[grsec] gradm problem
Jaakko Heinonen
jheinonen at users.sourceforge.net
Sat Sep 10 02:36:54 EDT 2005
Hi,
I have a problem with gradm-2.1.7-200509062034 with following policy
file:
(Please note that the policy file is not useful as is. I have stripped
it down to reproduce the problem.)
--
role default
role_transitions admin
subject /
/
/dev
/dev/grsec h
/dev/urandom r
/dev/random r
/dev/log r
/dev/mem h
/dev/kmem h
/dev/port h
/etc rx
/bin rx
/usr/bin rx
/usr/local/bin rx
/sbin rx
/usr/sbin rx
/usr/local/sbin rx
/lib rx
/usr/lib rx
/proc r
/proc/kcore h
/boot r
/etc/grsec h
/root h
/sys h
-CAP_ALL
role admin sA
subject / rvka
/ rwcdmxil
--
With gradm -E i get the following error message:
Duplicate object found for "/sys" in role default, subject /, on line 27 of /etc/grsec/policy.
"/sys" references the same object as the following object(s):
specified on an earlier line.The RBAC system will not load until this error is fixed.
I can't see that there is anything wrong in the policy file.
--
Jaakko
More information about the grsecurity
mailing list