Hello everybox.
I've enable grsec patch and full system learning on my arch.
I type #gradm -F -L /etc/grsec/learning.logs -O /etc/grsec/policy but there is an issue :
"subject" caused a syntax error on line 939 of /etc/grsec/policy.
I search why, and i don't understand where is exactly the problem.
Here is a copy of line 939 :
# Role: root
subject /usr/bin/dbus-launch o {
/
/boot h
/dev h
/dev/null rw
/etc h
/etc/ld.so.cache r
/etc/nsswitch.conf r
/etc/passwd r
/proc/bus h
/proc/kallsyms h
/proc/kcore h
/proc/modules h
/proc/slabinfo h
/proc/sys h
/root h
/root/.dbus
/root/.dbus/session-bus
/root/.dbus/session-bus/bfb75508f17f4376b6276ba637b40ec3-0 w
/sys h
/tmp r
/usr h
/usr/bin h
/usr/bin/dbus-daemon x
/usr/bin/dbus-launch x
/usr/lib rx
/usr/lib/modules h
/var/backups h
/var/log h
-CAP_ALL
bind disabled
connect disabled
}
Thx for ur help.
Syntax error in /etc/grsec/policy
3 posts
• Page 1 of 1
Syntax error in /etc/grsec/policy
by rootlam42 » Sun Jan 18, 2015 6:46 am
- rootlam42
- Posts: 1
- Joined: Sun Jan 18, 2015 6:39 am
Re: Syntax error in /etc/grsec/policy
by spender » Wed Jan 21, 2015 8:35 pm
I would need to see the full /etc/grsec/policy. I don't see any error with what you pasted, especially if it was created entirely by the full learning system and not modified. You can email it to spender@grsecurity.net.
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
Re: Syntax error in /etc/grsec/policy
by spender » Thu Jan 22, 2015 9:29 am
Thanks for the mail. I see the issue now -- it's that in the previous subject you have a sock_allow_family without any arguments. Did the full learning generate that line? If so I'll look into fixing it.
Thanks,
-Brad
Thanks,
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
3 posts
• Page 1 of 1