From 3fab3876693f20303c95f03c45af9adb9ae680e2 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri, 20 Dec 2019 12:50:35 -0500
Subject: [PATCH] suid /usr/bin/firejail whitelist

There is a controversy about firejail but those who choose to install it
should be able to use it.
https://www.whonix.org/wiki/Dev/Firejail#Security
---
 etc/permission-hardening.d/30_default.conf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/etc/permission-hardening.d/30_default.conf b/etc/permission-hardening.d/30_default.conf
index a4dfb09..2ce2fd0 100644
--- a/etc/permission-hardening.d/30_default.conf
+++ b/etc/permission-hardening.d/30_default.conf
@@ -24,6 +24,11 @@
 /usr/lib/spice-gtk/spice-client-glib-usb-acl-helper whitelist
 /usr/lib/x86_64-linux-gnu/utempter/utempter whitelist
 
+## There is a controversy about firejail but those who choose to install it
+## should be able to use it.
+## https://www.whonix.org/wiki/Dev/Firejail#Security
+/usr/bin/firejail whitelist
+
 ## TODO: research
 ## https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubes-rpc/qfile-unpacker.c
 /usr/lib/qubes/qfile-unpacker whitelist