X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=kernel-cn.git;a=blobdiff_plain;f=debian%2Fpostinst;fp=debian%2Fpostinst;h=2974a18f72b64b99a4a6e3067d18d5ae91abf3cc;hp=bfbb597e02c0c5d6d0becb2310366287143abf8c;hb=0e6ade292024ddde8d44bd8cf805d40c3f49731f;hpb=d1bb716ac233b7d645a22f86cb437d7f49b45dd2

diff --git a/debian/postinst b/debian/postinst
index bfbb597..2974a18 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -116,17 +116,31 @@ else
     /usr/sbin/update-grub >/dev/null 2>&1 || true
 fi
 
-# install grub loader
+# workaround grsec
+if [ -x /sbin/chpax ]; then
+    if [ -x /usr/sbin/grub-install ]; then
+        chpax -ps /usr/sbin/grub-install
+    fi
+    if [ -x /usr/sbin/grub-probe ]; then
+        chpax -ps /usr/sbin/grub-probe
+    fi
+fi
+
+# workaround execshield
 SHIELD=$(sysctl -e -n kernel.exec-shield)
 if [ ! -z "$SHIELD" ]; then
     sysctl -w -e kernel.exec-shield=0 >/dev/null 2>&1
 fi
+
+# install grub loader
 if ! grub-install --no-floppy '(hd0)' >/dev/null 2>&1; then
     echo "."
     echo "CN: FATAL ERROR running grub-install!"
     echo "CN: Do not reboot your server and report this to OTRS immediately!"
     exit 1
 fi
+
+# restore execshield state
 if [ ! -z "$SHIELD" ]; then
     sysctl -w -e "kernel.exec-shield=$SHIELD" >/dev/null 2>&1
 fi