[grsec] gradm problem
ixion
ixion at indigorobot.com
Sat Sep 10 10:46:10 EDT 2005
I've had this problem in the past. Please see if /sys is a symlink to
something already defined in that particular subject.
On Sat, 2005-09-10 at 09:36 +0300, Jaakko Heinonen wrote:
> Hi,
>
> I have a problem with gradm-2.1.7-200509062034 with following policy
> file:
> (Please note that the policy file is not useful as is. I have stripped
> it down to reproduce the problem.)
>
> --
> role default
> role_transitions admin
> subject /
> /
> /dev
> /dev/grsec h
> /dev/urandom r
> /dev/random r
> /dev/log r
> /dev/mem h
> /dev/kmem h
> /dev/port h
> /etc rx
> /bin rx
> /usr/bin rx
> /usr/local/bin rx
> /sbin rx
> /usr/sbin rx
> /usr/local/sbin rx
> /lib rx
> /usr/lib rx
> /proc r
> /proc/kcore h
> /boot r
> /etc/grsec h
> /root h
> /sys h
>
> -CAP_ALL
>
> role admin sA
> subject / rvka
> / rwcdmxil
> --
>
> With gradm -E i get the following error message:
> Duplicate object found for "/sys" in role default, subject /, on line 27 of /etc/grsec/policy.
> "/sys" references the same object as the following object(s):
> specified on an earlier line.The RBAC system will not load until this error is fixed.
>
> I can't see that there is anything wrong in the policy file.
More information about the grsecurity
mailing list