From 612f5f92fde236b86928428fd0247c8e971b0460 Mon Sep 17 00:00:00 2001
From: Aaron Rainbolt <arraybolt3@ubuntu.com>
Date: Thu, 24 Apr 2025 20:01:35 -0500
Subject: [PATCH] Fix umask for pkexec-run commands

---
 usr/share/pam-configs/umask-security-misc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/usr/share/pam-configs/umask-security-misc b/usr/share/pam-configs/umask-security-misc
index 6436a56..c6c32e6 100644
--- a/usr/share/pam-configs/umask-security-misc
+++ b/usr/share/pam-configs/umask-security-misc
@@ -2,7 +2,8 @@ Name: Restrict umask to 027 (by package security-misc)
 Default: yes
 Priority: 100
 Session-Type: Additional
-Session-Interactive-Only: yes
 Session:
 	[success=1 default=ignore]	pam_succeed_if.so uid eq 0
 	optional	pam_umask.so umask=027
+	[success=1 default=ignore]	pam_succeed_if.so uid ne 0
+	optional	pam_umask.so umask=022