disable proc-hidepid by default because incompatible with pkexec

and undo pkexec wrapper
2024-12-23 01:13:40 +07:00 · 2020-04-12 16:48:13 -04:00 · 2020-04-12 16:48:13 -04:00 · 72be31e870
commit 72be31e870
parent 938e929f39
4 changed files with 7 additions and 3 deletions
--- a/debian/control
+++ b/debian/control
@ -175,8 +175,9 @@ Description: enhances misc security settings
 `/lib/systemd/system/remount-secure.service`
 `/usr/lib/security-misc/remount-secure`
 .
-  * A systemd service mounts `/proc` with `hidepid=2` at boot to prevent users
- from seeing each other's processes.
+  * An optional systemd service mounts `/proc` with `hidepid=2` at boot to
+ prevent users from seeing each other's processes. Not enabled because not
+ compatible with pkexec.
 .
  * The kernel logs are restricted to root only.
 .
--- a/debian/security-misc.displace
+++ b/debian/security-misc.displace
@ -1,5 +1,4 @@
 ## Copyright (C) 2019 - 2020 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
 ## See the file COPYING for copying conditions.

-/usr/bin/pkexec.security-misc
 /etc/securetty.security-misc
--- a/debian/security-misc.undisplace
+++ b/debian/security-misc.undisplace
@ -2,3 +2,4 @@
 ## See the file COPYING for copying conditions.

 /etc/login.defs.security-misc
+/usr/bin/pkexec.security-misc
--- a/lib/systemd/system-preset/50-security-misc.preset
+++ b/lib/systemd/system-preset/50-security-misc.preset
@ -9,3 +9,6 @@ disable permission-hardening.service

 ## Disable for now until development finished / tested.
 disable remount-secure.service
+
+## Disable due to pkexec issues.
+proc-hidepid.service