From ae666b0c234f9204b864292e044a0c8d182e58d2 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 27 Apr 2017 11:10:03 +0100 Subject: [PATCH] Drop paxctl Since the new toolchain the flags are not compiled into the binaries any more which causes paxctl to fail. On top of that, PaX and grsecurity won't be available freely any more which requires us to remove it from the distribution. Signed-off-by: Michael Tremer --- config/rootfiles/common/paxctl | 2 - lfs/clamav | 4 -- lfs/grub | 4 -- lfs/paxctl | 79 ---------------------------------- lfs/qemu | 7 --- make.sh | 1 - 6 files changed, 97 deletions(-) delete mode 100644 config/rootfiles/common/paxctl delete mode 100644 lfs/paxctl diff --git a/config/rootfiles/common/paxctl b/config/rootfiles/common/paxctl deleted file mode 100644 index c9135a865..000000000 --- a/config/rootfiles/common/paxctl +++ /dev/null @@ -1,2 +0,0 @@ -sbin/paxctl -#usr/share/man/man1/paxctl.1 diff --git a/lfs/clamav b/lfs/clamav index 7ba8b8342..a20922e9d 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -97,10 +97,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) chown clamav:clamav /var/run/clamav #install initscripts $(call INSTALL_INITSCRIPT,clamav) - # Disable PaX mprotect for clamd, clamscan and freshclam - paxctl -cm /usr/sbin/clamd - paxctl -cm /usr/bin/clamscan - paxctl -cm /usr/bin/freshclam @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/grub b/lfs/grub index 5e2238eb7..a054b8e50 100644 --- a/lfs/grub +++ b/lfs/grub @@ -100,10 +100,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -mkdir -pv /etc/default install -m 644 $(DIR_SRC)/config/grub2/default /etc/default/grub - # Disable hardening. - paxctl -mpes /usr/sbin/grub-bios-setup /usr/sbin/grub-probe - paxctl -mpexs /usr/bin/grub-script-check - # We don't need to install unifont just to generate a grub2 compatible # font archive for the graphical boot menu. The following command only # converts Latin-1, Latin Extended A+B, Arrows, Box and Block characters. diff --git a/lfs/paxctl b/lfs/paxctl deleted file mode 100644 index 387f3842e..000000000 --- a/lfs/paxctl +++ /dev/null @@ -1,79 +0,0 @@ -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2016 IPFire Team # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -############################################################################### -# Definitions -############################################################################### - -include Config - -VER = 0.9 - -THISAPP = paxctl-$(VER) -DL_FILE = $(THISAPP).tar.gz -DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) - -############################################################################### -# Top-level Rules -############################################################################### - -objects = $(DL_FILE) - -$(DL_FILE) = $(DL_FROM)/$(DL_FILE) - -$(DL_FILE)_MD5 = 9bea59b1987dc4e16c2d22d745374e64 - -install : $(TARGET) - -check : $(patsubst %,$(DIR_CHK)/%,$(objects)) - -download :$(patsubst %,$(DIR_DL)/%,$(objects)) - -md5 : $(subst %,%_MD5,$(objects)) - -dist: - @$(PAK) - -############################################################################### -# Downloading, checking, md5sum -############################################################################### - -$(patsubst %,$(DIR_CHK)/%,$(objects)) : - @$(CHECK) - -$(patsubst %,$(DIR_DL)/%,$(objects)) : - @$(LOAD) - -$(subst %,%_MD5,$(objects)) : - @$(MD5) - -############################################################################### -# Installation Details -############################################################################### - -$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) - @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && make $(MAKETUNING) - cd $(DIR_APP) && make install - @rm -rf $(DIR_APP) - @$(POSTBUILD) diff --git a/lfs/qemu b/lfs/qemu index 57d79a356..4f827e837 100644 --- a/lfs/qemu +++ b/lfs/qemu @@ -88,13 +88,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # install wrapper for old kvm parameter handling install -m 755 $(DIR_SRC)/config/qemu/qemu /usr/bin/qemu - # disable PaX MPROTECT and RANDMMAP - paxctl -m -r /usr/bin/qemu-system-arm - paxctl -m -r /usr/bin/qemu-system-i386 - paxctl -m -r /usr/bin/qemu-system-x86_64 - paxctl -m -r /usr/bin/qemu-arm - paxctl -m -r /usr/bin/qemu-i386 - paxctl -m -r /usr/bin/qemu-x86_64 # install an udev script to set the permissions of /dev/kvm cp -avf $(DIR_SRC)/config/qemu/65-kvm.rules /lib/udev/rules.d/65-kvm.rules diff --git a/make.sh b/make.sh index a5ebe0dd9..5ed4faa53 100755 --- a/make.sh +++ b/make.sh @@ -389,7 +389,6 @@ buildbase() { lfsmake2 udev lfsmake2 vim lfsmake2 xz - lfsmake2 paxctl } buildipfire() {