diff options
| author | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-05-26 12:57:54 -0300 |
|---|---|---|
| committer | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-05-26 12:57:54 -0300 |
| commit | 9c76e361e991b9281e07f94863fd5058561a38ea (patch) | |
| tree | 15e5cf8b915198439359b80ff746dd31a842e520 /libre/linux-libre-grsec | |
| parent | 2bb95a60b721de207bc2d5db4eb2905aa93f1bc0 (diff) | |
linux-libre-grsec-3.14.4.201405252047-1: updating version
* add optional dependencies on gradm and paxd
* enable rwxmap_logging by default (this logging feature never has any false positives. it indicates that PAX_MPROTECT denied an `mprotect` call.)
* update the sysctl configuration file to mention paxd
Diffstat (limited to 'libre/linux-libre-grsec')
| -rw-r--r-- | libre/linux-libre-grsec/PKGBUILD | 10 | ||||
| -rw-r--r-- | libre/linux-libre-grsec/sysctl.conf | 14 |
2 files changed, 14 insertions, 10 deletions
diff --git a/libre/linux-libre-grsec/PKGBUILD b/libre/linux-libre-grsec/PKGBUILD index 6f7e20edf..38427a6a5 100644 --- a/libre/linux-libre-grsec/PKGBUILD +++ b/libre/linux-libre-grsec/PKGBUILD @@ -14,7 +14,7 @@ pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel _basekernel=3.14 _sublevel=4 _grsecver=3.0 -_timestamp=201405141623 +_timestamp=201405252047 _pkgver=${_basekernel}.${_sublevel} pkgver=${_basekernel}.${_sublevel}.${_timestamp} pkgrel=1 @@ -51,7 +51,7 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") sha256sums=('477555c709b9407fe37dbd70d3331ff9dde1f9d874aba2741f138d07ae6f281b' '01de5e15a2081197859e617c441de5cac9ddf60bed6fcf4dcff7a54e210e7815' - 'e41e5dea54db4311655ccc68b371ac15dcc48f8767ca0a02150af70e831d2e4d' + 'dceb3a6aeb9ba71e68835e37d2add6c6d4c60f6e253b4bd9c20b6a8e82ec0a96' 'SKIP' '0b6dbdf4d1677a39b9a0d55e8d7c66fe644fa77d769e3b673064181222b17467' '8207a533f4fbad05ad26061f924957a7a92436d44a5dd7ca10e61d730c5e0ef9' @@ -71,7 +71,7 @@ sha256sums=('477555c709b9407fe37dbd70d3331ff9dde1f9d874aba2741f138d07ae6f281b' '79359454c9d8446eb55add2b1cdbf8332bd67dafb01fefb5b1ca090225f64d18' 'f2a5e22c1ba6e9b8a32a7bd4a5327ee95538aa10edcee3cd12578f8ff49bf6be' '384dd13fd4248fd6809da8c6ae29ced55d4a5cacc33ac2ae7522093ec0fb26d4' - 'a37823f0cdf3f318ec3f486f6e4035a7a8f887522d3a563d4dfe155f143ba24f' + '19e59be36d3649fa72f93dc2a942df711935e7cb695632c4818f983363806eca' '3cd53473e049a4809d9dde8ebef73307ce87076d707f3fd5c100844d4a9e8255') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. @@ -214,7 +214,9 @@ _package() { pkgdesc="The ${pkgbase^} kernel and modules with grsecurity/PaX patches" [ "${pkgbase}" = "linux-libre" ] && groups=('base') depends=('coreutils' 'linux-libre-firmware' 'kmod') - optdepends=('crda: to set the correct wireless channels of your country') + optdepends=('crda: to set the correct wireless channels of your country' + 'gradm: to configure and enable Role Based Access Control (RBAC)' + 'paxd: to enable PaX exploit mitigations and apply exceptions automatically') provides=("kernel26${_kernelname}=${pkgver}" "linux${_kernelname}=${pkgver}") conflicts=("kernel26${_kernelname}" "kernel26-libre${_kernelname}" "linux${_kernelname}") replaces=("kernel26${_kernelname}" "kernel26-libre${_kernelname}" "linux${_kernelname}") diff --git a/libre/linux-libre-grsec/sysctl.conf b/libre/linux-libre-grsec/sysctl.conf index a1af2c48e..bef8e350d 100644 --- a/libre/linux-libre-grsec/sysctl.conf +++ b/libre/linux-libre-grsec/sysctl.conf @@ -1,11 +1,13 @@ -# All features in the kernel.grsecurity namespace are disabled by default. +# All features in the kernel.grsecurity namespace are disabled by default in +# the kernel and must be enabled here. # -# Disable PaX enforcement by default, due to lacking integration with packages. +# Disable PaX enforcement by default. # -# This is considered a major flaw in this package and will be corrected in the -# future. Many binaries need to be flagged as requiring an exception from the -# PaX rules. +# The `paxd` package sets softmode back to 0 in a configuration file loaded +# after this one. It automatically handles setting exceptions from the PaX +# exploit mitigations after Pacman operations. Altering the setting here rather +# than using `paxd` is not recommended. # kernel.pax.softmode = 1 @@ -77,7 +79,7 @@ kernel.grsecurity.audit_gid = 201 #kernel.grsecurity.signal_logging = 1 #kernel.grsecurity.forkfail_logging = 1 #kernel.grsecurity.timechange_logging = 1 -#kernel.grsecurity.rwxmap_logging = 1 +kernel.grsecurity.rwxmap_logging = 1 # # Executable protections |