Using an "include" directory with 2.0

Submit your RBAC policies or suggest policy improvements

Using an "include" directory with 2.0

Postby ras » Thu May 13, 2004 4:31 pm

with grsec 1.9 you could put something like this in the acl to include a directory of other acls:

include </etc/grsec/acls>

This doesn't work with grsec 2.0. I'm wondering if there's a way to do it with 2.0

Thanks in advance for your time,

--jesse
ras
 
Posts: 3
Joined: Thu Apr 29, 2004 3:34 pm

Re: Using an "include" directory with 2.0

Postby hightower » Tue May 25, 2004 2:41 pm

ras wrote:with grsec 1.9 you could put something like this in the acl to include a directory of other acls:
include </etc/grsec/acls>
This doesn't work with grsec 2.0. I'm wondering if there's a way to do it with 2.0
Thanks in advance for your time,

Imho there's no way but I could be wrong (I wish I am wrong).

Brad?

ciao, Marc
hightower
 
Posts: 49
Joined: Wed Mar 06, 2002 11:36 am

Re: Using an "include" directory with 2.0

Postby PaX Team » Tue May 25, 2004 6:24 pm

ras wrote:with grsec 1.9 you could put something like this in the acl to include a directory of other acls:

include </etc/grsec/acls>
check the source code (gradm2/gradm.l), the add_include() function explicitly denies including directories, you should in fact have seen the error message when you tried it...
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm


Return to RBAC policy development