diff options
Diffstat (limited to 'kernels/linux-libre-grsec/linux-libre-grsec.install')
-rwxr-xr-x | kernels/linux-libre-grsec/linux-libre-grsec.install | 39 |
1 files changed, 27 insertions, 12 deletions
diff --git a/kernels/linux-libre-grsec/linux-libre-grsec.install b/kernels/linux-libre-grsec/linux-libre-grsec.install index 640b32e25..a833e9134 100755 --- a/kernels/linux-libre-grsec/linux-libre-grsec.install +++ b/kernels/linux-libre-grsec/linux-libre-grsec.install @@ -2,7 +2,7 @@ # arg 2: the old package version KERNEL_NAME=-grsec -KERNEL_VERSION=3.6.9-3-LIBRE-GRSEC +KERNEL_VERSION=3.7.1-4-LIBRE-GRSEC _fix_permissions() { /usr/bin/paxutils @@ -12,17 +12,28 @@ _fix_permissions() { echo binaries by running "paxutils". } -_add_trusted_group() { - if ! getent group grsec-trusted >/dev/null; then - groupadd -g 9999 -r grsec-trusted - useradd -g 9999 -r grsec-trusted +_add_proc_group() { + if ! getent group proc-trusted >/dev/null; then + groupadd -g 9998 -r proc-trusted + useradd -g 9998 -r proc-trusted + fi +} + +_add_tpe_group() { + if getent group grsec-trusted >/dev/null; then + groupmod -n tpe-trusted grsec-trusted + fi + + if ! getent group tpe-trusted >/dev/null; then + groupadd -g 9999 -r tpe-trusted + useradd -g 9999 -r tpe-trusted fi } _help() { echo - echo For group grsec-trusted, Trusted Path Execution is disabled and - echo information about all processes from /proc is visible. Think carefully + echo For group tpe-trusted, Trusted Path Execution is disabled. For group + echo proc-trusted, the access to /proc is not restricted. Think carefully echo before adding a normal user to this group. echo echo This is controllable with the sysctl options \"kernel.grsecurity.tpe*\". @@ -56,7 +67,8 @@ post_install () { fi fi - _add_trusted_group + _add_proc_group + _add_tpe_group _fix_permissions _help @@ -93,7 +105,8 @@ post_upgrade() { mkinitcpio -p linux-libre${KERNEL_NAME} fi - _add_trusted_group + _add_proc_group + _add_tpe_group _fix_permissions _help @@ -104,7 +117,9 @@ post_remove() { rm -f boot/{initramfs-linux-libre,kernel26}${KERNEL_NAME}.img rm -f boot/{initramfs-linux-libre,kernel26}${KERNEL_NAME}-fallback.img - if getent group grsec-trusted >/dev/null; then - groupdel grsec-trusted - fi + for group in grsec-trusted proc-trusted tpe-trusted; do + if getent group $group >/dev/null; then + groupdel $group + fi + done } |