See https://github.com/freedomofpress/securedrop/issues/1245 for context. In summary: we need to ensure that the PaX flags are set correctly on grub binaries prior to running update-grub automatically after installing a new kernel image. Let's drop in a kernel postinst hook in the metapackage, which depends on the linux-image-grsec packages.
See https://github.com/freedomofpress/securedrop/issues/1245 for context. In summary: we need to ensure that the PaX flags are set correctly on grub binaries prior to running
update-grubautomatically after installing a new kernel image. Let's drop in a kernel postinst hook in the metapackage, which depends on the linux-image-grsec packages.