Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Only give the “qubes” group full Polkit access

Browse Source 
This is consistent with the rest of qubes-core-agent-passwordless-root,
and helps prevent sandbox escapes by daemons with dbus access.
This commit is contained in:
Demi Marie Obenour 2020-12-24 15:46:08 -05:00
parent 95022f94e9
commit 16f48b6298
No known key found for this signature in database
GPG Key ID: 28A45C93B0B5B6E0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
passwordless-root/polkit-1-qubes-allow-all.rules
View File

@ -1,2 +1,2 @@
//allow any action, detailed reasoning in sudoers.d/qubes
polkit.addRule(function(action,subject) { return polkit.Result.YES; });
polkit.addRule(function(action,subject) { if (subject.isInGroup("qubes")) return polkit.Result.YES; });