Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-12 18:49:33 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'github-kicksecure/master'

Browse Source
This commit is contained in:
Patrick Schleizer 2022-05-19 19:41:33 -04:00
commit 78a9956b73
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
usr/libexec/security-misc/hide-hardware-info
View File

@ -9,7 +9,7 @@ sysfs_whitelist=1
cpuinfo_whitelist=1 cpuinfo_whitelist=1
## https://www.whonix.org/wiki/Security-misc#selinux ## https://www.whonix.org/wiki/Security-misc#selinux
selinux=1 selinux=0
shopt -s nullglob shopt -s nullglob
@ -87,10 +87,20 @@ done
## SELinux userspace utilities will not function ## SELinux userspace utilities will not function
## properly ## properly
if [ -d /sys/fs/selinux ]; then if [ -d /sys/fs/selinux ]; then
if [ "${selinux}" = "1" ]; then if [ "${selinux}" = "1" ]; then
chmod o+rx /sys /sys/fs /sys/fs/selinux ## restrict permissions on everything but
echo "INFO: SELinux mode enabled. Restrictions loosened slightly in order to allow userspace utilities to function." ## what is needed
else for i in /sys/* /sys/fs/*
echo "INFO: SELinux detected, but SELinux mode is not enabled. Some userspace utilities may not work properly." do
fi if [ "${sysfs_whitelist}" = "1" ]; then
chmod o-rwx "${i}"
else
chmod og-rwx "${i}"
fi
done
chmod o+rx /sys /sys/fs /sys/fs/selinux
echo "INFO: SELinux mode enabled. Restrictions loosened slightly in order to allow userspace utilities to function."
else
echo "INFO: SELinux detected, but SELinux mode is not enabled. Some userspace utilities may not work properly."
fi
fi fi