forked from brl/citadel
remove grsec sysctl config
This commit is contained in:
parent
8d23eea6f4
commit
912e193d85
@ -19,7 +19,6 @@ MODPROBE_CONFIG = "\
|
||||
"
|
||||
|
||||
SYSCTL_CONFIG = "\
|
||||
file://sysctl/99-grsec-debootstrap.conf \
|
||||
file://sysctl/90-citadel-sysctl.conf \
|
||||
"
|
||||
|
||||
@ -108,10 +107,6 @@ do_install() {
|
||||
install -m 644 -T ${WORKDIR}/skel/bashrc ${D}${sysconfdir}/skel/.bashrc
|
||||
install -m 644 -T ${WORKDIR}/skel/vimrc ${D}${sysconfdir}/skel/.vimrc
|
||||
|
||||
# disable some pax and grsecurity features so that debootstrap will work
|
||||
# this should be removed later
|
||||
install -m 0644 ${WORKDIR}/sysctl/99-grsec-debootstrap.conf ${D}${libdir}/sysctl.d/
|
||||
|
||||
install -m 0644 ${WORKDIR}/sysctl/90-citadel-sysctl.conf ${D}${libdir}/sysctl.d/
|
||||
|
||||
install -m 0644 ${WORKDIR}/udev/citadel-network.rules ${D}${sysconfdir}/udev/rules.d/
|
||||
|
@ -1,14 +0,0 @@
|
||||
|
||||
# disable some pax and grsecurity features so that debootstrap will work
|
||||
# this should be removed later
|
||||
|
||||
kernel.grsecurity.chroot_caps = 0
|
||||
kernel.grsecurity.chroot_deny_chmod = 0
|
||||
kernel.grsecurity.chroot_deny_mknod = 0
|
||||
kernel.grsecurity.chroot_deny_mount = 0
|
||||
kernel.grsecurity.chroot_deny_pivot = 0
|
||||
|
||||
# Chrome/Chromium sandbox won't work without this
|
||||
kernel.grsecurity.chroot_deny_fchdir = 0
|
||||
|
||||
kernel.pax.softmode = 1
|
Loading…
Reference in New Issue
Block a user