From: Dinko Korunic Date: Sat, 14 Feb 2009 15:00:13 +0000 (+0100) Subject: - disable grsec for grub, too X-Git-Tag: debian/2.6.26-4~25 X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=commitdiff_plain;h=0e6ade292024ddde8d44bd8cf805d40c3f49731f;p=kernel-cn.git - disable grsec for grub, too --- diff --git a/debian/postinst b/debian/postinst index bfbb597..2974a18 100755 --- a/debian/postinst +++ b/debian/postinst @@ -116,17 +116,31 @@ else /usr/sbin/update-grub >/dev/null 2>&1 || true fi -# install grub loader +# workaround grsec +if [ -x /sbin/chpax ]; then + if [ -x /usr/sbin/grub-install ]; then + chpax -ps /usr/sbin/grub-install + fi + if [ -x /usr/sbin/grub-probe ]; then + chpax -ps /usr/sbin/grub-probe + fi +fi + +# workaround execshield SHIELD=$(sysctl -e -n kernel.exec-shield) if [ ! -z "$SHIELD" ]; then sysctl -w -e kernel.exec-shield=0 >/dev/null 2>&1 fi + +# install grub loader if ! grub-install --no-floppy '(hd0)' >/dev/null 2>&1; then echo "." echo "CN: FATAL ERROR running grub-install!" echo "CN: Do not reboot your server and report this to OTRS immediately!" exit 1 fi + +# restore execshield state if [ ! -z "$SHIELD" ]; then sysctl -w -e "kernel.exec-shield=$SHIELD" >/dev/null 2>&1 fi