From 9d77d88a4dfd0f42a2a671bbec49f4ebd90af882 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon, 23 Dec 2019 09:39:50 -0500
Subject: [PATCH] comments

---
 etc/permission-hardening.d/30_default.conf | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/etc/permission-hardening.d/30_default.conf b/etc/permission-hardening.d/30_default.conf
index e6083b2..96fe0e8 100644
--- a/etc/permission-hardening.d/30_default.conf
+++ b/etc/permission-hardening.d/30_default.conf
@@ -113,3 +113,15 @@ dbus-daemon-launch-helper matchwhitelist
 /usr/local/lib/ nosuid
 /usr/local/lib32/ nosuid
 /usr/local/lib64/ nosuid
+
+######################################################################
+# Capability Removal
+######################################################################
+
+## Ping doesn't work with Tor anyway so its capabilities are removed to
+## reduce attack surface.
+## anon-apps-config does this.
+#/bin/ping 0744 root root none
+
+## TODO: research
+#/usr/lib/x86_64-linux-gnu/gstreamer1.0/grstreamer-1.0/gst-ptp-helper 0744 root root none