From 7a079c3de8bd8b4e026a1bd1b932a04610a1e386 Mon Sep 17 00:00:00 2001
From: Ashlen <dev@anthes.is>
Date: Tue, 20 May 2025 18:41:48 -0600
Subject: [PATCH] fix(permission-hardener): add exactwhitelist here

Without this, the permissions for ssh-agent won't be changed properly.
---
 usr/lib/permission-hardener.d/25_default_whitelist_ssh.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/usr/lib/permission-hardener.d/25_default_whitelist_ssh.conf b/usr/lib/permission-hardener.d/25_default_whitelist_ssh.conf
index 5415197..767cd08 100644
--- a/usr/lib/permission-hardener.d/25_default_whitelist_ssh.conf
+++ b/usr/lib/permission-hardener.d/25_default_whitelist_ssh.conf
@@ -14,6 +14,7 @@
 ##
 ## ssh-agent is often run under non-root users, so 755 permissions make
 ## sense here to avoid breakage.
+/usr/bin/ssh-agent exactwhitelist
 /usr/bin/ssh-agent 755 root root
 
 ## Used only for SSH host-based authentication