Grsecurity does not support fine-grained policy?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Grsecurity does not support fine-grained policy?

Postby linhed » Fri Apr 29, 2005 8:18 am

Hello,

I get this message when I am trying to load my acl's:

"Error on line 12 of /etc/grsec/noip/mondo. Grsecurity does not support fine-grained policy on devpts mounts.
Please change your more fine-grained object to a /dev/pts object. This will in addition produce a better policy that will not break as unnecessarily.
The RBAC system will not load until this error is fixed."

My rule in the acl it complains about looks like:

"subject /usr/local/bin/mondo_bkpiso.sh:/usr/local/share/mondo/mondoarchive
/dev/stderr rw"

I do need a rule like this because if I don't...

"grsec: From XXX.XXX.XXX.XXX: (root:U:/usr/local/share/mindi/mindi) denied open of /dev/stderr for appending by /usr/local/share/mindi/mindi[mindi:24480] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:24476] uid/euid:0/0 gid/egid:0/0"


This worked in previous versions of Gr Security.
What has changed, How do I do?
linhed
 
Posts: 2
Joined: Fri Apr 29, 2005 6:02 am

Return to grsecurity support