[grsec] TPE & gradm 2.1.0 / linux 2.6.10

[jnf]

Hi.

Okay, so after playing with $HOME a bit, and not getting it to work in
_any_ context (I don't even get the correct error), I am concluding that
parse_homedir() was broken in 2.0.1 ? Which is fine, I decided it was
perhaps time to upgrade to the latest, however upon doing so I've found a
problem that I cannot seem to figure out in my policy. (The error under
2.0.1 is that its an unknown variable)

The policy works just fine in 2.0.1, no complaints however when I use the
same policy with 2.1.0 it bitches about the object / being writable and
thus TPE fails. However, after going through my policy over and over
thinking maybe I had changed something in my sleep deprived state (i fell
asleep at my desk last night ;[), I realize that it pretty much only shut
up IF I remove multiple roles, it seems to be some odd combo of them all
(once I take out about 4 of the roles [making it useless] it works).

What type of changes were made in 2.1.0 that affected this, what about
sym/hardlinks, would that possibly cause it?

Any idea's on that would be quite useful.

In re: to $HOME and only being used in user roles, how hard would it be to
obtain the username from a group role? I know it couldn't be incredibly
hard just because logging prints uid/gid and if you are in process context
current->uid should always be there, so along that line of thought a $USER
variable shouldnt be too hard to pull, and would make group roles
accessible in that manner.  I suppose being able to use $HOME with
user-domains kinda deprecates the necessity for it, but i still think it
would be nice. When I get some more time I will take a look at it and see
how probable it is.

I had another idea, but I seem to have forgotten it, anyways thanks.

jnf

--

There are only two choices in life. You either conform the truth to your desire,
or you conform your desire to the truth. Which choice are you making?