Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

passwordless-root: policykit: restrict access to group qubes

Browse Source 
Without this restriction system users can start processes with
root privileges:

  $ sudo -u mail systemd-run --pipe -q id
  uid=0(root) gid=0(root) groups=0(root)
This commit is contained in:
Peter Gerber 2020-09-13 14:11:49 +00:00
parent a695902d68
commit a8b29c3fa6
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
passwordless-root/polkit-1-qubes-allow-all.pkla
View File

@ -1,5 +1,5 @@
[Qubes allow all]
Identity=*
Identity=unix-group:qubes
Action=*
ResultAny=yes
ResultInactive=yes