From d3f16a5bf46a7d10316259788f3d97364fe2e545 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Fri, 20 Dec 2019 12:47:10 -0500
Subject: [PATCH] sgid /usr/lib/qubes/qfile-unpacker whitelist

---
 etc/permission-hardening.d/30_default.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/etc/permission-hardening.d/30_default.conf b/etc/permission-hardening.d/30_default.conf
index 3e5cab5..a4dfb09 100644
--- a/etc/permission-hardening.d/30_default.conf
+++ b/etc/permission-hardening.d/30_default.conf
@@ -24,6 +24,10 @@
 /usr/lib/spice-gtk/spice-client-glib-usb-acl-helper whitelist
 /usr/lib/x86_64-linux-gnu/utempter/utempter whitelist
 
+## TODO: research
+## https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubes-rpc/qfile-unpacker.c
+/usr/lib/qubes/qfile-unpacker whitelist
+
 ## Permission hardening.
 /home/ 0755 root root
 /home/user/ 0700 user user