Drop paxctl

Since the new toolchain the flags are not compiled into the
binaries any more which causes paxctl to fail.

On top of that, PaX and grsecurity won't be available freely
any more which requires us to remove it from the distribution.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/rootfiles/common/paxctl b/config/rootfiles/common/paxctl
deleted file mode 100644 (file)
index c9135a8..0000000
--- a/config/rootfiles/common/paxctl
+++ /dev/null
@@ -1,2 +0,0 @@
-sbin/paxctl
-#usr/share/man/man1/paxctl.1

diff --git a/lfs/clamav b/lfs/clamav
index 7ba8b8342f897880d7f7e82832b9965bd0b87f45..a20922e9dd624a5838b40ed8b4fd6dfba6e8478c 100644 (file)
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -97,10 +97,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        chown clamav:clamav /var/run/clamav
        #install initscripts
        $(call INSTALL_INITSCRIPT,clamav)
-       # Disable PaX mprotect for clamd, clamscan and freshclam
-       paxctl -cm /usr/sbin/clamd
-       paxctl -cm /usr/bin/clamscan
-       paxctl -cm /usr/bin/freshclam
 
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)

diff --git a/lfs/grub b/lfs/grub
index 5e2238eb782a4063027f11f2959980c8365b7ce2..a054b8e50b73df89a574aecd0052d0bd47286772 100644 (file)
--- a/lfs/grub
+++ b/lfs/grub
@@ -100,10 +100,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        -mkdir -pv /etc/default
        install -m 644 $(DIR_SRC)/config/grub2/default /etc/default/grub
 
-       # Disable hardening.
-       paxctl -mpes /usr/sbin/grub-bios-setup /usr/sbin/grub-probe
-       paxctl -mpexs /usr/bin/grub-script-check
-
        # We don't need to install unifont just to generate a grub2 compatible
        # font archive for the graphical boot menu. The following command only
        # converts Latin-1, Latin Extended A+B, Arrows, Box and Block characters.

diff --git a/lfs/paxctl b/lfs/paxctl
deleted file mode 100644 (file)
index 387f384..0000000
--- a/lfs/paxctl
+++ /dev/null
@@ -1,79 +0,0 @@
-###############################################################################
-#                                                                             #
-# IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2016  IPFire Team  <info@ipfire.org>                          #
-#                                                                             #
-# This program is free software: you can redistribute it and/or modify        #
-# it under the terms of the GNU General Public License as published by        #
-# the Free Software Foundation, either version 3 of the License, or           #
-# (at your option) any later version.                                         #
-#                                                                             #
-# This program is distributed in the hope that it will be useful,             #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
-# GNU General Public License for more details.                                #
-#                                                                             #
-# You should have received a copy of the GNU General Public License           #
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
-#                                                                             #
-###############################################################################
-
-###############################################################################
-# Definitions
-###############################################################################
-
-include Config
-
-VER        = 0.9
-
-THISAPP    = paxctl-$(VER)
-DL_FILE    = $(THISAPP).tar.gz
-DL_FROM    = $(URL_IPFIRE)
-DIR_APP    = $(DIR_SRC)/$(THISAPP)
-TARGET     = $(DIR_INFO)/$(THISAPP)
-
-###############################################################################
-# Top-level Rules
-###############################################################################
-
-objects = $(DL_FILE)
-
-$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-
-$(DL_FILE)_MD5 = 9bea59b1987dc4e16c2d22d745374e64
-
-install : $(TARGET)
-
-check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-
-download :$(patsubst %,$(DIR_DL)/%,$(objects))
-
-md5 : $(subst %,%_MD5,$(objects))
-
-dist: 
-       @$(PAK)
-
-###############################################################################
-# Downloading, checking, md5sum
-###############################################################################
-
-$(patsubst %,$(DIR_CHK)/%,$(objects)) :
-       @$(CHECK)
-
-$(patsubst %,$(DIR_DL)/%,$(objects)) :
-       @$(LOAD)
-
-$(subst %,%_MD5,$(objects)) :
-       @$(MD5)
-
-###############################################################################
-# Installation Details
-###############################################################################
-
-$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
-       @$(PREBUILD)
-       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP) && make $(MAKETUNING)
-       cd $(DIR_APP) && make install
-       @rm -rf $(DIR_APP)
-       @$(POSTBUILD)

diff --git a/lfs/qemu b/lfs/qemu
index 57d79a356081d710aba8586980f2d94684de4a00..4f827e837657b2c9d717be1eddc68d8dd3178959 100644 (file)
--- a/lfs/qemu
+++ b/lfs/qemu
@@ -88,13 +88,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        # install wrapper for old kvm parameter handling
        install -m 755 $(DIR_SRC)/config/qemu/qemu /usr/bin/qemu
 
-       # disable PaX MPROTECT and RANDMMAP
-       paxctl -m -r /usr/bin/qemu-system-arm
-       paxctl -m -r /usr/bin/qemu-system-i386
-       paxctl -m -r /usr/bin/qemu-system-x86_64
-       paxctl -m -r /usr/bin/qemu-arm
-       paxctl -m -r /usr/bin/qemu-i386
-       paxctl -m -r /usr/bin/qemu-x86_64
        # install an udev script to set the permissions of /dev/kvm
        cp -avf $(DIR_SRC)/config/qemu/65-kvm.rules /lib/udev/rules.d/65-kvm.rules
 

diff --git a/make.sh b/make.sh
index a5ebe0dd98a33ce9acdb233133ef4eb369ebb96f..5ed4faa537d9b62757c977037e7865137c68a408 100755 (executable)
--- a/make.sh
+++ b/make.sh
@@ -389,7 +389,6 @@ buildbase() {
     lfsmake2 udev
     lfsmake2 vim
     lfsmake2 xz
-    lfsmake2 paxctl
 }
 
 buildipfire() {