I'm just playing with grsec2 and stumbled over a few things I don't understand.
The first is how do I assign a role to a user? Just by naming the role after the username on the system? What about if a user "default" exists?
The second is after setting a role named "fd0" special and trying to reload the acl-system gradm complains about using incompatible versions of grsec and gradm:
in /etc/grsec/acl (default acl, just added the role "fd0"):
- Code: Select all
role fd0 suG
role_transitions admin
subject /
/etc/grsec h
/dev
/dev/grsec h
/dev/kmem h
/dev/mem h
/dev/port h
/proc/kcore h
/home/fd0 rw
/ r
-CAP_ALL
# gradm -R
Password:
You are using incompatible versions of gradm and grsecurity.
Please update both versions to the ones available on the website.
in kern.log:
kernel: grsec: From 192.168.101.52: Failed reload of grsecurity 2.0 for (gradm:3056) uid/euid:0/0 gid/egid:0/0, parent (bash:9160) uid/euid:0/0 gid/egid:0/0
Why does the reload fail? What is the meaning of 'special' roles, apart from that they aren't assigned automatically?
Can someone perhaps post an example user role?
Anyway, I would like to express that I really love grsec, thanks a lot for your work, Brad.
- Alexander
- Code: Select all