist mousedev #blacklist psmouse #blacklist snd_intel8x0 diff --git a/etc/modprobe.d/30_security-misc_disable.conf#security-misc-shared b/etc/modprobe.d/30_security-misc_disable.conf#security-misc-shared index 887d143..7ae37ab 100644 --- a/etc/modprobe.d/30_security-misc_disable.conf#security-misc-shared +++ b/etc/modprobe.d/30_security-misc_disable.conf#security-misc-shared @@ -283,6 +283,12 @@ install viafb /usr/bin/disabled-framebuffer-by-security-misc install vt8623fb /usr/bin/disabled-framebuffer-by-security-misc install udlfb /usr/bin/disabled-framebuffer-by-security-misc +## Joysticks: +## +## https://docs.kernel.org/input/joydev/joystick.html +## +install joydev /usr/bin/disabled-miscellaneous-by-security-misc + ## Replaced Modules: ## These legacy drivers have all been entirely replaced and superseded by newer drivers. ## Many of these were previously blacklisted.