(In reply to werner@suse.com from comment #4) > This will require some patching as physlock has to access /dev/tty0, /proc/sys/kernel/sysrq, and/or /proc/sys/kernel/printk ... using the existing group tty is not enough as in code uid check is hard coded You mean for the "restricting the setuid-root binary to specific group" option? This shouldn't need any patching. You just need to change the packaging to ship physlock as: root:trusted mode 47550 resulting in only members of the trusted group (or any other suitable group) being able to use the setuid-root features of physlock.