From 912e193d858ae436ba4c1546487b5d8d36266f7a Mon Sep 17 00:00:00 2001 From: Bruce Leidl Date: Sat, 6 Apr 2019 16:05:30 -0400 Subject: [PATCH] remove grsec sysctl config --- .../citadel-config/citadel-config.bb | 5 ----- .../files/sysctl/99-grsec-debootstrap.conf | 14 -------------- 2 files changed, 19 deletions(-) delete mode 100644 meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf diff --git a/meta-citadel/recipes-citadel/citadel-config/citadel-config.bb b/meta-citadel/recipes-citadel/citadel-config/citadel-config.bb index 8b2dfb6..c20a369 100644 --- a/meta-citadel/recipes-citadel/citadel-config/citadel-config.bb +++ b/meta-citadel/recipes-citadel/citadel-config/citadel-config.bb @@ -19,7 +19,6 @@ MODPROBE_CONFIG = "\ " SYSCTL_CONFIG = "\ - file://sysctl/99-grsec-debootstrap.conf \ file://sysctl/90-citadel-sysctl.conf \ " @@ -108,10 +107,6 @@ do_install() { install -m 644 -T ${WORKDIR}/skel/bashrc ${D}${sysconfdir}/skel/.bashrc install -m 644 -T ${WORKDIR}/skel/vimrc ${D}${sysconfdir}/skel/.vimrc - # disable some pax and grsecurity features so that debootstrap will work - # this should be removed later - install -m 0644 ${WORKDIR}/sysctl/99-grsec-debootstrap.conf ${D}${libdir}/sysctl.d/ - install -m 0644 ${WORKDIR}/sysctl/90-citadel-sysctl.conf ${D}${libdir}/sysctl.d/ install -m 0644 ${WORKDIR}/udev/citadel-network.rules ${D}${sysconfdir}/udev/rules.d/ diff --git a/meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf b/meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf deleted file mode 100644 index 815a0fb..0000000 --- a/meta-citadel/recipes-citadel/citadel-config/files/sysctl/99-grsec-debootstrap.conf +++ /dev/null @@ -1,14 +0,0 @@ - -# disable some pax and grsecurity features so that debootstrap will work -# this should be removed later - -kernel.grsecurity.chroot_caps = 0 -kernel.grsecurity.chroot_deny_chmod = 0 -kernel.grsecurity.chroot_deny_mknod = 0 -kernel.grsecurity.chroot_deny_mount = 0 -kernel.grsecurity.chroot_deny_pivot = 0 - -# Chrome/Chromium sandbox won't work without this -kernel.grsecurity.chroot_deny_fchdir = 0 - -kernel.pax.softmode = 1