Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-28 02:29:23 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #103 from 0xC0ncord/bugfix/selinuxfs_restrictions

Browse Source 
hide-hardware-info: re-enable restrictions on sysfs when using SELinux
This commit is contained in:
Patrick Schleizer 2022-05-19 19:39:42 -04:00 committed by GitHub
commit 7651308787
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
usr/libexec/security-misc/hide-hardware-info
View File

@ -9,7 +9,7 @@ sysfs_whitelist=1
cpuinfo_whitelist=1 cpuinfo_whitelist=1
## https://www.whonix.org/wiki/Security-misc#selinux ## https://www.whonix.org/wiki/Security-misc#selinux
selinux=1 selinux=0
shopt -s nullglob shopt -s nullglob
@ -88,6 +88,16 @@ done
## properly ## properly
if [ -d /sys/fs/selinux ]; then if [ -d /sys/fs/selinux ]; then
if [ "${selinux}" = "1" ]; then if [ "${selinux}" = "1" ]; then
## restrict permissions on everything but
## what is needed
for i in /sys/* /sys/fs/*
do
if [ "${sysfs_whitelist}" = "1" ]; then
chmod o-rwx "${i}"
else
chmod og-rwx "${i}"
fi
done
chmod o+rx /sys /sys/fs /sys/fs/selinux chmod o+rx /sys /sys/fs /sys/fs/selinux
echo "INFO: SELinux mode enabled. Restrictions loosened slightly in order to allow userspace utilities to function." echo "INFO: SELinux mode enabled. Restrictions loosened slightly in order to allow userspace utilities to function."
else else