diff options
Diffstat (limited to 'kernels')
-rw-r--r-- | kernels/gradm/PKGBUILD | 9 | ||||
-rw-r--r-- | kernels/gradm/usr.patch | 115 |
2 files changed, 3 insertions, 121 deletions
diff --git a/kernels/gradm/PKGBUILD b/kernels/gradm/PKGBUILD index 52e0582b7..6ca4aacd9 100644 --- a/kernels/gradm/PKGBUILD +++ b/kernels/gradm/PKGBUILD @@ -5,8 +5,8 @@ pkgname=gradm pkgver=3.0 -_timestamp=201311242038 -pkgrel=2 +_timestamp=201401291757 +pkgrel=4 pkgdesc='Administrative interface for the grsecurity Role Based Access Control system' arch=(i686 x86_64 mips64el) url=http://grsecurity.net/ @@ -14,14 +14,12 @@ license=(GPL2) depends=(pam) source=( http://grsecurity.net/stable/$pkgname-$pkgver-$_timestamp.tar.gz - usr.patch learn_config policy ) build() { cd "$srcdir/$pkgname" - patch -Np1 < ../usr.patch sed -i -e 's/^CFLAGS :=/CFLAGS +=/' -e 's:sbin:usr/bin:' Makefile make } @@ -33,7 +31,6 @@ package() { rm -rf "$pkgdir/dev" } -sha256sums=('9d9040ef2be90b6a4db5b68ba5b7bc658cbbcdb8c71c643b8f95373e4a892e55' - '7342323d2da3724afe745506690a1a5b194f3f0e959811ca320d820bf74c9ffa' +sha256sums=('9c99714e6d10797a7348c6ffe2561dfcfe5e7659c9d86118d381b8bdb09ae7a6' 'ec8e824e8a29a67be76bf853814ee85e80c4063009e5693d5db8cdb45bd45813' '61c0e84098e8386e5496dafce559558adef32e2a4a1241a9fa3bd56eab192dcd') diff --git a/kernels/gradm/usr.patch b/kernels/gradm/usr.patch deleted file mode 100644 index b3e5e77ab..000000000 --- a/kernels/gradm/usr.patch +++ /dev/null @@ -1,115 +0,0 @@ -diff --git a/gradm_adm.c b/gradm_adm.c -index bdcfd7d..9681b3c 100644 ---- a/gradm_adm.c -+++ b/gradm_adm.c -@@ -72,12 +72,13 @@ add_gradm_acl(struct role_acl *role) - - gradm_name = gr_strdup(gradm_realpath); - if (gr_enable && strcmp(gradm_name, GRADM_PATH)) { -- printf("You are attempting to use a gradm binary other " -- "than the installed version. Depending on your " -+ printf("You are attempting to use a gradm binary (%s) other " -+ "than the installed version (%s). Depending on your " - "policy, you could be locking yourself out of " - "your machine by enabling the RBAC system with " - "this binary. Press \'y\' if you wish to ignore " -- "this warning, or any other key to cancel.\n>"); -+ "this warning, or any other key to cancel.\n>", -+ gradm_name, GRADM_PATH); - if (getchar() != 'y') - exit(EXIT_FAILURE); - } -@@ -259,11 +260,6 @@ static void add_fulllearn_shutdown_acl(void) - ADD_OBJ("/dev/urandom", "r"); - ADD_OBJ("/dev/random", "r"); - ADD_OBJ("/etc", "r"); -- ADD_OBJ("/bin", "rx"); -- ADD_OBJ("/sbin", "rx"); -- ADD_OBJ("/lib", "rx"); -- ADD_OBJ("/lib32", "rx"); -- ADD_OBJ("/lib64", "rx"); - ADD_OBJ("/usr", "rx"); - ADD_OBJ("/proc", "r"); - ADD_OBJ("/boot", "h"); -@@ -276,9 +272,9 @@ static void add_fulllearn_shutdown_acl(void) - ADD_OBJ("/proc/slabinfo", "h"); - ADD_OBJ("/proc/modules", "h"); - ADD_OBJ("/proc/kallsyms", "h"); -- ADD_OBJ("/lib/modules", "hs"); -- ADD_OBJ("/lib32/modules", "hs"); -- ADD_OBJ("/lib64/modules", "hs"); -+ ADD_OBJ("/usr/lib/modules", "hs"); -+ ADD_OBJ("/usr/lib32/modules", "hs"); -+ ADD_OBJ("/usr/lib64/modules", "hs"); - ADD_OBJ("/etc/ssh", "h"); - add_cap_acl(current_subject, "-CAP_ALL", NULL); - -diff --git a/gradm_analyze.c b/gradm_analyze.c -index 74ec86f..da365a4 100644 ---- a/gradm_analyze.c -+++ b/gradm_analyze.c -@@ -778,17 +778,17 @@ analyze_acls(void) - errs_found++; - } - -- if (!stat("/lib/modules", &fstat) && !check_permission(role, def_acl, "/lib/modules", &chk)) { -+ if (!stat("/usr/lib/modules", &fstat) && !check_permission(role, def_acl, "/usr/lib/modules", &chk)) { - fprintf(stderr, -- "Writing access is allowed by role %s to /lib/modules, the directory which " -+ "Writing access is allowed by role %s to /usr/lib/modules, the directory which " - "holds kernel modules.\n\n", - role->rolename); - errs_found++; - } - -- if (!stat("/lib64/modules", &fstat) && !check_permission(role, def_acl, "/lib64/modules", &chk)) { -+ if (!stat("/usr/lib64/modules", &fstat) && !check_permission(role, def_acl, "/usr/lib64/modules", &chk)) { - fprintf(stderr, -- "Writing access is allowed by role %s to /lib64/modules, the directory which " -+ "Writing access is allowed by role %s to /usr/lib64/modules, the directory which " - "holds kernel modules.\n\n", - role->rolename); - errs_found++; -diff --git a/gradm_defs.h b/gradm_defs.h -index 961a7b9..56d6378 100644 ---- a/gradm_defs.h -+++ b/gradm_defs.h -@@ -4,9 +4,9 @@ - #ifndef GRSEC_DIR - #define GRSEC_DIR "/etc/grsec" - #endif --#define GRLEARN_PATH "/sbin/grlearn" --#define GRADM_PATH "/sbin/gradm" --#define GRPAM_PATH "/sbin/gradm_pam" -+#define GRLEARN_PATH "/usr/bin/grlearn" -+#define GRADM_PATH "/usr/bin/gradm" -+#define GRPAM_PATH "/usr/bin/gradm_pam" - #define GRDEV_PATH "/dev/grsec" - #define GR_POLICY_PATH GRSEC_DIR "/policy" - #define GR_PW_PATH GRSEC_DIR "/pw" -diff --git a/gradm_fulllearn.c b/gradm_fulllearn.c -index 4d10060..6ce744d 100644 ---- a/gradm_fulllearn.c -+++ b/gradm_fulllearn.c -@@ -449,8 +449,8 @@ static const char *initial_roles_str = - "\t/proc/slabinfo\th\n" - "\t/proc/modules\th\n" - "\t/proc/kallsyms\th\n" --"\t/lib/modules\ths\n" --"\t/lib64/modules\ths\n" -+"\t/usr/lib/modules\ths\n" -+"\t/usr/lib64/modules\ths\n" - "\t/etc/ssh\th\n" - "}\n\n" - "role admin sA\n" -@@ -463,10 +463,6 @@ static const char *initial_roles_str = - "\t/dev/urandom r\n" - "\t/dev/random r\n" - "\t/etc r\n" --"\t/bin rx\n" --"\t/sbin rx\n" --"\t/lib rx\n" --"\t/lib64 rx\n" - "\t/usr rx\n" - "\t/proc r\n" - "\t$grsec_denied\n" |