include </path/to/directory> issue

Submit your RBAC policies or suggest policy improvements

include </path/to/directory> issue

Postby Kyoshiro » Tue Jan 11, 2005 9:52 pm

When there's an include entry to a directory in the policy, the following access controls are not loaded. For example :

Code: Select all
....

domain restricted g users guests
include </etc/grsec/restricted>
include </etc/grsec/common>

role default G
role_transitions admin
include </etc/grsec/default>
include </etc/grsec/common>


If /etc/grsec/restricted is a directory, gradm complains about :
gradm2 wrote:There is no default role present in your configuration.
Please read the RBAC documentation and create a default role before attempting to enable the RBAC system.


When it's a file, everything's ok.

PS: I'm using latest grsec and gradm (v2.1.0) + kernel 2.4.28 + secfixes
Kyoshiro
 
Posts: 20
Joined: Thu Aug 12, 2004 5:45 pm

Postby spender » Wed Jan 12, 2005 8:43 pm

I've fixed this in current CVS.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby Kyoshiro » Thu Jan 13, 2005 4:02 am

Thanks ;)
Kyoshiro
 
Posts: 20
Joined: Thu Aug 12, 2004 5:45 pm


Return to RBAC policy development