From 0e6ade292024ddde8d44bd8cf805d40c3f49731f Mon Sep 17 00:00:00 2001 From: Dinko Korunic Date: Sat, 14 Feb 2009 16:00:13 +0100 Subject: [PATCH] - disable grsec for grub, too --- debian/postinst | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/debian/postinst b/debian/postinst index bfbb597..2974a18 100755 --- a/debian/postinst +++ b/debian/postinst @@ -116,17 +116,31 @@ else /usr/sbin/update-grub >/dev/null 2>&1 || true fi -# install grub loader +# workaround grsec +if [ -x /sbin/chpax ]; then + if [ -x /usr/sbin/grub-install ]; then + chpax -ps /usr/sbin/grub-install + fi + if [ -x /usr/sbin/grub-probe ]; then + chpax -ps /usr/sbin/grub-probe + fi +fi + +# workaround execshield SHIELD=$(sysctl -e -n kernel.exec-shield) if [ ! -z "$SHIELD" ]; then sysctl -w -e kernel.exec-shield=0 >/dev/null 2>&1 fi + +# install grub loader if ! grub-install --no-floppy '(hd0)' >/dev/null 2>&1; then echo "." echo "CN: FATAL ERROR running grub-install!" echo "CN: Do not reboot your server and report this to OTRS immediately!" exit 1 fi + +# restore execshield state if [ ! -z "$SHIELD" ]; then sysctl -w -e "kernel.exec-shield=$SHIELD" >/dev/null 2>&1 fi -- 1.7.10.4