- disable grsec for grub, too

author Dinko Korunic <kreator@carnet.hr>

Sat, 14 Feb 2009 15:00:13 +0000 (16:00 +0100)

committer Dinko Korunic <kreator@carnet.hr>

Sat, 14 Feb 2009 15:00:13 +0000 (16:00 +0100)
author Dinko Korunic <kreator@carnet.hr>
Sat, 14 Feb 2009 15:00:13 +0000 (16:00 +0100)
committer Dinko Korunic <kreator@carnet.hr>
Sat, 14 Feb 2009 15:00:13 +0000 (16:00 +0100)
diff --git a/debian/postinst b/debian/postinst

index bfbb597..2974a18 100755 (executable)
--- a/debian/postinst
+++ b/debian/postinst
@@ -116,17 +116,31 @@ else
      /usr/sbin/update-grub >/dev/null 2>&1 || true
  fi
  
-# install grub loader
+# workaround grsec
+if [ -x /sbin/chpax ]; then
+    if [ -x /usr/sbin/grub-install ]; then
+        chpax -ps /usr/sbin/grub-install
+    fi
+    if [ -x /usr/sbin/grub-probe ]; then
+        chpax -ps /usr/sbin/grub-probe
+    fi
+fi
+
+# workaround execshield
  SHIELD=$(sysctl -e -n kernel.exec-shield)
  if [ ! -z "$SHIELD" ]; then
      sysctl -w -e kernel.exec-shield=0 >/dev/null 2>&1
  fi
+
+# install grub loader
  if ! grub-install --no-floppy '(hd0)' >/dev/null 2>&1; then
      echo "."
      echo "CN: FATAL ERROR running grub-install!"
      echo "CN: Do not reboot your server and report this to OTRS immediately!"
      exit 1
  fi
+
+# restore execshield state
  if [ ! -z "$SHIELD" ]; then
      sysctl -w -e "kernel.exec-shield=$SHIELD" >/dev/null 2>&1
  fi
author	Dinko Korunic <kreator@carnet.hr>
	Sat, 14 Feb 2009 15:00:13 +0000 (16:00 +0100)
committer	Dinko Korunic <kreator@carnet.hr>
	Sat, 14 Feb 2009 15:00:13 +0000 (16:00 +0100)