[grsec] learn_config: high-reduce-path does not work for
subdirectories?
Brad Spengler
spender at grsecurity.net
Tue Mar 22 10:36:09 EST 2005
> In the learn_config I set:
>
> high-reduce-path /var/lib/amavis
>
> (I removed the default high-reduce-path /var/lib entry)
The high-reduce-path directive doesn't ensure that a path will be
reduced fully: that depends on the heuristics/graph analysis. In this
case, because you have many read-only and find-only accesses within the
path, it decided to protect those specific paths. I'll add an
always-reduce directive or something to that effect so that you can get
the results you're looking for.
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050322/eb70455d/attachment.pgp
More information about the grsecurity
mailing list