From 16f48b62983932d5995ea69f4eb67282f91cfc19 Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Thu, 24 Dec 2020 15:46:08 -0500 Subject: [PATCH] =?UTF-8?q?Only=20give=20the=20=E2=80=9Cqubes=E2=80=9D=20g?= =?UTF-8?q?roup=20full=20Polkit=20access?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is consistent with the rest of qubes-core-agent-passwordless-root, and helps prevent sandbox escapes by daemons with dbus access. --- passwordless-root/polkit-1-qubes-allow-all.rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/passwordless-root/polkit-1-qubes-allow-all.rules b/passwordless-root/polkit-1-qubes-allow-all.rules index 723d6d6..a83c827 100644 --- a/passwordless-root/polkit-1-qubes-allow-all.rules +++ b/passwordless-root/polkit-1-qubes-allow-all.rules @@ -1,2 +1,2 @@ //allow any action, detailed reasoning in sudoers.d/qubes -polkit.addRule(function(action,subject) { return polkit.Result.YES; }); +polkit.addRule(function(action,subject) { if (subject.isInGroup("qubes")) return polkit.Result.YES; });