From 6c8127e3cd32c04a6eb4641ad856c7bf2c777fee Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri, 20 Dec 2019 05:29:37 -0500
Subject: [PATCH] remove "/lib/ nosuid" from permission hardening

Takes 1 minute to parse. No SUID binaries there by default.
remount-secure mounts it with nosuid anyhow.
Therefore no processing it here.
---
 etc/permission-hardening.conf | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/etc/permission-hardening.conf b/etc/permission-hardening.conf
index 85d2c16..276b1a4 100644
--- a/etc/permission-hardening.conf
+++ b/etc/permission-hardening.conf
@@ -22,7 +22,12 @@
 /sbin/ nosuid
 /usr/sbin/ nosuid
 /usr/local/sbin/ nosuid
-/lib/ nosuid
+
+## Takes 1 minute to parse. No SUID binaries there by default.
+## remount-secure mounts it with nosuid anyhow.
+## Therefore no processing it here.
+#/lib/ nosuid
+
 /lib32/ nosuid
 /lib64/ nosuid
 /usr/lib/ nosuid