From abf2dd653d827c4c61039cb68b9d190cbac1d10c Mon Sep 17 00:00:00 2001
From: mustard <sussybaka@homelab0ne.xyz>
Date: Wed, 17 Sep 2025 02:26:03 +0200
Subject: [PATCH] wip: tweaking remove suid script

---
 remove_suid.sh | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/remove_suid.sh b/remove_suid.sh
index 5f51914..82b6e0a 100755
--- a/remove_suid.sh
+++ b/remove_suid.sh
@@ -17,7 +17,28 @@ set -oue pipefail
 # Reference: https://gist.github.com/ok-ryoko/1ff42a805d496cb1ca22e5cdf6ddefb0#usrbinchage
 
 whitelist=(
+# Need to allowlist qrexec binaries to ensure qubes templates (hopefully) don't break, not sure why they're duplicated in /usr/bin and /usr/sbin
     "/usr/bin/qfile-unpacker"
+    "/usr/sbin/qfile-unpacker"
+    "/usr/bin/qrexec-client-vm"
+    "/usr/sbin/qrexec-client-vm"
+    "/usr/bin/qrexec-fork-server"
+    "/usr/sbin/qrexec-fork-server"
+    "/usr/bin/qrexec-legacy-convert"
+    "/usr/sbin/qrexec-legacy-convert"
+    "/usr/bin/qrexec-policy"
+    "/usr/sbin/qrexec-policy"
+    "/usr/bin/qrexec-policy-agent"
+    "/usr/sbin/qrexec-policy-agent"
+    "/usr/bin/qrexec-policy-daemon"
+    "/usr/sbin/qrexec-policy-daemon"
+    "/usr/bin/qrexec-policy-exec"
+    "/usr/sbin/qrexec-policy-exec"
+    "/usr/bin/qrexec-policy-graph"
+    "/usr/sbin/qrexec-policy-graph"   
+    "/usr/bin/qrexec-policy-restore"
+    "/usr/sbin/qrexec-policy-restore"
+
     # Required for nvidia closed driver images
     "/usr/bin/nvidia-modprobe"
     # https://gitlab.freedesktop.org/polkit/polkit/-/issues/168