Grsecurity does not support fine-grained policy?
Posted: Fri Apr 29, 2005 8:18 am
Hello,
I get this message when I am trying to load my acl's:
"Error on line 12 of /etc/grsec/noip/mondo. Grsecurity does not support fine-grained policy on devpts mounts.
Please change your more fine-grained object to a /dev/pts object. This will in addition produce a better policy that will not break as unnecessarily.
The RBAC system will not load until this error is fixed."
My rule in the acl it complains about looks like:
"subject /usr/local/bin/mondo_bkpiso.sh:/usr/local/share/mondo/mondoarchive
/dev/stderr rw"
I do need a rule like this because if I don't...
"grsec: From XXX.XXX.XXX.XXX: (root:U:/usr/local/share/mindi/mindi) denied open of /dev/stderr for appending by /usr/local/share/mindi/mindi[mindi:24480] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:24476] uid/euid:0/0 gid/egid:0/0"
This worked in previous versions of Gr Security.
What has changed, How do I do?
I get this message when I am trying to load my acl's:
"Error on line 12 of /etc/grsec/noip/mondo. Grsecurity does not support fine-grained policy on devpts mounts.
Please change your more fine-grained object to a /dev/pts object. This will in addition produce a better policy that will not break as unnecessarily.
The RBAC system will not load until this error is fixed."
My rule in the acl it complains about looks like:
"subject /usr/local/bin/mondo_bkpiso.sh:/usr/local/share/mondo/mondoarchive
/dev/stderr rw"
I do need a rule like this because if I don't...
"grsec: From XXX.XXX.XXX.XXX: (root:U:/usr/local/share/mindi/mindi) denied open of /dev/stderr for appending by /usr/local/share/mindi/mindi[mindi:24480] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[sh:24476] uid/euid:0/0 gid/egid:0/0"
This worked in previous versions of Gr Security.
What has changed, How do I do?