[grsec] Duplicate root role in policy file
Brad Spengler
spender at grsecurity.net
Thu Dec 1 17:51:05 EST 2005
On Thu, Dec 01, 2005 at 10:06:01AM -0330, Kurt Pomeroy wrote:
> Hey guys,
> Just starting over re-learning in full learning mode over the past few days. I disabled the system
> and then converted the new rules into the system policy, then as root, i tried to start up the system
> and received the following error
>
> "Duplicate role root on line 3485 of /etc/grsec/policy.
> The RBAC system will not be allowed to be enabled until this error is fixed."
Did you use gradm -L /somefile -O /etc/grsec/policy without first
removing/truncating /etc/grsec/policy? That would be the most likely
reason.
> Is there something im doing wrong? Also you have to be root to start and stop the system correct?
> and every time I try /sbin/gradm -a admin as a normal user (im trying to configure the system
> as a regular user and stay out of su'ing to root) but I always get invalid password. I dont think I
> quite have a handle on the administrative roles and how to configure the system as a regular user.
To transition to a special role, regardless of whether it requires
authentication or not, you must have a role_transitions line added to
the role you're running gradm -a or gradm -n under. Most likely you
have a user role that was missing the role_transitions admin line, and
were trying to run gradm -a from within this role.
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20051201/6bb31e6e/attachment.pgp
More information about the grsecurity
mailing list