Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-24 08:01:01 -05:00
Code Issues Packages Projects Releases Wiki Activity

add "/usr/lib/xorg/Xorg.wrap whitelist"

Browse Source 
until this is researched

https://manpages.debian.org/buster/xserver-xorg-legacy/Xorg.wrap.1.en.html
https://lwn.net/Articles/590315/
This commit is contained in:
Patrick Schleizer 2019-12-20 12:59:27 -05:00
parent 17e8605119
commit d7bd477e73
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
etc/permission-hardening.d/30_default.conf
View File

@ -29,10 +29,17 @@
## https://www.whonix.org/wiki/Dev/Firejail#Security
/usr/bin/firejail whitelist
## TODO: research
## {{ TODO: research
## https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubes-rpc/qfile-unpacker.c
/usr/lib/qubes/qfile-unpacker whitelist
## https://manpages.debian.org/buster/xserver-xorg-legacy/Xorg.wrap.1.en.html
## https://lwn.net/Articles/590315/
/usr/lib/xorg/Xorg.wrap whitelist
## }}
## SUID regex match whitelist.
## TODO: white spaces inside file name untested
/usr/lib/virtualbox/ matchwhitelist