#!/bin/bash

MODE=1
if [ "$1" == "SUSPEND" ]; then
	echo "Suspending grsecurity chroot protection..."
	echo "DON'T FORGET TO RESET!"
	MODE=0
else
	echo "Activating grsecurity chroot protection..."
fi

CHROPTS=`sysctl -aN 2>/dev/null |grep "kernel.grsecurity.chroot"`
for CHROPT in $CHROPTS; do
	if [ "$CHROPT" == "kernel.grsecurity.chroot_caps" ]; then
		sysctl -q -w $CHROPT=0
	elif [ "$CHROPT" == "kernel.grsecurity.chroot_deny_bad_rename" ]; then
		sysctl -q -w $CHROPT=0
	else
		sysctl -q -w $CHROPT=$MODE
	fi
done