Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,582 Commits 1 Branch 0 Tags 34 MiB
a8b29c3fa6
Commit Graph

4 Commits

Author SHA1 Message Date
Peter Gerber
a8b29c3fa6 passwordless-root: policykit: restrict access to group qubes 
Without this restriction system users can start processes with
root privileges:

  $ sudo -u mail systemd-run --pipe -q id
  uid=0(root) gid=0(root) groups=0(root)
 2020-09-13 14:16:07 +00:00
Paweł Marczewski
969ec301d5
Override PAM config for su in RPM package 
In Red Hat based distributions, there is no pam-configs like
mechanism (authselect seems too heavy and is not configured by
default), so instead, we replace the PAM file.

Enable su for users in the qubes group, same as in the Debian
package.
 2020-05-07 17:01:02 +02:00
Paweł Marczewski
da2fa46551
Use pam-configs to override Debian PAM config 
Instead of the old workaround that replaces the whole PAM config,
use Debian's framework (pam-configs) to add a rule for su. Enable it
for users in qubes group only.

PAM Config framework documentation:
  https://wiki.ubuntu.com/PAMConfigFrameworkSpec

Issue:
  QubesOS/qubes-issues#5799

Original PR this change is based on:
  QubesOS/qubes-core-agent-linux#171
 2020-05-07 15:31:47 +02:00
Amadeusz Piotr Żołnowski
4de377bc3b
Split items in misc directory by topic 2020-02-04 23:59:09 +00:00