summaryrefslogtreecommitdiff
path: root/kernels/linux-libre-grsec/linux-libre-grsec.install
diff options
context:
space:
mode:
Diffstat (limited to 'kernels/linux-libre-grsec/linux-libre-grsec.install')
-rwxr-xr-xkernels/linux-libre-grsec/linux-libre-grsec.install39
1 files changed, 27 insertions, 12 deletions
diff --git a/kernels/linux-libre-grsec/linux-libre-grsec.install b/kernels/linux-libre-grsec/linux-libre-grsec.install
index 640b32e25..a833e9134 100755
--- a/kernels/linux-libre-grsec/linux-libre-grsec.install
+++ b/kernels/linux-libre-grsec/linux-libre-grsec.install
@@ -2,7 +2,7 @@
# arg 2: the old package version
KERNEL_NAME=-grsec
-KERNEL_VERSION=3.6.9-3-LIBRE-GRSEC
+KERNEL_VERSION=3.7.1-4-LIBRE-GRSEC
_fix_permissions() {
/usr/bin/paxutils
@@ -12,17 +12,28 @@ _fix_permissions() {
echo binaries by running "paxutils".
}
-_add_trusted_group() {
- if ! getent group grsec-trusted >/dev/null; then
- groupadd -g 9999 -r grsec-trusted
- useradd -g 9999 -r grsec-trusted
+_add_proc_group() {
+ if ! getent group proc-trusted >/dev/null; then
+ groupadd -g 9998 -r proc-trusted
+ useradd -g 9998 -r proc-trusted
+ fi
+}
+
+_add_tpe_group() {
+ if getent group grsec-trusted >/dev/null; then
+ groupmod -n tpe-trusted grsec-trusted
+ fi
+
+ if ! getent group tpe-trusted >/dev/null; then
+ groupadd -g 9999 -r tpe-trusted
+ useradd -g 9999 -r tpe-trusted
fi
}
_help() {
echo
- echo For group grsec-trusted, Trusted Path Execution is disabled and
- echo information about all processes from /proc is visible. Think carefully
+ echo For group tpe-trusted, Trusted Path Execution is disabled. For group
+ echo proc-trusted, the access to /proc is not restricted. Think carefully
echo before adding a normal user to this group.
echo
echo This is controllable with the sysctl options \"kernel.grsecurity.tpe*\".
@@ -56,7 +67,8 @@ post_install () {
fi
fi
- _add_trusted_group
+ _add_proc_group
+ _add_tpe_group
_fix_permissions
_help
@@ -93,7 +105,8 @@ post_upgrade() {
mkinitcpio -p linux-libre${KERNEL_NAME}
fi
- _add_trusted_group
+ _add_proc_group
+ _add_tpe_group
_fix_permissions
_help
@@ -104,7 +117,9 @@ post_remove() {
rm -f boot/{initramfs-linux-libre,kernel26}${KERNEL_NAME}.img
rm -f boot/{initramfs-linux-libre,kernel26}${KERNEL_NAME}-fallback.img
- if getent group grsec-trusted >/dev/null; then
- groupdel grsec-trusted
- fi
+ for group in grsec-trusted proc-trusted tpe-trusted; do
+ if getent group $group >/dev/null; then
+ groupdel $group
+ fi
+ done
}