Help with my policy file
Posted: Wed Aug 18, 2004 7:39 pmI'm probably missing something very easy here, but for whatever reason this isn't working.
From my "role root" section:
(full policy @ http://rocky.mindphone.org/grsec/policy.192.168.0.2.txt )
But i'm still getting the following logged/denied:
Aug 18 06:26:12 schwa kernel: grsec: (root:U:/) denied chown of /var/log/mysql/mysql.err.4.gz by /bin/chown[chown:32673] uid/euid:0/0 gid/egid:0/0, parent /tmp/logrotate.6URgoP[logrotate.6URgo:29755] uid/euid:0/0 gid/egid:0/0
i could probably just define for the whole role that /bin/chown can chown /var/log/mysql/*...but i would prefer not to. Any help is much appreciated.
From my "role root" section:
- Code: Select all
...
subject /tmp/logrotate*
/bin/chown rx
subject /tmp/logrotate*:/bin/chown
/var/log/mysql rwxacdm
/var/log/mysql/* rwxacdm
-CAP_ALL
+CAP_CHOWN
....
(full policy @ http://rocky.mindphone.org/grsec/policy.192.168.0.2.txt )
But i'm still getting the following logged/denied:
Aug 18 06:26:12 schwa kernel: grsec: (root:U:/) denied chown of /var/log/mysql/mysql.err.4.gz by /bin/chown[chown:32673] uid/euid:0/0 gid/egid:0/0, parent /tmp/logrotate.6URgoP[logrotate.6URgo:29755] uid/euid:0/0 gid/egid:0/0
i could probably just define for the whole role that /bin/chown can chown /var/log/mysql/*...but i would prefer not to. Any help is much appreciated.