From 02fda33c3bc21a7d079d86d7044a3c59040673de Mon Sep 17 00:00:00 2001
From: Paul Menzel <pmenzel@molgen.mpg.de>
Date: Fri, 29 Nov 2019 15:11:15 +0100
Subject: [PATCH] mxgrub: Restrict access to submenu

Allowing access to a submenu allows users to enter the command-line
interface by pressing the key *c*.

So, restrict the access. As a result, unprivileged users only can choose
the default Linux kernel.

[1]: https://www.gnu.org/software/grub/manual/grub/grub.html#Security
[2]: https://philosophos.github.io/articles/20170304~Password-Protection-of-GRUB-Menu/
---
 mxgrub/mxgrub | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mxgrub/mxgrub b/mxgrub/mxgrub
index 5eda0b5..f7583e4 100755
--- a/mxgrub/mxgrub
+++ b/mxgrub/mxgrub
@@ -271,7 +271,7 @@ else
 
 menuentry "$MARIUX_DEFAULT" { set chosen="$submenu>$MARIUX_DEFAULT" ; save_env chosen ; linux /boot/bzImage.x86_64 root=LABEL=root $KERNEL_PARAMETER ; initrd /boot/grub/initramfs.igz }
 
-submenu "$submenu" --unrestricted {
+submenu "$submenu" {
 $kernellist
 }
        if [ \$chosen ]; then