This is now in the developers repository. Enabling it will be easy.
sudo systemctl enable permission-hardening.service
It might be enabled by default one day (similar to Restrict Hardware Information to Root - Testers Wanted!) but it needs a fair amount of testing as I am running into many issues here.
We’ll also need some way to record changes and to undo these.
Breaks whonix-firewall.
Dec 21 06:43:54 host enable-firewall[351]: iptables/1.8.2 Failed to initialize nft: Protocol not supported