blob: 865b628b6a89f0aa34866744b24546b3257c3c1b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
post_install() {
echo ""
echo "Run 'sudo modulejail' to generate a modprobe.d blacklist for unused kernel modules."
echo ""
echo "The blacklist is written to /etc/modprobe.d/modulejail-blacklist.conf by default."
echo "Use -o <path> to write elsewhere, or -p <profile> to select a baseline profile"
echo "(minimal, conservative, desktop). Default profile: conservative."
echo ""
echo -e "\e[1;32mQuick commands:\e[0m"
echo -e " \e[1;31msudo modulejail -f\e[0m # conservative profile, fail on blocked load"
echo -e " \e[1;31msudo modulejail -p desktop -f\e[0m # desktop profile, fail on blocked load"
echo ""
echo "See 'man 8 modulejail' for full documentation including profiles, whitelist,"
echo "exit codes, and safety model."
echo ""
echo "To revert: sudo rm /etc/modprobe.d/modulejail-blacklist.conf"
echo ""
echo "To auto-regenerate the blacklist on package upgrades, edit"
echo "/etc/modulejail/modulejail-aur.conf and set AUTO_UPDATE=true."
echo ""
}
post_upgrade() {
if [ -f /etc/modulejail/modulejail-aur.conf ]; then
source /etc/modulejail/modulejail-aur.conf
fi
if [ "$AUTO_UPDATE" = "true" ]; then
echo ""
echo "Auto-updating modulejail blacklist..."
eval modulejail "$ARGS"
else
echo ""
echo "Run 'sudo modulejail ...' to regenerate the blacklist (e.g. sudo modulejail -p desktop -f)."
echo "Enable auto-update in /etc/modulejail/modulejail-aur.conf"
echo ""
fi
}
|