From a135ae94009c4f6492ed8c779ceaefcfaf19e123 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri, 20 Dec 2019 05:22:59 -0500
Subject: [PATCH] use must manually enable permission-hardening.service

until development finished
---
 lib/systemd/system-preset/50-security-misc.preset | 3 +++
 lib/systemd/system/permission-hardening.service   | 4 +---
 usr/lib/security-misc/permission-hardening        | 3 +--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/systemd/system-preset/50-security-misc.preset b/lib/systemd/system-preset/50-security-misc.preset
index 451ef04..86601e6 100644
--- a/lib/systemd/system-preset/50-security-misc.preset
+++ b/lib/systemd/system-preset/50-security-misc.preset
@@ -2,3 +2,6 @@
 ## See the file COPYING for copying conditions.
 
 disable hide-hardware-info.service
+
+## Disable for now until development finished / tested.
+disable permission-hardening.service
diff --git a/lib/systemd/system/permission-hardening.service b/lib/systemd/system/permission-hardening.service
index 48d732b..216da23 100644
--- a/lib/systemd/system/permission-hardening.service
+++ b/lib/systemd/system/permission-hardening.service
@@ -8,9 +8,7 @@ After=local-fs.target
 
 [Service]
 Type=oneshot
-## Disable for now until development finished / tested.
-ExecStart=/bin/true
-#ExecStart=/usr/lib/security-misc/permission-hardening
+ExecStart=/usr/lib/security-misc/permission-hardening
 
 [Install]
 WantedBy=sysinit.target
diff --git a/usr/lib/security-misc/permission-hardening b/usr/lib/security-misc/permission-hardening
index 0da1dff..79708c3 100755
--- a/usr/lib/security-misc/permission-hardening
+++ b/usr/lib/security-misc/permission-hardening
@@ -11,8 +11,7 @@ config_file="/etc/permission-hardening.conf"
 
 echo_wrapper() {
    echo "run: $@"
-   ## TODO
-   #"$@"
+   "$@"
 }
 
 add_nosuid_statoverride_entry() {