grsecurity forums

Skip to content

CAP_SYS_BOOT error message in 2.6.10 kernel

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

CAP_SYS_BOOT error message in 2.6.10 kernel

Postby pac_red » Wed Jan 12, 2005 10:31 am

Hello,
I rebuild the 2.6.10 kernel with grsec. I put the system into leanring mode as detailed in the quick start guide:
gradm –F –L /etc/grsec/learning.log

I let the system run for 12 hours and then:
gradm –F –L /etc/grsec/learning.log –O /
etc/grsec/acl

When I try to enable:
gradm -E
I get an error message saying something about the default role has 1 hole in it, CAP_SYS_BOOT has not been removed and a hacker could reboot the system.

I added -CAP_SYS_BOOT to the default role in the acl and I still get the error message.

Any advice?

Thank-you.
pac_red
 
Posts: 7
Joined: Fri Sep 17, 2004 7:01 pm
Top

Postby spender » Wed Jan 12, 2005 8:27 pm

/etc/grsec/acl is no longer the policy file, /etc/grsec/policy is.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group