grsecurity forums

dmesg log
grsec: (root:U:/usr/bin/prelude-lml) denied access to hidden file /var/log/messages by /usr/bin/prelude-lml[prelude-lml:22219] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: (root:U:/usr/bin/prelude-lml) denied access to hidden file /var/log/auth.log by /usr/bin/prelude-lml[prelude-lml:22219] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

grsec policy subject /usr/bin/prelude-lml

subject /usr/bin/prelude-lml {
/ h
/var/log/
/etc/prelude-lml/metadata/-var-log-messages rcdw
/etc/prelude-lml/metadata/-var-log-auth.log rcdw
/tmp/.prelude-unix-5554 rcw
/var/spool/prelude-sensors/backup.0 rcwd
-CAP_ALL
+CAP_SETGID
+CAP_SETUID
bind disabled
# connect disabled
connect 0.0.0.0/0 stream tcp
}

when I changed /var/log to:
/var/log/auth.log r
/var/log/messages r

dmesg show this same error

grsec: (root:U:/usr/bin/prelude-lml) denied access to hidden file /var/log/messages by /usr/bin/prelude-lml[prelude-lml:22219] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: (root:U:/usr/bin/prelude-lml) denied access to hidden file /var/log/auth.log by /usr/bin/prelude-lml[prelude-lml:22219] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0


where is the error?

osa

I'd need to see your entire policy to make sure that the subject you pasted to me is indeed the subject being referenced in the error log you pasted. Can you mail it to spender@grsecurity.net?

-Brad

Your policy should not have been accepted by the parser. Your root role definition includes "a" in the role type, which is not a valid type (subject/object/role flags are case sensitive). Do you have this policy installed as /etc/grsec/policy?

-Brad

spender wrote:Your policy should not have been accepted by the parser. Your root role definition includes "a" in the role type, which is not a valid type (subject/object/role flags are case sensitive). Do you have this policy installed as /etc/grsec/policy?

-Brad

Hi

Policy is accept by the parser and root even I definiotion includes "a" in the role type
Yes this policy installed as /etc/grsec/policy

Maybe this is a bug in the gradm?

osa

Hi spender

Do you maybe know why gradm is loading even if role root is set to "a"? Besides that I need to know if my "policy" contains any mistakes that caused errors which I posted, that are shown on my console.


thx

osa

The parser was ignoring invalid characters in certain states instead of erroring on them. I've corrected the problem in CVS, however I'm still unable to reproduce your problem with the /var/log/messages errors.

-Brad

Thx for answer for my former question

I have two machine first name A second name B
machine A -> gradm 2.1.6 , kernel version 2.6.11-12+grsecurity patch
machine B -> gradm 2.1.7, kernel version 2.6.14-2_+grsecurity patch

and I have problem with gradm and linux kernel 2.6.14-2(machine B) .After login on machine B with 2.6.14-2 on admins user, next i run "/sbin/gradm -a admin" and "su -root" i can't exec "ps aux" because system reporting ps command not found.
but when a login on tne box with 2.6.11-12 everythink is ok (police are the same on the both machines)
. Any idea ?