add LKRG compatibility settings automation for VirtualBox hosts

https://github.com/openwall/lkrg/issues/82
2024-10-01 08:25:45 -04:00 · 2021-07-24 18:03:40 -04:00 · 2021-07-24 18:03:40 -04:00 · 257cef24ba
commit 257cef24ba
parent 0f86ffef04
3 changed files with 60 additions and 0 deletions
--- a/lib/systemd/system/lkrg.service.d/40-virtualbox.conf
+++ b/lib/systemd/system/lkrg.service.d/40-virtualbox.conf
@ -0,0 +1,5 @@
+## Copyright (C) 2021 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
+## See the file COPYING for copying conditions.
+
+[Service]
+ExecStartPre=/usr/share/security-misc/lkrg/lkrg-virtualbox
--- a/usr/share/security-misc/lkrg/30-lkrg-virtualbox.conf
+++ b/usr/share/security-misc/lkrg/30-lkrg-virtualbox.conf
@ -0,0 +1,31 @@
+## Copyright (C) 2021 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
+## See the file COPYING for copying conditions.
+
+## DO NOT EDIT THIS FILE /etc/sysctl.d/30-lkrg-dkms.conf AS EDITS WILL BE LOST!
+## This is an auto generated file.
+
+## Please use "/etc/sysctl.d/50-user.conf" for your custom
+## configuration, which will override the defaults found here.
+
+## gets copied from:
+## /usr/share/security-misc/lkrg/30-lkrg-virtualbox.conf
+## to:
+## /etc/sysctl.d/30-lkrg-virtualbox.conf
+## by package security-misc, files:
+## /usr/share/security-misc/lkrg/lkrg-virtualbox
+## /lib/systemd/system/lkrg.service.d/40-virtualbox.conf
+
+## https://forums.whonix.org/t/linux-kernel-runtime-guard-lkrg-linux-kernel-runtime-integrity-checking-and-exploit-detection/8477/32
+## https://www.openwall.com/lists/lkrg-users/2020/01/24/2
+## https://www.openwall.com/lists/lkrg-users/2020/01/25/2
+## https://github.com/openwall/lkrg/issues/82
+## https://github.com/openwall/lkrg/blob/main/scripts/bootup/lkrg.conf
+## https://github.com/openwall/lkrg/blob/main/scripts/bootup/systemd/lkrg.service
+## /etc/sysctl.d/30-lkrg-dkms.conf
+## /lib/systemd/system/lkrg.service
+
+## Already LKRG upstream default.
+#lkrg.msr_validate = 0
+
+lkrg.pcfi_validate = 1
+lkrg.profile_validate = 2
--- a/usr/share/security-misc/lkrg/lkrg-virtualbox
+++ b/usr/share/security-misc/lkrg/lkrg-virtualbox
@ -0,0 +1,24 @@
+#!/bin/bash
+
+## Copyright (C) 2021 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
+## See the file COPYING for copying conditions.
+
+set -x
+set -e
+
+if ! command -v vboxmanage &>/dev/null ; then
+   if test -f /etc/sysctl.d/30-lkrg-virtualbox.conf ; then
+      rm --force --verbose /etc/sysctl.d/30-lkrg-virtualbox.conf
+   fi
+   exit 0
+fi
+
+if ! test -d /etc/sysctl.d ; then
+   exit 0
+fi
+
+if ! test -f /usr/share/security-misc/lkrg/30-lkrg-virtualbox.conf ; then
+   exit 0
+fi
+
+cp --verbose /usr/share/security-misc/lkrg/30-lkrg-virtualbox.conf /etc/sysctl.d/30-lkrg-virtualbox.conf