a8b29c3fa6
Without this restriction system users can start processes with root privileges: $ sudo -u mail systemd-run --pipe -q id uid=0(root) gid=0(root) groups=0(root)
7 lines
103 B
Plaintext
7 lines
103 B
Plaintext
[Qubes allow all]
|
|
Identity=unix-group:qubes
|
|
Action=*
|
|
ResultAny=yes
|
|
ResultInactive=yes
|
|
ResultActive=yes
|