Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove duplicate paxctl headers logic from ansible #2745

Closed
msheiny opened this issue Dec 13, 2017 · 2 comments
Closed

Remove duplicate paxctl headers logic from ansible #2745

msheiny opened this issue Dec 13, 2017 · 2 comments
Labels
goals: Improve Ansible logic / smoother install

Comments

@msheiny
Copy link
Contributor

msheiny commented Dec 13, 2017

Feature request

Description

We already have some paxctl header flagging in the grsec securedrop package as part of the postinst scripts. Lets scope that to make sure we arent duplicating ourselves here. This also seems like a task super related to grsecurity packaging and that logic should remain with the debian package.

User Stories

As a debian package, I don't want ansible to take my job.
@msheiny
Copy link
Contributor Author

msheiny commented Dec 13, 2017

Additional note from security audit:

Not DRY: Vm.heap_stack_gap also enforced in grsec metapackage (this is a default var in grsecurity role in grsec_sysctl_flags)

@conorsch
Copy link
Contributor

conorsch commented Jan 8, 2021

This is done! At least for Focal support. As of #5691, we now use paxctld for managing pax flags under Focal. For Xenial, there are still paxctl calls, but we'll clean that up after the EOL window.

As for the sysctl point, see #2725.

@conorsch conorsch closed this as completed Jan 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
goals: Improve Ansible logic / smoother install
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@conorsch @msheiny