Only give the “qubes” group full Polkit access
This is consistent with the rest of qubes-core-agent-passwordless-root, and helps prevent sandbox escapes by daemons with dbus access.
This commit is contained in:
parent
95022f94e9
commit
16f48b6298
@ -1,2 +1,2 @@
|
|||||||
//allow any action, detailed reasoning in sudoers.d/qubes
|
//allow any action, detailed reasoning in sudoers.d/qubes
|
||||||
polkit.addRule(function(action,subject) { return polkit.Result.YES; });
|
polkit.addRule(function(action,subject) { if (subject.isInGroup("qubes")) return polkit.Result.YES; });
|
||||||
|
Loading…
Reference in New Issue
Block a user