[grsec] duplicate objects?
Igor Gueths
igueths at lava-net.com
Sun May 15 23:53:37 EDT 2005
Hi all. I'm trying to get the sensors program to run under the role for my user, however when I put in the correct ACL for /sys Gradm complains about there being a duplicate object. The
subject currently looks like:
subject /usr/local/bin/sensors o {
user_transition_allow igueths
group_transition_allow users
/ h
/dev h
/dev/null
/etc h
/etc/ld.so.cache r
/etc/sensors.conf r
/lib h
/lib/ld-2.3.2.so x
/lib/libc-2.3.2.so rx
/lib/libm-2.3.2.so rx
/usr h
/usr/lib h
/usr/lib/gconv/ISO8859-1.so rx
/usr/lib/gconv/gconv-modules r
/usr/lib/locale/en_US/LC_CTYPE r
/usr/local h
/usr/local/bin/sensors x
/usr/local/lib
/usr/local/lib/libsensors.so.3.0.5 rx
/proc r
/proc/kcore h
/proc/sys r
/proc/bus r
/sys r
-CAP_ALL
bind disabled
connect disabled
}
gradm -E -L /etc/grsec/learn.log (I still have some learning subjects)
Duplicate object found for "/sys" in role igueths, subject /usr/local/bin/sensors, on line 4458 of /etc/grsec/policy.
"/sys" references the same object as the following object(s):
specified on an earlier line.The RBAC system will not load until this error is fixed.
What object could it be complaining about? I once got that error when /usr/tmp symlinked to /var/tmp, and I managed to fix that. Could it be another subject in my role that's referencing /sys
that it doesn't like? Currently, /sys is an actual directory (not symlinked to /proc). I'm somewhat out of ideas on this one. Thanks!
--
How many chunks could checkchunk check if checkchunck could check chunks?
-- Alan Cox
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050515/568bd66b/attachment.pgp
More information about the grsecurity
mailing list