#!/bin/bash

. /var/lib/autoyast-cc/libcc

DISABLE_PROTO='
# disallow AES-NI as this was not part of the evaluation
blacklist aesni-intel
# disallow crypto hardware on s390 as this was not part of the evaluation
blacklist aes-s390
blacklist sha1-s390
blacklist sha256-s390
blacklist sha512-s390
blacklist des-s390
blacklist ghash-s390
blacklist z90crypt
#
# The following network protocols are blacklisted. They are not allowed
# in the evaluated configuration, but they export IOCTLs to user space. Even
# though the hardware for some of these protocols is not installed in the system,
# a socket can be created with the respective network type. That socket already
# can be used for issuing the IOCTLs. The evaluation effort skipped the
# assessment of the respective IOCTLs due to resource constraints.
#
# ISDN
# we only need to blacklist the central module on which all other ISDN modules
# depend on.
blacklist isdn
#
# PPP and PPPoX
blacklist pppox
blacklist pppoe
blacklist ppp_async
blacklist ppp_deflate
blacklist ppp_mppe
blacklist ppp_synctty
#
# AppleTalk DDP
blacklist appletalk
#
# ATM PVC
# ATM SVC
# we only need to blacklist the central module on which all other modules
# depend on.
blacklist atm
#
# AX25
blacklist ax25
#
# Bluetooth (BNEP, CMTP, stack, HIDP, L2CAP, RFCOMM, SCO)
# we only need to blacklist the central module on which all other modules
# depend on.
blacklist bluetooth
#
# Broadcast Manager CAN
# RAW CAN
# we only need to blacklist the central module on which all other modules
# depend on.
blacklist can
#
# DECNet
blacklist decnet
#
# IEEE802154.4 Acorn Econet and AUN
blacklist econet
#
# IPX
blacklist ipx
#
# IRDA
# we only need to blacklist the central module on which all other modules
# depend on.
blacklist irda
#
# L2TPv3 for PPP
# L2TPv3 for IPv4
blacklist l2tp_core
#
# LLC
blacklist llc2
#
# Amateur Radio NET / ROM
blacklist netrom
#
# Phonet
# we only need to blacklist the central module on which all other modules
# depend on.
blacklist phonet
#
# RDS
# we only need to blacklist the central module on which all other modules
# depend on.
blacklist rds
#
# Amateur Radio X.25 PLP
blacklist rose
#
# X.25
blacklist x25
#
'

umask=022
echo "$DISABLE_PROTO" > /etc/modprobe.d/cc-modules-blacklist.conf
cc_echo "modprobe blacklist for networking protocols configured"

cc_exit 0
