9 Commits

Author	SHA1	Message	Date
Patrick Schleizer	c192644ee3	security-misc /usr/share/pam-configs/permission-lockdown-security-misc is no longer required, removed. ... Thereby fix apparmor issue. > Dec 08 09:47:50 host audit[3232]: AVC apparmor="DENIED" operation="exec" profile="/usr/bin/whonixcheck" name="/usr/lib/security-misc/permission-lockdown" pid=3232 comm="sudo" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 > Dec 08 09:47:50 host sudo[3232]: pam_exec(sudo:session): execve(/usr/lib/security-misc/permission-lockdown,...) failed: Permission denied It is no longer required, because... existing linux user accounts: * Get permission lock down because security-misc `debian/security-misc.postinst` calls `/usr/lib/security-misc/permission-lockdown`. new linux user accounts (created at first boot): * security-misc `/usr/share/pam-configs/mkhomedir-security-misc` pam mkhomedir sets secure permissions using `umask=027`.	2019-12-08 05:21:35 -05:00
Patrick Schleizer	0ae5c5ff14	remove umask changes since these are causing issues are are not needed anymore ... thanks to home folder permission lockdown https://forums.whonix.org/t/change-default-umask/7416/45	2019-08-24 12:14:22 -04:00
Patrick Schleizer	ed90d8b025	change default umask to 027 ... as per: https://forums.whonix.org/t/change-default-umask/7416/47	2019-08-17 09:55:20 +00:00
Patrick Schleizer	a085d46c56	change priories so "pam_umask.so usergroups umask=006" runs before pam_exec.so /usr/lib/security-misc/permission-lockdown	2019-08-14 09:31:58 +00:00
Patrick Schleizer	ce06fdf911	formatting	2019-08-14 05:15:53 -04:00
Patrick Schleizer	2f37a66fd0	description	2019-08-11 10:31:29 +00:00
Patrick Schleizer	e83ec79a25	enable usr/share/pam-configs/mkhomedir-security-misc by default	2019-08-11 10:30:51 +00:00
Patrick Schleizer	1eb806a03e	pam_mkhomedir.so umask=006	2019-08-11 10:29:49 +00:00
Patrick Schleizer	c50eb3c9b0	add usr/share/pam-configs/mkhomedir-security-misc based on ... /usr/share/pam-configs/mkhomedir	2019-08-11 10:28:55 +00:00