]> git.ipfire.org Git - ipfire-3.x.git/commitdiff
projects / ipfire-3.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8e74d20)
kernel: Change /proc group to gid 10 (=wheel).
authorMichael Tremer <michael.tremer@ipfire.org>
Sat, 11 Jun 2011 17:12:31 +0000 (19:12 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Sat, 11 Jun 2011 17:12:31 +0000 (19:12 +0200)
grsecurity provides a feature to restrict access to /proc. In our
particular setting, nobody than root is allow to access all of the
/proc fs, but as we need some processes to get access to it as well
(snmpd, radvd, ...) we need a group to allow that.

I have choosen "wheel" as it is recommended by spengler.

pkgs/kernel/config patch | blob | blame | history
pkgs/kernel/kernel.nm patch | blob | blame | history

diff --git a/pkgs/kernel/config b/pkgs/kernel/config
index fd7aad462427535b51328ca4852b1fbeeeb05c4a..9070effef0570ec26277603527a587642b771b07 100644 (file)
--- a/pkgs/kernel/config
+++ b/pkgs/kernel/config
@@ -4086,7 +4086,7 @@ CONFIG_GRKERNSEC_ACL_TIMEOUT=30
 CONFIG_GRKERNSEC_PROC=y
 # CONFIG_GRKERNSEC_PROC_USER is not set
 CONFIG_GRKERNSEC_PROC_USERGROUP=y
-CONFIG_GRKERNSEC_PROC_GID=1001
+CONFIG_GRKERNSEC_PROC_GID=10
 CONFIG_GRKERNSEC_PROC_ADD=y
 CONFIG_GRKERNSEC_LINK=y
 CONFIG_GRKERNSEC_FIFO=y
diff --git a/pkgs/kernel/kernel.nm b/pkgs/kernel/kernel.nm
index f78e178fe45989aee1020f812c669247061bd8b4..4f637c73aaaa77efcb57bb85635cf0b945a90974 100644 (file)
--- a/pkgs/kernel/kernel.nm
+++ b/pkgs/kernel/kernel.nm
@@ -26,7 +26,7 @@ include $(PKGROOT)/Include
 
 PKG_NAME       = linux
 PKG_VER        = 2.6.39
-PKG_REL        = 1
+PKG_REL        = 2
 
 PKG_MAINTAINER = Michael Tremer <michael.tremer@ipfire.org>
 PKG_GROUPS     = System/Kernels
IPFire 3.x development tree