]> git.ipfire.org Git - ipfire-3.x.git/commitdiff
projects / ipfire-3.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 07fddc5)
grub: Installation fails because of hardening.
authorMichael Tremer <michael.tremer@ipfire.org>
Mon, 18 Mar 2013 22:18:21 +0000 (23:18 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 18 Mar 2013 22:18:21 +0000 (23:18 +0100)
Disable hardening for some GRUB binaries, which get killed
by grsec when executed.

grub/grub.nm patch | blob | blame | history

diff --git a/grub/grub.nm b/grub/grub.nm
index e8fb98538d99b63c4135e551aaa7a63986951a53..59893e2bcc3bcf27e1c2b26b316465395950caf5 100644 (file)
--- a/grub/grub.nm
+++ b/grub/grub.nm
@@ -5,7 +5,7 @@
 
 name       = grub
 version    = 2.00
-release    = 3
+release    = 4
 sup_arches = x86_64 i686
 
 groups     = System/Boot
@@ -39,6 +39,7 @@ build
                gettext
                libdevmapper-devel
                ncurses-devel
+               paxctl
                zlib-devel
                %{unifont}
        end
@@ -91,6 +92,11 @@ build
                %{BUILDROOT}%{bindir}/grub-mkfont -o DejaVuSans-Bold-14.pf2 \
                        -s 14 %{datadir}/fonts/dejavu/DejaVuSans-Bold.ttf
                popd
+
+               # Disable hardening.
+               paxctl -mpes \
+                       %{BUILDROOT}%{sbindir}/grub-bios-setup \
+                       %{BUILDROOT}%{sbindir}/grub-probe
        end
 
        debuginfo_strict_build_id = false
@@ -98,7 +104,7 @@ end
 
 quality-agent
        whitelist_nx
-               /usr/bin/*|/usr/sbin/*
+               %{bindir}/*|%{sbindir}/*
        end
 end
 
IPFire 3.x development tree