use must manually enable permission-hardening.service

until development finished

lib/systemd/system-preset/50-security-misc.preset

@@ -2,3 +2,6 @@
 ## See the file COPYING for copying conditions.
 
 disable hide-hardware-info.service
+
+## Disable for now until development finished / tested.
+disable permission-hardening.service

lib/systemd/system/permission-hardening.service

@@ -8,9 +8,7 @@ After=local-fs.target
 
 [Service]
 Type=oneshot
-## Disable for now until development finished / tested.
-ExecStart=/bin/true
-#ExecStart=/usr/lib/security-misc/permission-hardening
+ExecStart=/usr/lib/security-misc/permission-hardening
 
 [Install]
 WantedBy=sysinit.target

usr/lib/security-misc/permission-hardening

@@ -11,8 +11,7 @@ config_file="/etc/permission-hardening.conf"
 
 echo_wrapper() {
    echo "run: $@"
-   ## TODO
-   #"$@"
+   "$@"
 }
 
 add_nosuid_statoverride_entry() {