Browse Source

Merge remote-tracking branch 'origin/pr/278'

* origin/pr/278:
  “sudo” must remove SELinux restrictions
  Only give the “qubes” group full Polkit access
Marek Marczykowski-Górecki 3 years ago
parent
commit
a9e98cc13c

+ 1 - 1
passwordless-root/polkit-1-qubes-allow-all.rules

@@ -1,2 +1,2 @@
 //allow any action, detailed reasoning in sudoers.d/qubes
-polkit.addRule(function(action,subject) { return polkit.Result.YES; });
+polkit.addRule(function(action,subject) { if (subject.isInGroup("qubes")) return polkit.Result.YES; });

+ 1 - 1
passwordless-root/qubes.sudoers

@@ -1,4 +1,4 @@
-Defaults !requiretty
+Defaults role=unconfined_r, type=unconfined_t, !requiretty
 %qubes ALL=(ALL) NOPASSWD: ALL
 
 # WTF?! Have you lost your mind?!