projects
/
kernel-cn.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
d1bb716
)
- disable grsec for grub, too
author
Dinko Korunic
<kreator@carnet.hr>
Sat, 14 Feb 2009 15:00:13 +0000
(16:00 +0100)
committer
Dinko Korunic
<kreator@carnet.hr>
Sat, 14 Feb 2009 15:00:13 +0000
(16:00 +0100)
debian/postinst
patch
|
blob
|
history
diff --git
a/debian/postinst
b/debian/postinst
index
bfbb597
..
2974a18
100755
(executable)
--- a/
debian/postinst
+++ b/
debian/postinst
@@
-116,17
+116,31
@@
else
/usr/sbin/update-grub >/dev/null 2>&1 || true
fi
/usr/sbin/update-grub >/dev/null 2>&1 || true
fi
-# install grub loader
+# workaround grsec
+if [ -x /sbin/chpax ]; then
+ if [ -x /usr/sbin/grub-install ]; then
+ chpax -ps /usr/sbin/grub-install
+ fi
+ if [ -x /usr/sbin/grub-probe ]; then
+ chpax -ps /usr/sbin/grub-probe
+ fi
+fi
+
+# workaround execshield
SHIELD=$(sysctl -e -n kernel.exec-shield)
if [ ! -z "$SHIELD" ]; then
sysctl -w -e kernel.exec-shield=0 >/dev/null 2>&1
fi
SHIELD=$(sysctl -e -n kernel.exec-shield)
if [ ! -z "$SHIELD" ]; then
sysctl -w -e kernel.exec-shield=0 >/dev/null 2>&1
fi
+
+# install grub loader
if ! grub-install --no-floppy '(hd0)' >/dev/null 2>&1; then
echo "."
echo "CN: FATAL ERROR running grub-install!"
echo "CN: Do not reboot your server and report this to OTRS immediately!"
exit 1
fi
if ! grub-install --no-floppy '(hd0)' >/dev/null 2>&1; then
echo "."
echo "CN: FATAL ERROR running grub-install!"
echo "CN: Do not reboot your server and report this to OTRS immediately!"
exit 1
fi
+
+# restore execshield state
if [ ! -z "$SHIELD" ]; then
sysctl -w -e "kernel.exec-shield=$SHIELD" >/dev/null 2>&1
fi
if [ ! -z "$SHIELD" ]; then
sysctl -w -e "kernel.exec-shield=$SHIELD" >/dev/null 2>&1
fi