isa/citadel
1
0
Fork 0
forked from brl/citadel
Code Pull Requests Activity

add sysctl to disable some grsec features

Browse Source 
features that would prevent debootstrap from working on the host
This commit is contained in:
brl 2018-01-22 22:04:36 -05:00
parent 01e0829a91
commit 4966a01f76
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
meta-citadel-distro/recipes-core/base-files/base-files_%.bbappend
View File

@ -5,12 +5,19 @@ SRC_URI += "\
file://locale.conf \ file://locale.conf \
file://environment.sh \ file://environment.sh \
file://fstab \ file://fstab \
file://99-grsec-debootstrap.conf \
" "
do_install_append () { do_install_append () {
install -m 0755 -d ${D}/storage install -m 0755 -d ${D}/storage
install -m 0755 -d ${D}/var/lib/machines
install -m 0755 -d ${D}${sysconfdir}/profile.d install -m 0755 -d ${D}${sysconfdir}/profile.d
install -m 0644 ${WORKDIR}/locale.conf ${D}${sysconfdir}/locale.conf install -m 0644 ${WORKDIR}/locale.conf ${D}${sysconfdir}/locale.conf
install -m 0644 ${WORKDIR}/environment.sh ${D}${sysconfdir}/profile.d/environment.sh install -m 0644 ${WORKDIR}/environment.sh ${D}${sysconfdir}/profile.d/environment.sh
install -m 0644 ${WORKDIR}/fstab ${D}${sysconfdir}/fstab install -m 0644 ${WORKDIR}/fstab ${D}${sysconfdir}/fstab
# disable some pax and grsecurity features so that debootstrap will work
# this should be removed later
install -d ${D}${libdir}/sysctl.d
install -m 0644 ${WORKDIR}/99-grsec-debootstrap.conf ${D}${libdir}/sysctl.d/
} }

9
meta-citadel-distro/recipes-core/base-files/files/99-grsec-debootstrap.conf Normal file
View File

@ -0,0 +1,9 @@
# disable some pax and grsecurity features so that debootstrap will work
# this should be removed later
kernel.grsecurity.chroot_caps = 0
kernel.grsecurity.chroot_deny_chmod = 0
kernel.grsecurity.chroot_deny_mknod = 0
kernel.grsecurity.chroot_deny_mount = 0
kernel.pax.softmode = 1