From 938e929f39ff68296ab01a4b619f963ad3bdf535 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun, 12 Apr 2020 16:37:51 -0400
Subject: [PATCH] add pkexec to suid default whitelist

/usr/bin/pkexec exactwhitelist
/usr/bin/pkexec.security-misc-orig exactwhitelist
---
 etc/permission-hardening.d/30_default.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/etc/permission-hardening.d/30_default.conf b/etc/permission-hardening.d/30_default.conf
index 302603b..a4547d0 100644
--- a/etc/permission-hardening.d/30_default.conf
+++ b/etc/permission-hardening.d/30_default.conf
@@ -41,6 +41,9 @@
 /usr/lib/spice-gtk/spice-client-glib-usb-acl-helper exactwhitelist
 /usr/lib/chromium/chrome-sandbox exactwhitelist
 
+/usr/bin/pkexec exactwhitelist
+/usr/bin/pkexec.security-misc-orig exactwhitelist
+
 ## https://forums.whonix.org/t/disable-suid-binaries/7706/61
 ## Protect from 'chmod -x' (and SUID removal).
 ## SUID will be removed below in separate step.