From a9c6ef152cabe925c940d4c06363a0c94e899968 Mon Sep 17 00:00:00 2001
From: Dominik Richter <dominik.richter@gmail.com>
Date: Mon, 1 Dec 2014 13:42:51 +0100
Subject: [PATCH] feature: add schroot to suid/sgid whitelist

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
---
 lockdown/serverspec/os_spec.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lockdown/serverspec/os_spec.rb b/lockdown/serverspec/os_spec.rb
index 7e6c6bd..ea2ef90 100644
--- a/lockdown/serverspec/os_spec.rb
+++ b/lockdown/serverspec/os_spec.rb
@@ -99,6 +99,8 @@
       '/usr/kerberos/bin/ksu',
       # whitelist pam_caching
       '/usr/sbin/ccreds_validate',
+      # whitelist su-tools
+      '/usr/bin/schroot',
       # whitelist Xorg
       '/usr/bin/Xorg',                                              # xorg
       '/usr/bin/X',                                                 # xorg