diff options
-rw-r--r-- | kernels/pax-flags-libre/PKGBUILD | 54 | ||||
-rw-r--r-- | kernels/pax-flags-libre/browsers.conf | 10 | ||||
-rw-r--r-- | kernels/pax-flags-libre/clamav.conf | 6 | ||||
-rw-r--r-- | kernels/pax-flags-libre/games.conf | 20 | ||||
-rw-r--r-- | kernels/pax-flags-libre/imagemagick.conf | 13 | ||||
-rw-r--r-- | kernels/pax-flags-libre/java.conf | 13 | ||||
-rw-r--r-- | kernels/pax-flags-libre/kde.conf | 22 | ||||
-rw-r--r-- | kernels/pax-flags-libre/pax-flags-libre.8 | 112 | ||||
-rwxr-xr-x | kernels/pax-flags-libre/pax-flags-libre.rb | 278 | ||||
-rwxr-xr-x | kernels/pax-flags-libre/pax-flags-libre.sh | 13 | ||||
-rw-r--r-- | kernels/pax-flags-libre/polkit.conf | 5 | ||||
-rw-r--r-- | kernels/pax-flags-libre/qemu.conf | 51 | ||||
-rw-r--r-- | kernels/pax-flags-libre/replicant.conf | 8 | ||||
-rw-r--r-- | kernels/pax-flags-libre/ruby.conf | 8 | ||||
-rw-r--r-- | kernels/pax-flags-libre/simple.conf | 56 | ||||
-rw-r--r-- | kernels/pax-flags-libre/valgrind.conf | 25 | ||||
-rw-r--r-- | kernels/pax-flags-libre/wine.conf | 4 | ||||
-rw-r--r-- | libre/paxd-libre/10-enable-pax.conf | 2 | ||||
-rw-r--r-- | libre/paxd-libre/PKGBUILD | 34 |
19 files changed, 36 insertions, 698 deletions
diff --git a/kernels/pax-flags-libre/PKGBUILD b/kernels/pax-flags-libre/PKGBUILD deleted file mode 100644 index 882031ffe..000000000 --- a/kernels/pax-flags-libre/PKGBUILD +++ /dev/null @@ -1,54 +0,0 @@ -# Contributors: -# henning mueller <henning@orgizm.net> -# Ahmad24, duncant, echoblack, niki, ShadowKyogre, s1gma, test0 -# -# Forked libre version which blacklists nonfree software for Parabola here: -# https://github.com/g4jc/pax-flags-libre -# - -pkgname=pax-flags-libre -pkgdesc='Deactivates PaX flags for several binaries to work with PaX enabled kernels (a libre fork of linux-pax-flags)' -pkgver=2.0.17 -pkgrel=1 -arch=(any) -url='https://github.com/g4jc/pax-flags-libre' -license=(GPL3) -depends=(ruby paxctl) -optdepends=('sudo: Run as root automatically.') -replaces=(linux-pax-flags) -conflicts=(linux-pax-flags) -provides=(linux-pax-flags) -source=( - $pkgname.sh $pkgname.rb $pkgname.8 - replicant.conf browsers.conf clamav.conf games.conf imagemagick.conf java.conf - kde.conf polkit.conf qemu.conf ruby.conf simple.conf valgrind.conf wine.conf -) - -package() { - install -D -m755 $srcdir/$pkgname.sh $pkgdir/usr/bin/$pkgname - install -D -m755 $srcdir/$pkgname.rb $pkgdir/usr/bin/$pkgname.rb - install -D -m644 $srcdir/$pkgname.8 $pkgdir/usr/share/man/man8/$pkgname.8 - - for config in $srcdir/*.conf; do - install -D -m600 $config $pkgdir/usr/share/$pkgname/$(basename $config) - done - - mkdir -p $pkgdir/etc/pax-flags-libre -} - -sha256sums=('06295e9d2afea0ea01c42620f0cd5e3ae785bc42c2749d4bef52f7d5b8a043ce' - '79367f1b72eb836557e24df20fc4ad142af55669c0fee1e3e7a0d34d35bfc9dc' - '9d62896dd51be4979cd85bfcd09de219f6068ec312f27e2a66f7a2f2c78d1f38' - '7bbbad18a19150893916995723cd7e256a7b4e2baa5c2ff57bc27886c40f51fc' - 'aedce25acf41fffa7a5c15c2ad7e5034eb56bfedcde65612ae4bc3f86ef4841a' - 'bb87f4dce8e20f2ce601bdcb888dd688d8f0e9d0ab367e09c8081daffa15b03a' - '95471682765c3c5ca31b29e3de7f8a07de6b2857e999dcdd714d062fe3da04ea' - '7dc92a303004c9d74a1fe4d40d75105a703366ade8b2b459b0aae8d6f8b62ed0' - '71afe786955d149fe216ff1a60348562914a6820d3b7f9dc42aa44913062b04e' - '01ddeec77c605e1d3aa00a1fdc4c3537989468ab78da5f37b893cdbcfe34176c' - '1f205fddfb427a696fb00221a3007453e25fbbf180ea026c264d23eeac9e1870' - '2736d0ef20d0127c34e132db38d8993dee3062ba0ac0cdf8d444a8d3665698b8' - 'e5562d68df885c5ceeb51709fc57c86d7b2c7849b9d99f828a77228878e25d71' - '7d9f510e649e4ead08be3bb5f6fe1b6371b47a9fbb2f9b829cf329caa16bad94' - 'ea003c4201745cd0c4bcf5cec5ca2d0a79cc6b1b04ceaa276ace0ad0287b8c50' - 'd78fe0a02b5801c70e3d64045b12c3cbee358689da9082d71003b1cffda73ee3') diff --git a/kernels/pax-flags-libre/browsers.conf b/kernels/pax-flags-libre/browsers.conf deleted file mode 100644 index a37590b80..000000000 --- a/kernels/pax-flags-libre/browsers.conf +++ /dev/null @@ -1,10 +0,0 @@ -# MPROTECT and RANDMMAP off -PSmXEr: - - /usr/bin/elinks - - /usr/bin/qupzilla - - /usr/lib/iceweasel/iceweasel - - /usr/lib/iceweasel/plugin-container - -# MPROTECT off -PSmXER: - - /usr/bin/midori diff --git a/kernels/pax-flags-libre/clamav.conf b/kernels/pax-flags-libre/clamav.conf deleted file mode 100644 index 7cb614bca..000000000 --- a/kernels/pax-flags-libre/clamav.conf +++ /dev/null @@ -1,6 +0,0 @@ -# MPROTECT off -PSmXER: - - /usr/bin/clamscan - - /usr/bin/freshclam - - /usr/sbin/clamd: - type: systemd diff --git a/kernels/pax-flags-libre/games.conf b/kernels/pax-flags-libre/games.conf deleted file mode 100644 index 59d5c7296..000000000 --- a/kernels/pax-flags-libre/games.conf +++ /dev/null @@ -1,20 +0,0 @@ -# MPROTECT and RANDMMAP off -PSmXEr: - - /usr/bin/pyrogenesis - - /usr/bin/hwengine - -# PAGEEXEC and MPROTECT off -#pSmXER: -# TODO - -# MPROTECT off -PSmXER: - - /opt/doom3/doom.x86 - - /opt/enemy-territory/et.x86 - - /opt/quake3/ioquake3.i386 - - /opt/quake3/ioquake3.x86_64 - - /opt/ryzom/ryzom_client - - /usr/bin/bzflag - - /usr/bin/minetest - - /usr/bin/opencity - diff --git a/kernels/pax-flags-libre/imagemagick.conf b/kernels/pax-flags-libre/imagemagick.conf deleted file mode 100644 index a2201a754..000000000 --- a/kernels/pax-flags-libre/imagemagick.conf +++ /dev/null @@ -1,13 +0,0 @@ -# MPROTECT off -PSmXER: - - /usr/bin/animate - - /usr/bin/compare - - /usr/bin/composite - - /usr/bin/conjure - - /usr/bin/convert - - /usr/bin/display - - /usr/bin/identify - - /usr/bin/import - - /usr/bin/mogrify - - /usr/bin/montage - - /usr/bin/stream diff --git a/kernels/pax-flags-libre/java.conf b/kernels/pax-flags-libre/java.conf deleted file mode 100644 index 7c10aa16e..000000000 --- a/kernels/pax-flags-libre/java.conf +++ /dev/null @@ -1,13 +0,0 @@ -# All off :( -psmxer: - - /opt/java/bin/java - - /opt/java/bin/javac - - /usr/lib/jvm/java-6-openjdk/bin/java - - /usr/lib/jvm/java-6-openjdk/bin/javac - - /usr/lib/jvm/java-6-openjdk/jre/bin/java - - /usr/lib/jvm/java-7-openjdk/bin/javac - - /usr/lib/jvm/java-7-openjdk/jre/bin/java - -# MPROTECT off -PSmXER: - - /usr/lib/jvm/java-7-openjdk/bin/jar diff --git a/kernels/pax-flags-libre/kde.conf b/kernels/pax-flags-libre/kde.conf deleted file mode 100644 index 09c03cc51..000000000 --- a/kernels/pax-flags-libre/kde.conf +++ /dev/null @@ -1,22 +0,0 @@ -# MPROTECT off -PSmXER: - - /usr/bin/akonadi_sendlater_agent - - /usr/bin/akonadi_archivemail_agent - - /usr/bin/akonadi_mailfilter_agent - - /usr/bin/akonadiconsole - - /usr/bin/akregator - - /usr/bin/blogilo - - /usr/bin/kdeinit4 - - /usr/bin/kdenlive - - /usr/bin/kmail - - /usr/bin/knode - - /usr/bin/knotify4 - - /usr/bin/kontact - - /usr/bin/kwin - - /usr/bin/okular - - /usr/lib/kde4/libexec/drkonqi - - /usr/lib/kde4/libexec/kwin_opengl_test - -# MPROTECT and RANDMMAP off -PSmXEr: - - /usr/lib/kde4/libexec/kscreenlocker_greet diff --git a/kernels/pax-flags-libre/pax-flags-libre.8 b/kernels/pax-flags-libre/pax-flags-libre.8 deleted file mode 100644 index f27ae82f8..000000000 --- a/kernels/pax-flags-libre/pax-flags-libre.8 +++ /dev/null @@ -1,112 +0,0 @@ -.TH pax-flags-libre 8 "" 2013-02-18 -.SH NAME -\fBpax-flags-libre\fR \- Configure PaX flags for several binaries -.SH SYNOPSIS -\fBpax-flags-libre\fR [options] [filter] -.SH DESCRIPTION -\fBpax-flags-libre\fR is written to configure PaX flags for a set of binaries. -It is intended to ease the usage of PaX (linux-libre-pax) or grsecurity (linux-libre-grsec, -linux-libre-grsec-lts) enabled kernel on Parabola GNU/Linux-libre. -.P -PaX flags for a set of binaries are collected in YAML format configuration -files. By default, every .conf file from /etc/pax-flags and -/usr/share/pax-flags-libre is read. See the CONFIGURATION section for the file -format. -.P -Root privileges are needed. If you set a value to $PAX_FLAGS_SUDO, -\fBpax-flags-libre\fR will be called with sudo. -.SH OPTIONS -.TP -\-c, \-\-config <path> -Override default configuration paths. Requires one path argument. Can contain -globs (escape them in some shells (zsh for example)). -.TP -\-h, \-\-help -Displays a short usage message and option summary. -.TP -\-p, \-\-prepend -Do not actually change anything. -.TP -\-x, \-\-xattr -Sets the PaX flags through setfattr, underlying filesystems need xattr support. -.TP -\-y, \-\-yes -Non-interactive mode. Assume yes on any question. -.SH FILES -.TP -/etc/pax-flags/*.conf -Files for overriding the standard flag set and path pattern configuration. -.TP -/usr/share/pax-flags-libre/*.conf -The shipped configuration. -.SH CONFIGURATION -There are \fBsimple\fR configuration entries and \fBcomplex\fR ones. Complex -configuration for a certain flag set and path pattern overrides simple. To -override a simple entry with a complex one, the flag sets and path patterns have -to match exactly. -.SS "Simple entries" -Simple configuration entries just set the PaX flags for a set of binaries. The -format is as follows: -.P -PSmXER: -.br - \- /usr/bin/ruby - \- /usr/bin/glx* -.P -\fBPSmXER\fR is the set of flags. Every letter represents a PaX flag. Uppercase -enables the flag, lowercase disables it. See paxctl(1) for more details. This -example disables MPROTECT on /usr/bin/ruby and /usr/bin/glx*. -.SS "Complex entries" -With complex entries it is possible to stop a daemon before setting the flags -and starting it afterwards. The format is as follows: -.P -PSmXER: -.br - \- /usr/sbin/clamd: - type: systemd -.P -This would stop clamd, disable MPROTECT for the binary and start the daemon -again. The \fBtype\fR option values correspond to presets of status, start, stop -actions. Currently there exists only "systemd". By default the systemd unit file -would be "clamd" in this case or the basename of the path in general. -.P -PSmXEr: -.br - \- /usr/lib/polkit-1/polkitd: - type: systemd - systemd_name: polkit -.P -The \fBsystemd_name\fR option can be used to configure a differing systemd unit -name. -.P -PSmXEr: -.br - \- /usr/lib/iceweasel/iceweasel: - status: "pidof iceweasel" - start: "iceweasel &" - stop: "killall iceweasel" -.P -This would configure custom actions for \fBstatus\fR, \fBstart\fR and -\fBstop\fR. -.P -PSmXER: -.br - \- /usr/bin/ruby: - skip: true -.P -This would override a simple entry for the same flag set and path pattern and -cause it to be skipped. -.P -PSmXER: -.br - \- /usr/lib32/somebinary: - header: create -.P -This would cause paxctl to not convert the old binary header, but create a new -one. See paxctl(1) for more details. -.SH AUTHOR -henning mueller <henning@orgizm.net> -.SH SEE ALSO -\- paxctl(1) -.br -\- http://www.yaml.org diff --git a/kernels/pax-flags-libre/pax-flags-libre.rb b/kernels/pax-flags-libre/pax-flags-libre.rb deleted file mode 100755 index 72a1a2b2c..000000000 --- a/kernels/pax-flags-libre/pax-flags-libre.rb +++ /dev/null @@ -1,278 +0,0 @@ -#!/usr/bin/env ruby - -require 'getoptlong' -require 'readline' -require 'singleton' -require 'yaml' - -# Monkey-path the Array class. -class Array - # ["foo", {"foo" => 1}].cleanup => [{"foo" => 1}] - # If the key in a Hash element of an Array is also present as an element of - # the Array, delete the latter. - def cleanup - array = self.dup - self.grep(Hash).map(&:keys).flatten.each do |x| - array.delete x - end - array - end -end - -# Class handles configuration parameters. -class FlagsConfig < Hash - # This is a singleton class. - include Singleton - - # Merges a Hash or YAML file (containing a Hash) with itself. - def load config - if config.class == Hash - merge! config - return - end - - unless config.nil? - merge_yaml! config - end - end - - # Merge Config Hash with Hash in YAML file. - def merge_yaml! path - merge!(load_file path) do |key, old, new| - (old + new).uniq.cleanup if old.is_a? Array and new.is_a? Array - end - end - - # Load YAML file and work around tabs not working for identation. - def load_file path - YAML.load open(path).read.gsub(/\t/, ' ') - rescue Psych::SyntaxError => e - print path, ':', e.message.split(':').last, "\n" - exit 1 - end -end - -# A method to print a beautiful usage message. -def usage - $stderr.puts <<EOF -#{File.basename($0)} [options] [filters] - - OPTIONS - - -c, --config Override default configuration paths. Requires one - argument. Can contain globs (escape them in some shells - (zsh for example)). - -h, --help This help. - -p, --prepend Do not change anything. - -y, --yes Non-interactive mode. Assume yes on questions. - -x, --xattr Sets the PaX flags through setfattr, underlying - filesystems need xattr support. - - FILTERS - - Only change flags for paths, which contain one of these filters as a string. - -EOF - exit 1 -end - -# This iterates each config entry (which matches the filters). It yields flags, -# entry, pattern and path of the config entry to the block code. -def each_entry config, filters - config.each do |flags, entries| - entries.each do |entry| - # Distinguish easy (String) and complex (Hash) config entries. - if entry.is_a? String - pattern = entry - elsif entry.is_a? Hash - pattern = entry.keys.first - end - - # Skip this entry, if its path pattern does not contain one of the - # filters. - # TODO Do this for every matching path. - unless filters.empty? - temp_filters = filters.dup - temp_filters.keep_if do |filter| - pattern.downcase.include? filter.downcase - end - next if temp_filters.empty? - end - - # If this runs with sudo, the ~ (for the users home path) have to point to - # the user who runs it, not to root. - unless ENV['SUDO_USER'].nil? - paths = File.expand_path pattern.gsub('~', '~' + ENV['SUDO_USER']) - else - paths = File.expand_path pattern - end - - # Now yield for every matching path. - Dir.glob(paths).each do |path| - yield flags, entry, pattern, path - end - end - end -end - -# Trap SIGINT (ctrl+c) -trap(:INT) { exit 1 } - -# Define the possible options. -options = GetoptLong.new( - ['--config', '-c', GetoptLong::REQUIRED_ARGUMENT], - ['--help', '-h', GetoptLong::NO_ARGUMENT], - ['--prepend', '-p', GetoptLong::NO_ARGUMENT], - ['--xattr', '-x', GetoptLong::NO_ARGUMENT], - ['--yes', '-y', GetoptLong::NO_ARGUMENT], -) - -# Initialize option variables. -new_configs = [] -prepend = false -yes = false -xattr = false - -# Set option variables. -begin - options.each do |option, argument| - case option - when '--config' - new_configs = Dir.glob argument - when '--help' - usage - when '--prepend' - prepend = true - when '--xattr' - xattr = true - when '--yes' - yes = true - end - end -rescue GetoptLong::InvalidOption => e - usage -end - -# Whatever is left over is a filter. -filters = ARGV - -# Exit if we are not running with root privileges. -if Process.uid != 0 - $stderr << "Root privileges needed.\n" - exit 1 -end - -# Either default config paths or overridden ones. -config_paths = if new_configs.empty? - ['/etc/pax-flags-libre/*.conf', '/usr/share/pax-flags-libre/*.conf'] -else - new_configs -end - -# Initialize the singleton config object... -config = FlagsConfig.instance - -# ... and load every config file. -config_paths.each do |path| - Dir.glob(path).each do |file| - config.load file - end -end - -# Helper text for simple entries. -puts <<EOF -Some programs do not work properly without deactivating some of the PaX -features. Please close all instances of them if you want to change the -configuration for the following binaries. -EOF - -# Show every simple entry. -each_entry config, filters do |flags, entry, pattern, path| - puts ' * ' + path if File.exists? path and entry.is_a? String -end - -# Let us sum up the complex entries... -autopaths = [] -each_entry config, filters do |flags, entry, pattern, path| - if File.exists? path and entry.is_a? Hash - autopaths.push path if not (entry.nil? and entry[path]['skip']) - end -end - -# ... to decide, if we need to print them. -unless autopaths.empty? - puts <<EOF - -For the following programs there are also changes neccessary but you do not have -to close or restart instances of them manually. -EOF - - autopaths.each do |path| - puts ' * ' + path - end -end - -puts -puts 'Continue writing PaX headers? [Y/n]' - -$stdout.flush - -unless yes - a = Readline.readline.chomp.downcase - exit 1 if a.downcase != 'y' unless a.empty? -end - -# Iterate each entry to actually set the flags. -each_entry config, filters do |flags, entry, pattern, path| - if File.exists? path - e = entry[pattern] - actions = %w(status start stop) - start_again = false - - # Get action commands from entries config. - status = e['status'] - start = e['start'] - stop = e['stop'] - - # If the type attribute is set to systemd, we set the action command - # variables again but to systemd defaults. - if e['type'] == 'systemd' - name = e['systemd_name'] || File.basename(path) - actions.each do |action| - eval "#{action} = \"systemctl #{action} #{name}.service\"" - end - end - - # If the entry is complex, stop it if it is running. - if entry.is_a? Hash - if status and system(status + '> /dev/null') - system stop unless prepend - start_again = true if start - end - end - - if xattr - # setfattr seems to be picky about the order of the flags, - # rearrange it beforehand - xflags = flags[/[Pp]/] + flags[/[Ee]/] + flags[/[Mm]/] + - flags[/[Rr]/] + flags[/[Ss]/] - print xflags, ' ', path, "\n" - else - print flags, ' ', path, "\n" - end - - # Set the flags and notify the user. - unless prepend - if xattr - `setfattr -n user.pax.flags -v #{xflags} "#{path}"` - else - header = 'c' - header = 'C' if e['header'] == 'create' - `paxctl -#{header}#{flags} "#{path}"` - end - end - - # Start the complex entries service again, if it is neccessary. - system start unless prepend if start_again - end -end diff --git a/kernels/pax-flags-libre/pax-flags-libre.sh b/kernels/pax-flags-libre/pax-flags-libre.sh deleted file mode 100755 index 97b45cc87..000000000 --- a/kernels/pax-flags-libre/pax-flags-libre.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh - -ruby=$(which ruby) - -[ -z $PAX_FLAGS_SUDO ] && sudo='' || sudo='sudo' - -[ "$(paxctl -v $ruby 2>/dev/null)" ] || { - $sudo paxctl -cm $ruby -} - -$sudo systemctl --system daemon-reload - -$sudo pax-flags-libre.rb $@ diff --git a/kernels/pax-flags-libre/polkit.conf b/kernels/pax-flags-libre/polkit.conf deleted file mode 100644 index 5a97136d2..000000000 --- a/kernels/pax-flags-libre/polkit.conf +++ /dev/null @@ -1,5 +0,0 @@ -# MPROTECT and RANDMMAP off -PSmXEr: - - /usr/lib/polkit-1/polkitd: - type: systemd - systemd_name: polkit diff --git a/kernels/pax-flags-libre/qemu.conf b/kernels/pax-flags-libre/qemu.conf deleted file mode 100644 index 428d2928b..000000000 --- a/kernels/pax-flags-libre/qemu.conf +++ /dev/null @@ -1,51 +0,0 @@ -# SEGMEXEC and MPROTECT off -# (RANDEXEC is not activatable for qemu. The binaries seem to be compiled -# with PIE enabled, though.) -PsmxER: - - /usr/bin/qemu-alpha - - /usr/bin/qemu-arm - - /usr/bin/qemu-armeb - - /usr/bin/qemu-cris - - /usr/bin/qemu-i386 - - /usr/bin/qemu-m68k - - /usr/bin/qemu-microblaze - - /usr/bin/qemu-microblazeel - - /usr/bin/qemu-mips - - /usr/bin/qemu-mipsel - - /usr/bin/qemu-ppc - - /usr/bin/qemu-ppc64 - - /usr/bin/qemu-ppc64abi32 - - /usr/bin/qemu-s390x - - /usr/bin/qemu-sh4 - - /usr/bin/qemu-sh4eb - - /usr/bin/qemu-sparc - - /usr/bin/qemu-sparc32plus - - /usr/bin/qemu-sparc64 - - /usr/bin/qemu-unicore32 - - /usr/bin/qemu-x86_64 - -# MPROTECT off -PSmXER: - - /usr/bin/qemu-system-alpha - - /usr/bin/qemu-system-arm - - /usr/bin/qemu-system-cris - - /usr/bin/qemu-system-i386 - - /usr/bin/qemu-system-lm32 - - /usr/bin/qemu-system-m68k - - /usr/bin/qemu-system-microblaze - - /usr/bin/qemu-system-microblazeel - - /usr/bin/qemu-system-mips - - /usr/bin/qemu-system-mips64 - - /usr/bin/qemu-system-mips64el - - /usr/bin/qemu-system-mipsel - - /usr/bin/qemu-system-ppc - - /usr/bin/qemu-system-ppc64 - - /usr/bin/qemu-system-ppcemb - - /usr/bin/qemu-system-s390x - - /usr/bin/qemu-system-sh4 - - /usr/bin/qemu-system-sh4eb - - /usr/bin/qemu-system-sparc - - /usr/bin/qemu-system-sparc64 - - /usr/bin/qemu-system-x86_64 - - /usr/bin/qemu-system-xtensa - - /usr/bin/qemu-system-xtensaeb diff --git a/kernels/pax-flags-libre/replicant.conf b/kernels/pax-flags-libre/replicant.conf deleted file mode 100644 index a916c34b8..000000000 --- a/kernels/pax-flags-libre/replicant.conf +++ /dev/null @@ -1,8 +0,0 @@ -# MPROTECT off -PSmXER: - - /opt/replicant-sdk/tools/emulator-arm - - /opt/replicant-sdk/tools/emulator-x86 - - /opt/replicant-sdk/platform-tools/adb: - status: "pidof adb" - start: "adb start-server" - stop: "adb kill-server" diff --git a/kernels/pax-flags-libre/ruby.conf b/kernels/pax-flags-libre/ruby.conf deleted file mode 100644 index c6d976649..000000000 --- a/kernels/pax-flags-libre/ruby.conf +++ /dev/null @@ -1,8 +0,0 @@ -# MPROTECT off -PSmXER: - - ~/.rbenv/versions/?.?.?{,-p*}/bin/ruby - - ~/.rbenv/versions/?.?.?{,-p*}/lib/ruby/gems/*/gems/capybara-webkit-*/bin/webkit_server - - ~/.rvm/rubies/ruby-?.?.?{,-p*}/bin/ruby - - ~/.rvm/gems/ruby-?.?.?{,-p*}/gems/capybara-webkit-*/bin/webkit_server - - /usr/bin/rbx - - /usr/bin/ruby diff --git a/kernels/pax-flags-libre/simple.conf b/kernels/pax-flags-libre/simple.conf deleted file mode 100644 index 3039f1215..000000000 --- a/kernels/pax-flags-libre/simple.conf +++ /dev/null @@ -1,56 +0,0 @@ -# RANDMMAP off -PSMXEr: - - /usr/bin/grub-script-check - -# MPROTECT and RANDMMAP off -PSmXEr: - - /usr/bin/gnome-shell - - /usr/bin/grub-bios-setup - - /usr/lib/gcc/x86_64-unknown-linux-gnu/*/cc1plus - - /usr/lib/icedove/icedove - -# MPROTECT off -PSmXER: - - /usr/bin/blender - - /usr/bin/btsync - - /usr/bin/cabal - - /usr/bin/cheese - - /usr/bin/dolphin-emu - - /usr/bin/dosbox - - /usr/bin/epiphany - - /usr/bin/gendesk - - /usr/bin/glxdemo - - /usr/bin/glxgears - - /usr/bin/glxinfo - - /usr/bin/glxspheres - - /usr/bin/goldendict - - /usr/bin/gtk-query-immodules-* - - /usr/bin/inkscape - - /usr/bin/konstruktor - - /usr/bin/liferea - - /usr/bin/minitube - - /usr/bin/mono - - /usr/bin/mplayer - - /usr/bin/mumble - - /usr/bin/obex-data-server - - /usr/bin/python2 - - /usr/bin/rhythmbox - - /usr/bin/scheme - - /usr/bin/seahorse - - /usr/bin/spicec - - /usr/bin/systemsettings - - /usr/bin/tcc - - /usr/bin/vlc - - /usr/lib/erlang/erts-*/bin/beam - - /usr/lib/erlang/erts-*/bin/beam.smp - - /usr/lib/ghc-*/ghc - - /usr/lib/libreoffice/program/soffice.bin - - /usr/lib/webkitgtk/WebKitWebProcess - - /usr/lib/xbmc/xbmc.bin - - /usr/sbin/grub-probe - - /usr/sbin/vbetool - - /usr/bin/xiphos - -# PAGEEXEC, MPROTECT, EMUTRAMP and RANDMMAP off -pSmXer: - - /usr/bin/sbcl diff --git a/kernels/pax-flags-libre/valgrind.conf b/kernels/pax-flags-libre/valgrind.conf deleted file mode 100644 index 6d25559ae..000000000 --- a/kernels/pax-flags-libre/valgrind.conf +++ /dev/null @@ -1,25 +0,0 @@ -# MPROTECT off -PSmXER: - - /usr/bin/valgrind - - /usr/lib/valgrind/cachegrind-amd64-linux - - /usr/lib/valgrind/cachegrind-x86-linux - - /usr/lib/valgrind/callgrind-amd64-linux - - /usr/lib/valgrind/callgrind-x86-linux - - /usr/lib/valgrind/drd-amd64-linux - - /usr/lib/valgrind/drd-x86-linux - - /usr/lib/valgrind/exp-bbv-amd64-linux - - /usr/lib/valgrind/exp-bbv-x86-linux - - /usr/lib/valgrind/exp-dhat-amd64-linux - - /usr/lib/valgrind/exp-dhat-x86-linux - - /usr/lib/valgrind/exp-sgcheck-amd64-linux - - /usr/lib/valgrind/exp-sgcheck-x86-linux - - /usr/lib/valgrind/helgrind-amd64-linux - - /usr/lib/valgrind/helgrind-x86-linux - - /usr/lib/valgrind/lackey-amd64-linux - - /usr/lib/valgrind/lackey-x86-linux - - /usr/lib/valgrind/massif-amd64-linux - - /usr/lib/valgrind/massif-x86-linux - - /usr/lib/valgrind/memcheck-amd64-linux - - /usr/lib/valgrind/memcheck-x86-linux - - /usr/lib/valgrind/none-amd64-linux - - /usr/lib/valgrind/none-x86-linux diff --git a/kernels/pax-flags-libre/wine.conf b/kernels/pax-flags-libre/wine.conf deleted file mode 100644 index 77b33053d..000000000 --- a/kernels/pax-flags-libre/wine.conf +++ /dev/null @@ -1,4 +0,0 @@ -# All off :( -psmxer: - - /usr/bin/wine-preloader - - /usr/bin/wine64-preloader diff --git a/libre/paxd-libre/10-enable-pax.conf b/libre/paxd-libre/10-enable-pax.conf new file mode 100644 index 000000000..77e51d87c --- /dev/null +++ b/libre/paxd-libre/10-enable-pax.conf @@ -0,0 +1,2 @@ +# Disable PaX soft mode (set earlier by 05-grsecurity.conf) +kernel.pax.softmode = 0 diff --git a/libre/paxd-libre/PKGBUILD b/libre/paxd-libre/PKGBUILD new file mode 100644 index 000000000..924010bcf --- /dev/null +++ b/libre/paxd-libre/PKGBUILD @@ -0,0 +1,34 @@ +# Maintainer (Arch): Daniel Micay <danielmicay@gmail.com> +# Maintainer: André Silva <emulatorman@parabola.nu> +# Contributor: Gaming4JC <gaming4jc2@yahoo.com> + +_pkgname=paxd +pkgname=paxd-libre +pkgver=1.0.1 +pkgrel=1 +pkgdesc='PaX exception daemon, without nonfree software support' +arch=(i686 x86_64) +url='https://github.com/g4jc/paxd-libre/' +license=(MIT) +replaces=($_pkgname linux-pax-flags) +conflicts=($_pkgname linux-pax-flags) +provides=($_pkgname linux-pax-flags) +depends=(glibc) +makedepends=(git) +source=(git://github.com/g4jc/paxd-libre#tag=$pkgver 10-enable-pax.conf) +md5sums=('SKIP' + 'a40677d2cd39ada4c2560927c67e0ea2') +backup=(etc/paxd-libre.conf) + +build() { + cd $pkgname + make CC=gcc +} + +package() { + cd $pkgname + mkdir -p "$pkgdir/usr/lib/systemd/system/sysinit.target.wants" + make PREFIX=/usr DESTDIR="$pkgdir" install + install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE" + install -Dm644 ../10-enable-pax.conf "$pkgdir/etc/sysctl.d/10-enable-pax.conf" +} |