[grsec] Duplicate root role in policy file

Brad Spengler spender at grsecurity.net
Thu Dec 1 17:51:05 EST 2005


On Thu, Dec 01, 2005 at 10:06:01AM -0330, Kurt Pomeroy wrote:
> Hey guys,
> 	Just starting over re-learning in full learning mode over the past few days. I disabled the system
> and then converted the new rules into the system policy, then as root, i tried to start up the system
> and received the following error
> 
> "Duplicate role root on line 3485 of /etc/grsec/policy.
> The RBAC system will not be allowed to be enabled until this error is fixed."

Did you use gradm -L /somefile -O /etc/grsec/policy without first 
removing/truncating /etc/grsec/policy?  That would be the most likely 
reason.

> Is there something im doing wrong? Also you have to be root to start and stop the system correct?
> and every time I try /sbin/gradm -a admin as a normal user (im trying to configure the system
> as a regular user and stay out of su'ing to root) but I always get invalid password. I dont think I 
> quite have a handle on the administrative roles and how to configure the system as a regular user.

To transition to a special role, regardless of whether it requires 
authentication or not, you must have a role_transitions line added to 
the role you're running gradm -a or gradm -n under.  Most likely you 
have a user role that was missing the role_transitions admin line, and 
were trying to run gradm -a from within this role.

-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20051201/6bb31e6e/attachment.pgp


More information about the grsecurity mailing list