From 5b88e92e5c4b951e659e1574fc248bd11158dfb2 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@whonix.org>
Date: Fri, 6 Dec 2024 09:48:58 -0500
Subject: [PATCH] permission hardner: treat `mount` the same way we treat
 `umount`

Thanks to @the-moog for the bug report!

fixes https://github.com/Kicksecure/security-misc/issues/284
---
 etc/permission-hardener.d/25_default_whitelist_mount.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/etc/permission-hardener.d/25_default_whitelist_mount.conf b/etc/permission-hardener.d/25_default_whitelist_mount.conf
index 08965b8..c0a4f96 100644
--- a/etc/permission-hardener.d/25_default_whitelist_mount.conf
+++ b/etc/permission-hardener.d/25_default_whitelist_mount.conf
@@ -10,8 +10,12 @@
 ## SUID will be removed below in separate step.
 /bin/mount exactwhitelist
 /usr/bin/mount exactwhitelist
+/bin/umount exactwhitelist
+/usr/bin/umount exactwhitelist
 
 ## Remove SUID from 'mount' but keep executable.
 ## https://forums.whonix.org/t/disable-suid-binaries/7706/61
 /bin/mount 755 root root
 /usr/bin/mount 755 root root
+/bin/umount 755 root root
+/usr/bin/umount 755 root root