projects
/
kernel-cn.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
- disable grsec for grub, too
[kernel-cn.git]
/
debian
/
postinst
diff --git
a/debian/postinst
b/debian/postinst
index
bfbb597
..
2974a18
100755
(executable)
--- a/
debian/postinst
+++ b/
debian/postinst
@@
-116,17
+116,31
@@
else
/usr/sbin/update-grub >/dev/null 2>&1 || true
fi
/usr/sbin/update-grub >/dev/null 2>&1 || true
fi
-# install grub loader
+# workaround grsec
+if [ -x /sbin/chpax ]; then
+ if [ -x /usr/sbin/grub-install ]; then
+ chpax -ps /usr/sbin/grub-install
+ fi
+ if [ -x /usr/sbin/grub-probe ]; then
+ chpax -ps /usr/sbin/grub-probe
+ fi
+fi
+
+# workaround execshield
SHIELD=$(sysctl -e -n kernel.exec-shield)
if [ ! -z "$SHIELD" ]; then
sysctl -w -e kernel.exec-shield=0 >/dev/null 2>&1
fi
SHIELD=$(sysctl -e -n kernel.exec-shield)
if [ ! -z "$SHIELD" ]; then
sysctl -w -e kernel.exec-shield=0 >/dev/null 2>&1
fi
+
+# install grub loader
if ! grub-install --no-floppy '(hd0)' >/dev/null 2>&1; then
echo "."
echo "CN: FATAL ERROR running grub-install!"
echo "CN: Do not reboot your server and report this to OTRS immediately!"
exit 1
fi
if ! grub-install --no-floppy '(hd0)' >/dev/null 2>&1; then
echo "."
echo "CN: FATAL ERROR running grub-install!"
echo "CN: Do not reboot your server and report this to OTRS immediately!"
exit 1
fi
+
+# restore execshield state
if [ ! -z "$SHIELD" ]; then
sysctl -w -e "kernel.exec-shield=$SHIELD" >/dev/null 2>&1
fi
if [ ! -z "$SHIELD" ]; then
sysctl -w -e "kernel.exec-shield=$SHIELD" >/dev/null 2>&1
fi