Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-25 15:18:31 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'ArrayBolt3/arraybolt3/trixie'

Browse source
This commit is contained in:
Patrick Schleizer 2025-09-28 17:00:24 -04:00
commit e6ba4dad46
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
4 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
debian/security-misc-shared.install vendored
View file

@ -14,6 +14,7 @@ etc/apparmor.d/tunables/home.d/security-misc#security-misc-shared => /etc/apparm
etc/ssh/ssh_config.d/30_security-misc.conf#security-misc-shared => /etc/ssh/ssh_config.d/30_security-misc.conf
etc/ssh/sshd_config.d/30_security-misc.conf#security-misc-shared => /etc/ssh/sshd_config.d/30_security-misc.conf
etc/usbguard/IPCAccessControl.d/:sudo#security-misc-shared => /etc/usbguard/IPCAccessControl.d/:sudo
etc/usbguard/IPCAccessControl.d/:qubes#security-misc-shared => /etc/usbguard/IPCAccessControl.d/:qubes
etc/usbguard/rules.d/30_security-misc.conf#security-misc-shared => /etc/usbguard/rules.d/30_security-misc.conf
etc/usbguard/usbguard-daemon.conf.security-misc#security-misc-shared => /etc/usbguard/usbguard-daemon.conf.security-misc
etc/kernel/postinst.d/30_remove-system-map#security-misc-shared => /etc/kernel/postinst.d/30_remove-system-map

1
debian/security-misc-shared.postinst vendored
View file

@ -96,6 +96,7 @@ case "$1" in
'/etc/usbguard/rules.d/30_security-misc.conf'
'/etc/usbguard/usbguard-daemon.conf.security-misc'
'/etc/usbguard/IPCAccessControl.d/:sudo'
'/etc/usbguard/IPCAccessControl.d/:qubes'
)
for usbguard_config_file in "${usbguard_config_file_list[@]}"; do
if test -f "${usbguard_config_file}"; then

1
etc/usbguard/IPCAccessControl.d/:qubes#security-misc-shared Normal file
View file

@ -0,0 +1 @@
Devices=listen

4
usr/libexec/security-misc/emerg-shutdown#security-misc-shared
View file

@ -38,7 +38,7 @@ gcc_hardening_options=(
"-Wcast-align=strict" "-Wjump-misses-init" "-Wlogical-op" "-U_FORTIFY_SOURCE"
"-D_FORTIFY_SOURCE=3" "-fstack-clash-protection" "-fstack-protector-all"
"-fno-delete-null-pointer-checks" "-fno-strict-aliasing"
"-fsanitize=address,undefined" "-fno-sanitize-recover=all"
"-fsanitize=undefined" "-fno-sanitize-recover=all"
"-fstrict-flex-arrays=3" "-ftrivial-auto-var-init=pattern" "-fPIE"
)
@ -78,7 +78,7 @@ else
## Build the actual emerg-shutdown executable
if [ ! -f '/run/emerg-shutdown' ]; then
gcc \
-g
-g \
/usr/src/security-misc/emerg-shutdown.c \
-o \
/run/emerg-shutdown \