add sysctl to disable some grsec features

features that would prevent debootstrap from working on the host
This commit is contained in:
brl 2018-01-22 22:04:36 -05:00
parent 01e0829a91
commit 4966a01f76
2 changed files with 16 additions and 0 deletions

View File

@ -5,12 +5,19 @@ SRC_URI += "\
file://locale.conf \
file://environment.sh \
file://fstab \
file://99-grsec-debootstrap.conf \
"
do_install_append () {
install -m 0755 -d ${D}/storage
install -m 0755 -d ${D}/var/lib/machines
install -m 0755 -d ${D}${sysconfdir}/profile.d
install -m 0644 ${WORKDIR}/locale.conf ${D}${sysconfdir}/locale.conf
install -m 0644 ${WORKDIR}/environment.sh ${D}${sysconfdir}/profile.d/environment.sh
install -m 0644 ${WORKDIR}/fstab ${D}${sysconfdir}/fstab
# disable some pax and grsecurity features so that debootstrap will work
# this should be removed later
install -d ${D}${libdir}/sysctl.d
install -m 0644 ${WORKDIR}/99-grsec-debootstrap.conf ${D}${libdir}/sysctl.d/
}

View File

@ -0,0 +1,9 @@
# disable some pax and grsecurity features so that debootstrap will work
# this should be removed later
kernel.grsecurity.chroot_caps = 0
kernel.grsecurity.chroot_deny_chmod = 0
kernel.grsecurity.chroot_deny_mknod = 0
kernel.grsecurity.chroot_deny_mount = 0
kernel.pax.softmode = 1