Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-08-22 14:49:35 -04:00
Code Issues Projects Releases Packages Wiki Activity

comments

Browse source
This commit is contained in:
Patrick Schleizer 2025-01-20 04:29:42 -05:00
parent 51c7010e8f
commit 1b4d1edfc3
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
5 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
usr/lib/permission-hardener.d/25_default_whitelist_policykit.conf
View file

@ -5,12 +5,10 @@
## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom ## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom
## configuration. When security-misc is updated, this file may be overwritten. ## configuration. When security-misc is updated, this file may be overwritten.
## user-sysmaint-split hardens this further.
/usr/bin/pkexec exactwhitelist /usr/bin/pkexec exactwhitelist
/usr/bin/pkexec.security-misc-orig exactwhitelist /usr/bin/pkexec.security-misc-orig exactwhitelist
## TODO: research
## TODO: Should be handled in user-sysmaint-split?
##
## Required for PolicyKit (Polkit) to function. ## Required for PolicyKit (Polkit) to function.
## ##
## https://polkit-devel.freedesktop.narkive.com/zXO4yEg7/documentation-on-polkit-agent-helper-1-and-suid# ## https://polkit-devel.freedesktop.narkive.com/zXO4yEg7/documentation-on-polkit-agent-helper-1-and-suid#
@ -24,4 +22,6 @@
## matches both: ## matches both:
## - /usr/lib/policykit-1/polkit-agent-helper-1 ## - /usr/lib/policykit-1/polkit-agent-helper-1
## - /lib/policykit-1/polkit-agent-helper-1 ## - /lib/policykit-1/polkit-agent-helper-1
##
## user-sysmaint-split hardens this further.
polkit-agent-helper-1 matchwhitelist polkit-agent-helper-1 matchwhitelist

1
usr/lib/permission-hardener.d/25_default_whitelist_postfix.conf
View file

@ -5,5 +5,6 @@
## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom ## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom
## configuration. When security-misc is updated, this file may be overwritten. ## configuration. When security-misc is updated, this file may be overwritten.
## TODO: research and document
postqueue matchwhitelist postqueue matchwhitelist
postdrop matchwhitelist postdrop matchwhitelist

1
usr/lib/permission-hardener.d/25_default_whitelist_selinux.conf
View file

@ -5,4 +5,5 @@
## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom ## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom
## configuration. When security-misc is updated, this file may be overwritten. ## configuration. When security-misc is updated, this file may be overwritten.
## TODO: research and document
/utempter/utempter matchwhitelist /utempter/utempter matchwhitelist

1
usr/lib/permission-hardener.d/25_default_whitelist_spice.conf
View file

@ -5,4 +5,5 @@
## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom ## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom
## configuration. When security-misc is updated, this file may be overwritten. ## configuration. When security-misc is updated, this file may be overwritten.
## TODO: research and document
spice-client-glib-usb-acl-helper matchwhitelist spice-client-glib-usb-acl-helper matchwhitelist

1
usr/lib/permission-hardener.d/25_default_whitelist_sudo.conf
View file

@ -5,4 +5,5 @@
## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom ## "/usr/local/etc/permission-hardener.d/20_user.conf" for your custom
## configuration. When security-misc is updated, this file may be overwritten. ## configuration. When security-misc is updated, this file may be overwritten.
## user-sysmaint-split hardens this further.
/usr/bin/sudo exactwhitelist /usr/bin/sudo exactwhitelist