From 1ff56625a170c392f6099b41f371c56032362ea0 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon, 23 Dec 2019 01:42:03 -0500
Subject: [PATCH] polkit-agent-helper-1 matchwhitelist to match both

- /usr/lib/policykit-1/polkit-agent-helper-1 matchwhitelist
- /lib/policykit-1/polkit-agent-helper-1
---
 etc/permission-hardening.d/30_default.conf | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/etc/permission-hardening.d/30_default.conf b/etc/permission-hardening.d/30_default.conf
index 45417d6..9b6eee7 100644
--- a/etc/permission-hardening.d/30_default.conf
+++ b/etc/permission-hardening.d/30_default.conf
@@ -23,7 +23,6 @@
 /bin/sudo whitelist
 /usr/bin/bwrap whitelist
 /bin/bwrap whitelist
-/usr/lib/policykit-1/polkit-agent-helper-1 whitelist
 /usr/lib/spice-gtk/spice-client-glib-usb-acl-helper whitelist
 /usr/lib/chromium/chrome-sandbox whitelist
 
@@ -55,6 +54,11 @@
 #/lib/qubes/qfile-unpacker
 /qubes/qfile-unpacker matchwhitelist
 
+## match both:
+#/usr/lib/policykit-1/polkit-agent-helper-1 matchwhitelist
+#/lib/policykit-1/polkit-agent-helper-1
+polkit-agent-helper-1 matchwhitelist
+
 ######################################################################
 # SUID regex match whitelist
 ######################################################################