From 94446ad17425a2b139ef6c43072fc7414676e42d Mon Sep 17 00:00:00 2001
From: null pointer exception <57326449+deathgrippin@users.noreply.github.com>
Date: Sun, 3 May 2020 18:53:10 +0000
Subject: [PATCH 1/2] Add file path code blocks

---
 user/security-in-qubes/vm-sudo.md | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/user/security-in-qubes/vm-sudo.md b/user/security-in-qubes/vm-sudo.md
index 52682e40..a90d9b92 100644
--- a/user/security-in-qubes/vm-sudo.md
+++ b/user/security-in-qubes/vm-sudo.md
@@ -61,7 +61,7 @@ Background ([/etc/sudoers.d/qubes](https://github.com/QubesOS/qubes-core-agent-l
 
 Below is a complete list of configuration made according to the above statement, with (not necessary complete) list of mechanisms depending on each of them:
 
-1.  sudo (/etc/sudoers.d/qubes):
+1.  sudo (`/etc/sudoers.d/qubes`):
 
         user ALL=(ALL) NOPASSWD: ALL
         (...)
@@ -69,12 +69,12 @@ Below is a complete list of configuration made according to the above statement,
     - easy user->root access (main option for the user)
     - qvm-usb (not really working, as of R2)
 
-2.  PolicyKit (/etc/polkit-1/rules.d/00-qubes-allow-all.rules):
+2.  PolicyKit (`/etc/polkit-1/rules.d/00-qubes-allow-all.rules`):
 
         //allow any action, detailed reasoning in sudoers.d/qubes
         polkit.addRule(function(action,subject) { return polkit.Result.YES; });
 
-    and /etc/polkit-1/localauthority/50-local.d/qubes-allow-all.pkla:
+    and `/etc/polkit-1/localauthority/50-local.d/qubes-allow-all.pkla`:
 
         [Qubes allow all]
         Identity=*
@@ -90,7 +90,7 @@ Below is a complete list of configuration made according to the above statement,
       Patches welcomed anyway.
 
 3.  Empty root password
-    - used for access to 'root' account from text console (qvm-console-dispvm) - the only way to access the VM when GUI isn't working
+    - used for access to 'root' account from text console (`qvm-console-dispvm`) - the only way to access the VM when GUI isn't working
     - can be used for easy 'su -' from user to root
 
 Replacing passwordless root access with Dom0 user prompt
@@ -111,14 +111,14 @@ Do not rely on this for extra security.**
    (Note: any VMs you would like still to have passwordless root access (e.g. TemplateVMs) can be specified in the second file with "\<vmname\> dom0 allow")
 
 2. Configuring Fedora TemplateVM to prompt Dom0 for any authorization request:
-    - In /etc/pam.d/system-auth, replace all lines beginning with "auth" with these lines:
+    - In `/etc/pam.d/system-auth`, replace all lines beginning with "auth" with these lines:
 
           auth  [success=1 default=ignore]  pam_exec.so seteuid /usr/lib/qubes/qrexec-client-vm dom0 qubes.VMAuth /bin/grep -q ^1$
           auth  requisite  pam_deny.so
           auth  required   pam_permit.so
 
     - Require authentication for sudo.
-      Replace the first line of /etc/sudoers.d/qubes with:
+      Replace the first line of `/etc/sudoers.d/qubes` with:
 
           user ALL=(ALL) ALL
 
@@ -128,14 +128,14 @@ Do not rely on this for extra security.**
           [root@fedora-20-x64]# rm /etc/polkit-1/localauthority/50-local.d/qubes-allow-all.pkla
 
 3. Configuring Debian/Whonix TemplateVM to prompt Dom0 for any authorization request:
-    - In /etc/pam.d/common-auth, replace all lines beginning with "auth" with these lines:
+    - In `/etc/pam.d/common-auth`, replace all lines beginning with "auth" with these lines:
 
           auth  [success=1 default=ignore]  pam_exec.so seteuid /usr/lib/qubes/qrexec-client-vm dom0 qubes.VMAuth /bin/grep -q ^1$
           auth  requisite  pam_deny.so
           auth  required   pam_permit.so
 
     - Require authentication for sudo.
-      Replace the first line of /etc/sudoers.d/qubes with:
+      Replace the first line of `/etc/sudoers.d/qubes` with:
 
           user ALL=(ALL) ALL
 
@@ -144,11 +144,11 @@ Do not rely on this for extra security.**
           [root@debian-8]# rm /etc/polkit-1/rules.d/00-qubes-allow-all.rules
           [root@debian-8]# rm /etc/polkit-1/localauthority/50-local.d/qubes-allow-all.pkla
 
-    - In /etc/pam.d/su.qubes, comment out this line near the bottom of the file:
+    - In `/etc/pam.d/su.qubes`, comment out this line near the bottom of the file:
 
           auth sufficient pam_permit.so
 
-    - For Whonix, if prompts appear during boot, create /etc/sudoers.d/zz99 and add these lines:
+    - For Whonix, if prompts appear during boot, create `/etc/sudoers.d/zz99` and add these lines:
 
           ALL ALL=NOPASSWD: /usr/sbin/virt-what
           ALL ALL=NOPASSWD: /usr/sbin/service whonixcheck restart

From 0c5ad362fbc87ff864c68f107eb3c41f668eac04 Mon Sep 17 00:00:00 2001
From: null pointer exception <57326449+deathgrippin@users.noreply.github.com>
Date: Sun, 3 May 2020 18:56:31 +0000
Subject: [PATCH 2/2] Normalize punctuation and capitalization

---
 user/security-in-qubes/vm-sudo.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/user/security-in-qubes/vm-sudo.md b/user/security-in-qubes/vm-sudo.md
index a90d9b92..c15996a4 100644
--- a/user/security-in-qubes/vm-sudo.md
+++ b/user/security-in-qubes/vm-sudo.md
@@ -66,8 +66,8 @@ Below is a complete list of configuration made according to the above statement,
         user ALL=(ALL) NOPASSWD: ALL
         (...)
 
-    - easy user->root access (main option for the user)
-    - qvm-usb (not really working, as of R2)
+    - Easy user -> root access (main option for the user).
+    - `qvm-usb` (not really working, as of R2).
 
 2.  PolicyKit (`/etc/polkit-1/rules.d/00-qubes-allow-all.rules`):
 
@@ -83,15 +83,15 @@ Below is a complete list of configuration made according to the above statement,
         ResultInactive=yes
         ResultActive=yes
 
-    - NetworkManager configuration from normal user (nm-applet)
-    - updates installation (gpk-update-viewer)
-    - user can use pkexec just like sudo Note: above is needed mostly because Qubes user GUI session isn't treated by PolicyKit/logind as "local" session because of the way in which X server and session is started.
+    - NetworkManager configuration from normal user (`nm-applet`).
+    - Updates installation (`gpk-update-viewer`).
+    - User can use pkexec just like sudo Note: above is needed mostly because Qubes user GUI session isn't treated by PolicyKit/logind as "local" session because of the way in which X server and session is started.
       Perhaps we will address this issue in the future, but this is really low priority.
       Patches welcomed anyway.
 
-3.  Empty root password
-    - used for access to 'root' account from text console (`qvm-console-dispvm`) - the only way to access the VM when GUI isn't working
-    - can be used for easy 'su -' from user to root
+3.  Empty root password:
+    - Used for access to 'root' account from text console (`qvm-console-dispvm`) - the only way to access the VM when GUI isn't working.
+    - Can be used for easy 'su -' from user to root.
 
 Replacing passwordless root access with Dom0 user prompt
 --------------------------------------------------------