[grsec] learn_config: high-reduce-path does not work for subdirectories?

Brad Spengler spender at grsecurity.net
Tue Mar 22 10:36:09 EST 2005


> In the learn_config I set:
> 
> high-reduce-path /var/lib/amavis
> 
> (I removed the default high-reduce-path /var/lib entry)

The high-reduce-path directive doesn't ensure that a path will be 
reduced fully: that depends on the heuristics/graph analysis.  In this 
case, because you have many read-only and find-only accesses within the 
path, it decided to protect those specific paths.  I'll add an 
always-reduce directive or something to that effect so that you can get 
the results you're looking for.

-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050322/eb70455d/attachment.pgp


More information about the grsecurity mailing list