From d220bb3bc4aaf923dcb2e2a48ac05dd5f1326442 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri, 20 Dec 2019 13:07:01 -0500
Subject: [PATCH] suid /usr/lib/chromium/chrome-sandbox whitelist

---
 etc/permission-hardening.d/30_default.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/etc/permission-hardening.d/30_default.conf b/etc/permission-hardening.d/30_default.conf
index 3c6fa63..263fa57 100644
--- a/etc/permission-hardening.d/30_default.conf
+++ b/etc/permission-hardening.d/30_default.conf
@@ -27,6 +27,7 @@
 /usr/lib/dbus-1.0/dbus-daemon-launch-helper whitelist
 /usr/lib/spice-gtk/spice-client-glib-usb-acl-helper whitelist
 /usr/lib/x86_64-linux-gnu/utempter/utempter whitelist
+/usr/lib/chromium/chrome-sandbox whitelist
 
 ## There is a controversy about firejail but those who choose to install it
 ## should be able to use it.