diff --git a/debian/control b/debian/control index bd82bae..0d6871a 100644 --- a/debian/control +++ b/debian/control @@ -175,8 +175,9 @@ Description: enhances misc security settings `/lib/systemd/system/remount-secure.service` `/usr/lib/security-misc/remount-secure` . - * A systemd service mounts `/proc` with `hidepid=2` at boot to prevent users - from seeing each other's processes. + * An optional systemd service mounts `/proc` with `hidepid=2` at boot to + prevent users from seeing each other's processes. Not enabled because not + compatible with pkexec. . * The kernel logs are restricted to root only. . diff --git a/debian/security-misc.displace b/debian/security-misc.displace index afc5957..52bb261 100644 --- a/debian/security-misc.displace +++ b/debian/security-misc.displace @@ -1,5 +1,4 @@ ## Copyright (C) 2019 - 2020 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. -/usr/bin/pkexec.security-misc /etc/securetty.security-misc diff --git a/debian/security-misc.undisplace b/debian/security-misc.undisplace index 55fd1f1..3c56ba4 100644 --- a/debian/security-misc.undisplace +++ b/debian/security-misc.undisplace @@ -2,3 +2,4 @@ ## See the file COPYING for copying conditions. /etc/login.defs.security-misc +/usr/bin/pkexec.security-misc diff --git a/lib/systemd/system-preset/50-security-misc.preset b/lib/systemd/system-preset/50-security-misc.preset index a9047d6..f534279 100644 --- a/lib/systemd/system-preset/50-security-misc.preset +++ b/lib/systemd/system-preset/50-security-misc.preset @@ -9,3 +9,6 @@ disable permission-hardening.service ## Disable for now until development finished / tested. disable remount-secure.service + +## Disable due to pkexec issues. +proc-hidepid.service