From 0e6ade292024ddde8d44bd8cf805d40c3f49731f Mon Sep 17 00:00:00 2001
From: Dinko Korunic <kreator@carnet.hr>
Date: Sat, 14 Feb 2009 16:00:13 +0100
Subject: [PATCH] - disable grsec for grub, too

---
 debian/postinst |   16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/debian/postinst b/debian/postinst
index bfbb597..2974a18 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -116,17 +116,31 @@ else
     /usr/sbin/update-grub >/dev/null 2>&1 || true
 fi
 
-# install grub loader
+# workaround grsec
+if [ -x /sbin/chpax ]; then
+    if [ -x /usr/sbin/grub-install ]; then
+        chpax -ps /usr/sbin/grub-install
+    fi
+    if [ -x /usr/sbin/grub-probe ]; then
+        chpax -ps /usr/sbin/grub-probe
+    fi
+fi
+
+# workaround execshield
 SHIELD=$(sysctl -e -n kernel.exec-shield)
 if [ ! -z "$SHIELD" ]; then
     sysctl -w -e kernel.exec-shield=0 >/dev/null 2>&1
 fi
+
+# install grub loader
 if ! grub-install --no-floppy '(hd0)' >/dev/null 2>&1; then
     echo "."
     echo "CN: FATAL ERROR running grub-install!"
     echo "CN: Do not reboot your server and report this to OTRS immediately!"
     exit 1
 fi
+
+# restore execshield state
 if [ ! -z "$SHIELD" ]; then
     sysctl -w -e "kernel.exec-shield=$SHIELD" >/dev/null 2>&1
 fi
-- 
1.7.10.4