[grsec] Much more denies after upgrade 2.1.1 -> 2.1.3

[Marc Schiffbauer]

* Brad Spengler schrieb am 09.03.05 um 02:01 Uhr:
> > What might be the reson for that?
> 
> Hard to say.  I'd have to see your policy and straces of one of the 
> apps before the upgrade and after.  I assume you didn't update anything 
> else on the system between the upgrade of 2.1.1 to 2.1.3.  The only time 
> I've ever seen similar new denials across several apps was when glibc 
> was upgraded and nscd was installed and used with every app.

Hm. No there was only the grsec and the kernel upgrade (2.4.29-rc3
-> 2.4.29)

I now noticed that several services do not start at system boot
anymore... I have to start them manually (after authenticating to
rbac as admin...)

I spent days if not weeks to tune the ACLs and put every
system-users acl-stuff in an own file included from the main policy file 
after full-learning for several days.
I started to do that in grsec 1.9.x times. Before learn_config and
the (i)nheritance flag have been there and where the ACL-generating 
process took too much ressources because I had a huge learning log of 
everal GBs so that I had to split the learning logs by users before 
doing that... 

I now have the feeling that it would propably be better to start the
whole process again and throw all my current policies away... what
do you think?

-Marc
-- 
**********************************************************************
*   Unix is like a wigwam: no gates, no windows, only apache inside  *
**********************************************************************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050309/e1fd1523/attachment.pgp