From 3ba8fe586e1abe133bd41076278f8663aba7e641 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Tue, 16 Jan 2024 09:23:54 -0500 Subject: [PATCH] update permission-hardener.service Which is now only an additional opt-in systemd unit, because permission-hardener is run by default at security-misc package installation time. https://github.com/Kicksecure/security-misc/pull/181 --- lib/systemd/system/permission-hardener.service | 4 ++-- usr/bin/permission-hardener | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/systemd/system/permission-hardener.service b/lib/systemd/system/permission-hardener.service index 912e6c7..94ddd6b 100644 --- a/lib/systemd/system/permission-hardener.service +++ b/lib/systemd/system/permission-hardener.service @@ -2,7 +2,7 @@ ## See the file COPYING for copying conditions. [Unit] -Description=SUID, SGID, Capability and File Permission Hardening +Description=Permission Hardener at Boot Time (opt-in in addition to security-misc package installation time hardening) Documentation=https://github.com/Kicksecure/security-misc DefaultDependencies=no @@ -13,7 +13,7 @@ After=local-fs.target [Service] Type=oneshot RemainAfterExit=yes -ExecStart=permission-hardener +ExecStart=permission-hardener enable [Install] WantedBy=sysinit.target diff --git a/usr/bin/permission-hardener b/usr/bin/permission-hardener index 2e3fcbc..4831581 100755 --- a/usr/bin/permission-hardener +++ b/usr/bin/permission-hardener @@ -616,7 +616,7 @@ spare() { To remove all: $0 disable all - This change might not be permanent (because of the permission-hardener.service systemd unit). For full instructions, see: + This change might not be permanent. For full instructions, see: https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener To view list of changed by SUID Disabler and Permission Hardener: