Fix #107: Grsec check: read file in /proc as root
This commit is contained in:
parent
d0ffe4879d
commit
34622368d9
|
@ -17,9 +17,10 @@ You should have received a copy of the GNU General Public License
|
||||||
along with pmbootstrap. If not, see <http://www.gnu.org/licenses/>.
|
along with pmbootstrap. If not, see <http://www.gnu.org/licenses/>.
|
||||||
"""
|
"""
|
||||||
import os
|
import os
|
||||||
|
import pmb.helpers.run
|
||||||
|
|
||||||
|
|
||||||
def check_grsec():
|
def check_grsec(args):
|
||||||
"""
|
"""
|
||||||
Check if the current kernel is based on the grsec patchset, and if
|
Check if the current kernel is based on the grsec patchset, and if
|
||||||
the chroot_deny_chmod option is enabled. Raise an exception in that
|
the chroot_deny_chmod option is enabled. Raise an exception in that
|
||||||
|
@ -29,9 +30,8 @@ def check_grsec():
|
||||||
if not os.path.exists(path):
|
if not os.path.exists(path):
|
||||||
return
|
return
|
||||||
|
|
||||||
with open(path, "r") as handle:
|
status = pmb.helpers.run.root(
|
||||||
status = handle.readlines()[0].rstrip()
|
args, ["cat", path], return_stdout=True).rstrip()
|
||||||
|
|
||||||
if status != "0":
|
if status != "0":
|
||||||
link = "https://github.com/postmarketOS/pmbootstrap/wiki/Troubleshooting:grsec"
|
link = "https://github.com/postmarketOS/pmbootstrap/wiki/Troubleshooting:grsec"
|
||||||
raise RuntimeError("You're running a kernel based on the grsec"
|
raise RuntimeError("You're running a kernel based on the grsec"
|
||||||
|
|
|
@ -48,7 +48,7 @@ def main():
|
||||||
# Wrap everything to display nice error messages
|
# Wrap everything to display nice error messages
|
||||||
try:
|
try:
|
||||||
# Sanity check
|
# Sanity check
|
||||||
pmb.helpers.other.check_grsec()
|
pmb.helpers.other.check_grsec(args)
|
||||||
|
|
||||||
# Initialize or require config
|
# Initialize or require config
|
||||||
if args.action == "init":
|
if args.action == "init":
|
||||||
|
|
Loading…
Reference in New Issue