grsecurity forums

[darko]

Hi all!
I'm having problems while trying to create some subject acls.

My "acl" file is the standard one (with some extra restrictions) and at the end (still in the default acl) I have this block:

subject /usr/sbin/sshd lo
/ h
-CAP_ALL
connect disabled
bind disabled

I enable de the ACL system with gradm -L /tmp/sshd -E

I start/stop the sshd service, log in, log out, etc, etc...
I can see the /tmp/sshd file size is increasing and its contents seem "right":

(...)
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1 /etc/ssh/sshd_config 16 10.0.0.2
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1 /etc/ssh/sshd_config 17 10.0.0.2
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1 /etc/ssh/ssh_host_rsa_key 16 10.0.0.2
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1 /etc/ssh/ssh_host_rsa_key 17 10.0.0.2
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1 /etc/ssh/ssh_host_dsa_key 16 10.0.0.2
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1
(...)

All seems fine here.
Now my problem:

I try to create the acl from the learning logs using
gradm -L /tmp/sshd -O /tmp/sshd-rules

gradm doesn't give me any warnings or errors but /tmp/sshd-rules is empty.

What is happenning?
I'm probably not doing something right or missing something :/

Thanks in advance,
João P.

[spender]

Can you mail your ACL and learning log to spender@grsecurity.net ? I'll take a look at it on my machine.

-Brad

[darko]

Hi Brad.
I updated gradm to the current cvs version and until now all seems to be working fine, sorry for the hassle.
I should have done this sooner...

Thanks for the help,
João