Allow sudo to use fingerprint auth when laptop lid is open on Fedora 44

I want to achieve the following on Fedora 44 on Thinkpad x1c gen 10,

• fingerprint auth is allowed in sudo
• fingerprint auth not allowed anywhere else
• fingerprint auth is skipped when laptop lid is closed.

I did the following

check current authselect config

authselect current

If the result contains  with-fingerprint, disable it

sudo authselect disable-feature with-fingerprint

cat /etc/pam.d/system-auth to verify that fprintd is not listed

This disables fingerprint auth for everything

Then add these two lines in /etc/pam.d/sudo, immediately below the #%PAM-1.0 line

auth [success=ok default=1] pam_exec.so quiet quiet_log /bin/grep -q open /proc/acpi/button/lid/LID/state
auth   sufficient   pam_fprintd.so

This two lines enables fingerprint auth only when the laptop lid is open.

Lastly, run fprintd-enroll to enroll fingerprints.

 

References

https://www.man7.org/linux/man-pages/man8/pam_exec.8.html

https://www.man7.org/linux/man-pages/man5/pam.conf.5.html 

 

 

 

 

 

Block guest WiFi clients from reaching other hosts on LAN

On Openwrt 25.12, I set up a guest wifi bridge onto LAN,

config wifi-iface 'wifinet2'
    option device 'radio1'
    option mode 'ap'
    option ssid 'xxxx'
    option encryption 'sae-mixed'
    option key 'xxxxxxx'
    option ocv '0'
    option ieee80211w '2'
    option ifname 'wifi-guest'
    option network 'lan'

However, I want to block hosts on the guest wifi from reaching other hosts on br-lan except the router.

I used the following config.

in  /root/guest_isolate.nft 

table bridge guest_isolation
delete table bridge guest_isolation

table bridge guest_isolation {
  chain forward {
    type filter hook forward priority 0; policy accept
    iifname "wifi-guest" counter drop
  }
}

in /etc/config/firewall

config include
        option type 'nftables'
        option path '/root/guest_isolate.nft'
        option position 'ruleset-post'

kmod-nft-bridge package must be installed.

Tecsun M-801 media player review

I acquired a used Tecsun M-801 music player.

The good,

• Built-in FM antenna with decent reception.
• User replaceable 18650 battery.
• USB-C port supports changing and acting as a USB speakerphone.
• It can record audio into a TF card.
• The built-in mic can be used for answering phone calls via bluetooth.
• It exposes its battery level to phones through bluetooth.
• The audio player can resume from previous location within a file. 

The bad,

• The recorded audio is in MP2 format at 160 kbps instead of MP3.
• Does not play AAC audio files. 
• The only knob has two functions. I prefer a dedicated volume knob.
• The USB-C port is not implemented properly to work with USB-C adapters. 
• No AM reception. 
• The speaker has a noticeable noise floor.
• Volume is not synced to phone in bluetooth mode.