summaryrefslogtreecommitdiff
path: root/libre/linux-libre-grsec
diff options
context:
space:
mode:
authorLuke Shumaker <LukeShu@sbcglobal.net>2014-05-27 17:24:17 -0400
committerLuke Shumaker <LukeShu@sbcglobal.net>2014-05-27 17:24:17 -0400
commitffd63534f7349a8bf48e34eb734fbfa017cec2bb (patch)
tree700b868c76c4a1f2a0a614658e376ed21da94c0c /libre/linux-libre-grsec
parentcb48db3153ace8969e61946774dea0ec805bc231 (diff)
parent54bc28a3f089c40cd079112766ba3a750283b601 (diff)
Merge branch 'master' of git://projects.parabolagnulinux.org/abslibre
Diffstat (limited to 'libre/linux-libre-grsec')
-rw-r--r--libre/linux-libre-grsec/PKGBUILD10
-rw-r--r--libre/linux-libre-grsec/sysctl.conf14
2 files changed, 14 insertions, 10 deletions
diff --git a/libre/linux-libre-grsec/PKGBUILD b/libre/linux-libre-grsec/PKGBUILD
index 6f7e20edf..9b2fa2e12 100644
--- a/libre/linux-libre-grsec/PKGBUILD
+++ b/libre/linux-libre-grsec/PKGBUILD
@@ -14,7 +14,7 @@ pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel
_basekernel=3.14
_sublevel=4
_grsecver=3.0
-_timestamp=201405141623
+_timestamp=201405252047
_pkgver=${_basekernel}.${_sublevel}
pkgver=${_basekernel}.${_sublevel}.${_timestamp}
pkgrel=1
@@ -51,7 +51,7 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
"http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz")
sha256sums=('477555c709b9407fe37dbd70d3331ff9dde1f9d874aba2741f138d07ae6f281b'
'01de5e15a2081197859e617c441de5cac9ddf60bed6fcf4dcff7a54e210e7815'
- 'e41e5dea54db4311655ccc68b371ac15dcc48f8767ca0a02150af70e831d2e4d'
+ 'dceb3a6aeb9ba71e68835e37d2add6c6d4c60f6e253b4bd9c20b6a8e82ec0a96'
'SKIP'
'0b6dbdf4d1677a39b9a0d55e8d7c66fe644fa77d769e3b673064181222b17467'
'8207a533f4fbad05ad26061f924957a7a92436d44a5dd7ca10e61d730c5e0ef9'
@@ -71,7 +71,7 @@ sha256sums=('477555c709b9407fe37dbd70d3331ff9dde1f9d874aba2741f138d07ae6f281b'
'79359454c9d8446eb55add2b1cdbf8332bd67dafb01fefb5b1ca090225f64d18'
'f2a5e22c1ba6e9b8a32a7bd4a5327ee95538aa10edcee3cd12578f8ff49bf6be'
'384dd13fd4248fd6809da8c6ae29ced55d4a5cacc33ac2ae7522093ec0fb26d4'
- 'a37823f0cdf3f318ec3f486f6e4035a7a8f887522d3a563d4dfe155f143ba24f'
+ 'e734ac2a6e865b70dbe1e55ce55a5bd1b1e0cedea903c6341b9cfbabe420c763'
'3cd53473e049a4809d9dde8ebef73307ce87076d707f3fd5c100844d4a9e8255')
if [ "$CARCH" != "mips64el" ]; then
# don't use the Loongson-specific patches on non-mips64el arches.
@@ -214,7 +214,9 @@ _package() {
pkgdesc="The ${pkgbase^} kernel and modules with grsecurity/PaX patches"
[ "${pkgbase}" = "linux-libre" ] && groups=('base')
depends=('coreutils' 'linux-libre-firmware' 'kmod')
- optdepends=('crda: to set the correct wireless channels of your country')
+ optdepends=('crda: to set the correct wireless channels of your country'
+ 'gradm: to configure and enable Role Based Access Control (RBAC)'
+ 'paxd: to enable PaX exploit mitigations and apply exceptions automatically')
provides=("kernel26${_kernelname}=${pkgver}" "linux${_kernelname}=${pkgver}")
conflicts=("kernel26${_kernelname}" "kernel26-libre${_kernelname}" "linux${_kernelname}")
replaces=("kernel26${_kernelname}" "kernel26-libre${_kernelname}" "linux${_kernelname}")
diff --git a/libre/linux-libre-grsec/sysctl.conf b/libre/linux-libre-grsec/sysctl.conf
index a1af2c48e..bef8e350d 100644
--- a/libre/linux-libre-grsec/sysctl.conf
+++ b/libre/linux-libre-grsec/sysctl.conf
@@ -1,11 +1,13 @@
-# All features in the kernel.grsecurity namespace are disabled by default.
+# All features in the kernel.grsecurity namespace are disabled by default in
+# the kernel and must be enabled here.
#
-# Disable PaX enforcement by default, due to lacking integration with packages.
+# Disable PaX enforcement by default.
#
-# This is considered a major flaw in this package and will be corrected in the
-# future. Many binaries need to be flagged as requiring an exception from the
-# PaX rules.
+# The `paxd` package sets softmode back to 0 in a configuration file loaded
+# after this one. It automatically handles setting exceptions from the PaX
+# exploit mitigations after Pacman operations. Altering the setting here rather
+# than using `paxd` is not recommended.
#
kernel.pax.softmode = 1
@@ -77,7 +79,7 @@ kernel.grsecurity.audit_gid = 201
#kernel.grsecurity.signal_logging = 1
#kernel.grsecurity.forkfail_logging = 1
#kernel.grsecurity.timechange_logging = 1
-#kernel.grsecurity.rwxmap_logging = 1
+kernel.grsecurity.rwxmap_logging = 1
#
# Executable protections