mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-25 19:29:27 -05:00
disable proc-hidepid by default because incompatible with pkexec
and undo pkexec wrapper
This commit is contained in:
parent
938e929f39
commit
72be31e870
5
debian/control
vendored
5
debian/control
vendored
@ -175,8 +175,9 @@ Description: enhances misc security settings
|
|||||||
`/lib/systemd/system/remount-secure.service`
|
`/lib/systemd/system/remount-secure.service`
|
||||||
`/usr/lib/security-misc/remount-secure`
|
`/usr/lib/security-misc/remount-secure`
|
||||||
.
|
.
|
||||||
* A systemd service mounts `/proc` with `hidepid=2` at boot to prevent users
|
* An optional systemd service mounts `/proc` with `hidepid=2` at boot to
|
||||||
from seeing each other's processes.
|
prevent users from seeing each other's processes. Not enabled because not
|
||||||
|
compatible with pkexec.
|
||||||
.
|
.
|
||||||
* The kernel logs are restricted to root only.
|
* The kernel logs are restricted to root only.
|
||||||
.
|
.
|
||||||
|
1
debian/security-misc.displace
vendored
1
debian/security-misc.displace
vendored
@ -1,5 +1,4 @@
|
|||||||
## Copyright (C) 2019 - 2020 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
|
## Copyright (C) 2019 - 2020 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
|
||||||
## See the file COPYING for copying conditions.
|
## See the file COPYING for copying conditions.
|
||||||
|
|
||||||
/usr/bin/pkexec.security-misc
|
|
||||||
/etc/securetty.security-misc
|
/etc/securetty.security-misc
|
||||||
|
1
debian/security-misc.undisplace
vendored
1
debian/security-misc.undisplace
vendored
@ -2,3 +2,4 @@
|
|||||||
## See the file COPYING for copying conditions.
|
## See the file COPYING for copying conditions.
|
||||||
|
|
||||||
/etc/login.defs.security-misc
|
/etc/login.defs.security-misc
|
||||||
|
/usr/bin/pkexec.security-misc
|
||||||
|
@ -9,3 +9,6 @@ disable permission-hardening.service
|
|||||||
|
|
||||||
## Disable for now until development finished / tested.
|
## Disable for now until development finished / tested.
|
||||||
disable remount-secure.service
|
disable remount-secure.service
|
||||||
|
|
||||||
|
## Disable due to pkexec issues.
|
||||||
|
proc-hidepid.service
|
||||||
|
Loading…
Reference in New Issue
Block a user