-if [ "$CFG_OSTYPE" = "unknown-linux-gnu" ]
-then
- if [ ! -z "$CFG_ENABLE_PAX_FLAGS" -a -z "$CFG_PAXCTL" ]
- then
- err "enabled PaX markings but no paxctl binary found"
- fi
-
- if [ -z "$CFG_DISABLE_PAX_FLAGS" ]
- then
- # GRSecurity/PaX detection. This can be very flaky.
- GRSEC_DETECTED=
-
- # /dev/grsec only exists if CONFIG_GRKERNSEC_NO_RBAC is not set.
- # /proc/sys/kernel/grsecurity is not available if ÇONFIG_GRKERNSEC_SYSCTL is not set.
- if [ -e /dev/grsec -o -d /proc/sys/kernel/grsecurity ]
- then
- GRSEC_DETECTED=1
- # /proc/config.gz is normally only available to root, and only if CONFIG_IKCONFIG_PROC has been set.
- elif [ -r /proc/config.gz -a ! -z "$CFG_ZCAT" ]
- then
- if "$CFG_ZCAT" /proc/config.gz | grep --quiet "CONFIG_GRKERNSEC=y"
- then
- GRSEC_DETECTED=1
- fi
- # Flaky.
- elif grep --quiet grsec /proc/version
- then
- GRSEC_DETECTED=1
- fi
-
- if [ ! -z "$GRSEC_DETECTED" ]
- then
- step_msg "GRSecurity: yes"
- if [ ! -z "$CFG_PAXCTL" ]
- then
- CFG_ENABLE_PAX_FLAGS=1
- else
- warn "GRSecurity kernel detected but no paxctl binary found: not setting CFG_ENABLE_PAX_FLAGS"
- fi
- else
- step_msg "GRSecurity: no"
- fi
- fi
-fi
-