From 7ff393f282dfb40020814b2b11ee186403f9c1ce Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Sun, 23 Dec 2012 12:16:04 -0200 Subject: linux-libre-grsec-3.7.1-4: updating version --- .../linux-libre-grsec/linux-libre-grsec.install | 39 +++++++++++++++------- 1 file changed, 27 insertions(+), 12 deletions(-) (limited to 'kernels/linux-libre-grsec/linux-libre-grsec.install') diff --git a/kernels/linux-libre-grsec/linux-libre-grsec.install b/kernels/linux-libre-grsec/linux-libre-grsec.install index 640b32e25..a833e9134 100755 --- a/kernels/linux-libre-grsec/linux-libre-grsec.install +++ b/kernels/linux-libre-grsec/linux-libre-grsec.install @@ -2,7 +2,7 @@ # arg 2: the old package version KERNEL_NAME=-grsec -KERNEL_VERSION=3.6.9-3-LIBRE-GRSEC +KERNEL_VERSION=3.7.1-4-LIBRE-GRSEC _fix_permissions() { /usr/bin/paxutils @@ -12,17 +12,28 @@ _fix_permissions() { echo binaries by running "paxutils". } -_add_trusted_group() { - if ! getent group grsec-trusted >/dev/null; then - groupadd -g 9999 -r grsec-trusted - useradd -g 9999 -r grsec-trusted +_add_proc_group() { + if ! getent group proc-trusted >/dev/null; then + groupadd -g 9998 -r proc-trusted + useradd -g 9998 -r proc-trusted + fi +} + +_add_tpe_group() { + if getent group grsec-trusted >/dev/null; then + groupmod -n tpe-trusted grsec-trusted + fi + + if ! getent group tpe-trusted >/dev/null; then + groupadd -g 9999 -r tpe-trusted + useradd -g 9999 -r tpe-trusted fi } _help() { echo - echo For group grsec-trusted, Trusted Path Execution is disabled and - echo information about all processes from /proc is visible. Think carefully + echo For group tpe-trusted, Trusted Path Execution is disabled. For group + echo proc-trusted, the access to /proc is not restricted. Think carefully echo before adding a normal user to this group. echo echo This is controllable with the sysctl options \"kernel.grsecurity.tpe*\". @@ -56,7 +67,8 @@ post_install () { fi fi - _add_trusted_group + _add_proc_group + _add_tpe_group _fix_permissions _help @@ -93,7 +105,8 @@ post_upgrade() { mkinitcpio -p linux-libre${KERNEL_NAME} fi - _add_trusted_group + _add_proc_group + _add_tpe_group _fix_permissions _help @@ -104,7 +117,9 @@ post_remove() { rm -f boot/{initramfs-linux-libre,kernel26}${KERNEL_NAME}.img rm -f boot/{initramfs-linux-libre,kernel26}${KERNEL_NAME}-fallback.img - if getent group grsec-trusted >/dev/null; then - groupdel grsec-trusted - fi + for group in grsec-trusted proc-trusted tpe-trusted; do + if getent group $group >/dev/null; then + groupdel $group + fi + done } -- cgit v1.2.3-54-g00ecf