From 6eb8fd257aecd84686b4d7a9824a98bace9a705e Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun, 22 Dec 2019 18:56:36 -0500
Subject: [PATCH] suid utempter/utempter matchwhitelist

to cover both:

/usr/lib/x86_64-linux-gnu/utempter/utempter
/lib/x86_64-linux-gnu/utempter/utempter
---
 etc/permission-hardening.d/30_default.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/etc/permission-hardening.d/30_default.conf b/etc/permission-hardening.d/30_default.conf
index 5810d76..837d398 100644
--- a/etc/permission-hardening.d/30_default.conf
+++ b/etc/permission-hardening.d/30_default.conf
@@ -26,7 +26,6 @@
 /usr/lib/policykit-1/polkit-agent-helper-1 whitelist
 /usr/lib/dbus-1.0/dbus-daemon-launch-helper whitelist
 /usr/lib/spice-gtk/spice-client-glib-usb-acl-helper whitelist
-/usr/lib/x86_64-linux-gnu/utempter/utempter whitelist
 /usr/lib/chromium/chrome-sandbox whitelist
 
 ## There is a controversy about firejail but those who choose to install it
@@ -55,6 +54,7 @@
 ## TODO: white spaces inside file name untested
 
 /usr/lib/virtualbox/ matchwhitelist
+/utempter/utempter matchwhitelist
 
 ######################################################################
 # Permission Hardening