summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--kernels/gradm/PKGBUILD9
-rw-r--r--kernels/gradm/usr.patch115
2 files changed, 3 insertions, 121 deletions
diff --git a/kernels/gradm/PKGBUILD b/kernels/gradm/PKGBUILD
index 52e0582b7..6ca4aacd9 100644
--- a/kernels/gradm/PKGBUILD
+++ b/kernels/gradm/PKGBUILD
@@ -5,8 +5,8 @@
pkgname=gradm
pkgver=3.0
-_timestamp=201311242038
-pkgrel=2
+_timestamp=201401291757
+pkgrel=4
pkgdesc='Administrative interface for the grsecurity Role Based Access Control system'
arch=(i686 x86_64 mips64el)
url=http://grsecurity.net/
@@ -14,14 +14,12 @@ license=(GPL2)
depends=(pam)
source=(
http://grsecurity.net/stable/$pkgname-$pkgver-$_timestamp.tar.gz
- usr.patch
learn_config
policy
)
build() {
cd "$srcdir/$pkgname"
- patch -Np1 < ../usr.patch
sed -i -e 's/^CFLAGS :=/CFLAGS +=/' -e 's:sbin:usr/bin:' Makefile
make
}
@@ -33,7 +31,6 @@ package() {
rm -rf "$pkgdir/dev"
}
-sha256sums=('9d9040ef2be90b6a4db5b68ba5b7bc658cbbcdb8c71c643b8f95373e4a892e55'
- '7342323d2da3724afe745506690a1a5b194f3f0e959811ca320d820bf74c9ffa'
+sha256sums=('9c99714e6d10797a7348c6ffe2561dfcfe5e7659c9d86118d381b8bdb09ae7a6'
'ec8e824e8a29a67be76bf853814ee85e80c4063009e5693d5db8cdb45bd45813'
'61c0e84098e8386e5496dafce559558adef32e2a4a1241a9fa3bd56eab192dcd')
diff --git a/kernels/gradm/usr.patch b/kernels/gradm/usr.patch
deleted file mode 100644
index b3e5e77ab..000000000
--- a/kernels/gradm/usr.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-diff --git a/gradm_adm.c b/gradm_adm.c
-index bdcfd7d..9681b3c 100644
---- a/gradm_adm.c
-+++ b/gradm_adm.c
-@@ -72,12 +72,13 @@ add_gradm_acl(struct role_acl *role)
-
- gradm_name = gr_strdup(gradm_realpath);
- if (gr_enable && strcmp(gradm_name, GRADM_PATH)) {
-- printf("You are attempting to use a gradm binary other "
-- "than the installed version. Depending on your "
-+ printf("You are attempting to use a gradm binary (%s) other "
-+ "than the installed version (%s). Depending on your "
- "policy, you could be locking yourself out of "
- "your machine by enabling the RBAC system with "
- "this binary. Press \'y\' if you wish to ignore "
-- "this warning, or any other key to cancel.\n>");
-+ "this warning, or any other key to cancel.\n>",
-+ gradm_name, GRADM_PATH);
- if (getchar() != 'y')
- exit(EXIT_FAILURE);
- }
-@@ -259,11 +260,6 @@ static void add_fulllearn_shutdown_acl(void)
- ADD_OBJ("/dev/urandom", "r");
- ADD_OBJ("/dev/random", "r");
- ADD_OBJ("/etc", "r");
-- ADD_OBJ("/bin", "rx");
-- ADD_OBJ("/sbin", "rx");
-- ADD_OBJ("/lib", "rx");
-- ADD_OBJ("/lib32", "rx");
-- ADD_OBJ("/lib64", "rx");
- ADD_OBJ("/usr", "rx");
- ADD_OBJ("/proc", "r");
- ADD_OBJ("/boot", "h");
-@@ -276,9 +272,9 @@ static void add_fulllearn_shutdown_acl(void)
- ADD_OBJ("/proc/slabinfo", "h");
- ADD_OBJ("/proc/modules", "h");
- ADD_OBJ("/proc/kallsyms", "h");
-- ADD_OBJ("/lib/modules", "hs");
-- ADD_OBJ("/lib32/modules", "hs");
-- ADD_OBJ("/lib64/modules", "hs");
-+ ADD_OBJ("/usr/lib/modules", "hs");
-+ ADD_OBJ("/usr/lib32/modules", "hs");
-+ ADD_OBJ("/usr/lib64/modules", "hs");
- ADD_OBJ("/etc/ssh", "h");
- add_cap_acl(current_subject, "-CAP_ALL", NULL);
-
-diff --git a/gradm_analyze.c b/gradm_analyze.c
-index 74ec86f..da365a4 100644
---- a/gradm_analyze.c
-+++ b/gradm_analyze.c
-@@ -778,17 +778,17 @@ analyze_acls(void)
- errs_found++;
- }
-
-- if (!stat("/lib/modules", &fstat) && !check_permission(role, def_acl, "/lib/modules", &chk)) {
-+ if (!stat("/usr/lib/modules", &fstat) && !check_permission(role, def_acl, "/usr/lib/modules", &chk)) {
- fprintf(stderr,
-- "Writing access is allowed by role %s to /lib/modules, the directory which "
-+ "Writing access is allowed by role %s to /usr/lib/modules, the directory which "
- "holds kernel modules.\n\n",
- role->rolename);
- errs_found++;
- }
-
-- if (!stat("/lib64/modules", &fstat) && !check_permission(role, def_acl, "/lib64/modules", &chk)) {
-+ if (!stat("/usr/lib64/modules", &fstat) && !check_permission(role, def_acl, "/usr/lib64/modules", &chk)) {
- fprintf(stderr,
-- "Writing access is allowed by role %s to /lib64/modules, the directory which "
-+ "Writing access is allowed by role %s to /usr/lib64/modules, the directory which "
- "holds kernel modules.\n\n",
- role->rolename);
- errs_found++;
-diff --git a/gradm_defs.h b/gradm_defs.h
-index 961a7b9..56d6378 100644
---- a/gradm_defs.h
-+++ b/gradm_defs.h
-@@ -4,9 +4,9 @@
- #ifndef GRSEC_DIR
- #define GRSEC_DIR "/etc/grsec"
- #endif
--#define GRLEARN_PATH "/sbin/grlearn"
--#define GRADM_PATH "/sbin/gradm"
--#define GRPAM_PATH "/sbin/gradm_pam"
-+#define GRLEARN_PATH "/usr/bin/grlearn"
-+#define GRADM_PATH "/usr/bin/gradm"
-+#define GRPAM_PATH "/usr/bin/gradm_pam"
- #define GRDEV_PATH "/dev/grsec"
- #define GR_POLICY_PATH GRSEC_DIR "/policy"
- #define GR_PW_PATH GRSEC_DIR "/pw"
-diff --git a/gradm_fulllearn.c b/gradm_fulllearn.c
-index 4d10060..6ce744d 100644
---- a/gradm_fulllearn.c
-+++ b/gradm_fulllearn.c
-@@ -449,8 +449,8 @@ static const char *initial_roles_str =
- "\t/proc/slabinfo\th\n"
- "\t/proc/modules\th\n"
- "\t/proc/kallsyms\th\n"
--"\t/lib/modules\ths\n"
--"\t/lib64/modules\ths\n"
-+"\t/usr/lib/modules\ths\n"
-+"\t/usr/lib64/modules\ths\n"
- "\t/etc/ssh\th\n"
- "}\n\n"
- "role admin sA\n"
-@@ -463,10 +463,6 @@ static const char *initial_roles_str =
- "\t/dev/urandom r\n"
- "\t/dev/random r\n"
- "\t/etc r\n"
--"\t/bin rx\n"
--"\t/sbin rx\n"
--"\t/lib rx\n"
--"\t/lib64 rx\n"
- "\t/usr rx\n"
- "\t/proc r\n"
- "\t$grsec_denied\n"