wip: tweaking remove suid script
This commit is contained in:
mustard
parent
02635c146b
commit
abf2dd653d
1 changed files with 21 additions and 0 deletions
|
|
@ -17,7 +17,28 @@ set -oue pipefail
|
||||||
# Reference: https://gist.github.com/ok-ryoko/1ff42a805d496cb1ca22e5cdf6ddefb0#usrbinchage
|
# Reference: https://gist.github.com/ok-ryoko/1ff42a805d496cb1ca22e5cdf6ddefb0#usrbinchage
|
||||||
|
|
||||||
whitelist=(
|
whitelist=(
|
||||||
|
# Need to allowlist qrexec binaries to ensure qubes templates (hopefully) don't break, not sure why they're duplicated in /usr/bin and /usr/sbin
|
||||||
"/usr/bin/qfile-unpacker"
|
"/usr/bin/qfile-unpacker"
|
||||||
|
"/usr/sbin/qfile-unpacker"
|
||||||
|
"/usr/bin/qrexec-client-vm"
|
||||||
|
"/usr/sbin/qrexec-client-vm"
|
||||||
|
"/usr/bin/qrexec-fork-server"
|
||||||
|
"/usr/sbin/qrexec-fork-server"
|
||||||
|
"/usr/bin/qrexec-legacy-convert"
|
||||||
|
"/usr/sbin/qrexec-legacy-convert"
|
||||||
|
"/usr/bin/qrexec-policy"
|
||||||
|
"/usr/sbin/qrexec-policy"
|
||||||
|
"/usr/bin/qrexec-policy-agent"
|
||||||
|
"/usr/sbin/qrexec-policy-agent"
|
||||||
|
"/usr/bin/qrexec-policy-daemon"
|
||||||
|
"/usr/sbin/qrexec-policy-daemon"
|
||||||
|
"/usr/bin/qrexec-policy-exec"
|
||||||
|
"/usr/sbin/qrexec-policy-exec"
|
||||||
|
"/usr/bin/qrexec-policy-graph"
|
||||||
|
"/usr/sbin/qrexec-policy-graph"
|
||||||
|
"/usr/bin/qrexec-policy-restore"
|
||||||
|
"/usr/sbin/qrexec-policy-restore"
|
||||||
|
|
||||||
# Required for nvidia closed driver images
|
# Required for nvidia closed driver images
|
||||||
"/usr/bin/nvidia-modprobe"
|
"/usr/bin/nvidia-modprobe"
|
||||||
# https://gitlab.freedesktop.org/polkit/polkit/-/issues/168
|
# https://gitlab.freedesktop.org/polkit/polkit/-/issues/168
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue