From e28da89253f646969cdc2b0b46617bd603f917a5 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri, 20 Dec 2019 09:48:06 -0500
Subject: [PATCH] /bin/sudo whitelist / /bin/bwrap whitelist

---
 etc/permission-hardening.d/30_default.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/etc/permission-hardening.d/30_default.conf b/etc/permission-hardening.d/30_default.conf
index 16830fd..a70b6e5 100644
--- a/etc/permission-hardening.d/30_default.conf
+++ b/etc/permission-hardening.d/30_default.conf
@@ -15,7 +15,9 @@
 
 ## SUID whitelist.
 /usr/bin/sudo whitelist
+/bin/sudo whitelist
 /usr/bin/bwrap whitelist
+/bin/bwrap whitelist
 /usr/lib/policykit-1/polkit-agent-helper-1 whitelist
 /usr/lib/dbus-1.0/dbus-daemon-launch-helper whitelist
 /usr/lib/spice-gtk/spice-client-glib-usb-acl-helper whitelist