From 09fb1694152969176efded88cee4e09407249d5f Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 18 Mar 2013 23:18:21 +0100
Subject: [PATCH] grub: Installation fails because of hardening.

Disable hardening for some GRUB binaries, which get killed
by grsec when executed.
---
 grub/grub.nm | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/grub/grub.nm b/grub/grub.nm
index e8fb98538..59893e2bc 100644
--- a/grub/grub.nm
+++ b/grub/grub.nm
@@ -5,7 +5,7 @@
 
 name       = grub
 version    = 2.00
-release    = 3
+release    = 4
 sup_arches = x86_64 i686
 
 groups     = System/Boot
@@ -39,6 +39,7 @@ build
 		gettext
 		libdevmapper-devel
 		ncurses-devel
+		paxctl
 		zlib-devel
 		%{unifont}
 	end
@@ -91,6 +92,11 @@ build
 		%{BUILDROOT}%{bindir}/grub-mkfont -o DejaVuSans-Bold-14.pf2 \
 			-s 14 %{datadir}/fonts/dejavu/DejaVuSans-Bold.ttf
 		popd
+
+		# Disable hardening.
+		paxctl -mpes \
+			%{BUILDROOT}%{sbindir}/grub-bios-setup \
+			%{BUILDROOT}%{sbindir}/grub-probe
 	end
 
 	debuginfo_strict_build_id = false
@@ -98,7 +104,7 @@ end
 
 quality-agent
 	whitelist_nx
-		/usr/bin/*|/usr/sbin/*
+		%{bindir}/*|%{sbindir}/*
 	end
 end
 
-- 
2.47.3