synit
/
pmbootstrap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix #107: Grsec check: read file in /proc as root

This commit is contained in:
Oliver Smith 2017-07-11 18:50:40 +02:00
parent d0ffe4879d
commit 34622368d9
No known key found for this signature in database
GPG Key ID: 5AE7F5513E0885CB
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pmb/helpers/other.py
View File

@ -17,9 +17,10 @@ You should have received a copy of the GNU General Public License
along with pmbootstrap. If not, see <http://www.gnu.org/licenses/>.
"""
import os
import pmb.helpers.run
def check_grsec():
def check_grsec(args):
"""
Check if the current kernel is based on the grsec patchset, and if
the chroot_deny_chmod option is enabled. Raise an exception in that
@ -29,9 +30,8 @@ def check_grsec():
if not os.path.exists(path):
return
with open(path, "r") as handle:
status = handle.readlines()[0].rstrip()
status = pmb.helpers.run.root(
args, ["cat", path], return_stdout=True).rstrip()
if status != "0":
link = "https://github.com/postmarketOS/pmbootstrap/wiki/Troubleshooting:grsec"
raise RuntimeError("You're running a kernel based on the grsec"

2
pmbootstrap.py
View File

@ -48,7 +48,7 @@ def main():
# Wrap everything to display nice error messages
try:
# Sanity check
pmb.helpers.other.check_grsec()
pmb.helpers.other.check_grsec(args)
# Initialize or require config
if args.action == "init":