app-antivirus/lkrg: initial import

Signed-off-by: John Helmert III <ajak@gentoo.org>

1 files changed, 23 insertions, 0 deletions

diff --git a/app-antivirus/lkrg/files/lkrg-0.9.2-systemd-coredump-umh-whitelist.patch b/app-antivirus/lkrg/files/lkrg-0.9.2-systemd-coredump-umh-whitelist.patch
new file mode 100644
index 000000000000..438784aff16e
--- /dev/null
+++ b/app-antivirus/lkrg/files/lkrg-0.9.2-systemd-coredump-umh-whitelist.patch
@@ -0,0 +1,23 @@
+commit 7939aa03e00e7e48781d405743e2f2d31fca113b
+Author: John Helmert III <ajak@gentoo.org>
+Date:   Fri Jan 7 01:46:35 2022 -0600
+
+    Add non-usr-merged systemd-coredump to UMH whitelist
+    
+    Some distributions haven't merged /usr yet, so add the alternative
+    path for systemd-coredump.
+    
+    Signed-off-by: John Helmert III <ajak@gentoo.org>
+
+diff --git a/src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.c b/src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.c
+index ac2a737..7387135 100644
+--- a/src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.c
++++ b/src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.c
+@@ -45,6 +45,7 @@ static const char * const p_umh_global[] = {
+    "/etc/acpi/events/RadioPower.sh",
+    "/etc/acpi/wireless-rtl-ac-dc-power.sh",
+    "/lib/systemd/systemd-cgroups-agent",
++   "/lib/systemd/systemd-coredump",
+    "/sbin/bridge-stp",
+    "/sbin/critical_overtemp",
+    "/sbin/drbdadm",