grsecurity forums


https://forums.grsecurity.net./

Debian 4.0 and policy problem

https://forums.grsecurity.net./viewtopic.php?f=3&t=1727

Page 1 of 1

Debian 4.0 and policy problem

PostPosted: Fri May 11, 2007 7:56 am
by osa
Hi

I installed debian etch 4.0 with grsecurity , when I try gradm -E i have error message

gradm -E
Duplicate subject found for "/sbin/gradm" in role bsadmin, on line 1608 of /etc/grsec/policy.
"/sbin/gradm" references the same object as "/sbin/gradm" specified on an earlier line.

line 1608
subject /sbin/gradm {
/ h
/sbin/gradm x
/etc/ld.so.cache r
-CAP_ALL
}

I check all policy file and I don't find the same line entry

Where is the error?

PostPosted: Sun May 13, 2007 9:49 pm
by spender
You don't need to add a policy for gradm. It is automatically added by the RBAC system.

-Brad

PostPosted: Mon May 14, 2007 1:38 am
by osa
spender wrote:You don't need to add a policy for gradm. It is automatically added by the RBAC system.

-Brad


Hi

If it's automatically add how I can add this,where I add +CAP_SYS_ADMIN?

grsec: From 192.168.1.50: (root:U:/sbin/gradm) use of CAP_SYS_ADMIN denied for /sbin/gradm[gradm:8341] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:8284] uid/euid:0/0 gid/egid:0/0

osa

PostPosted: Mon May 14, 2007 7:18 am
by spender
gradm should not need CAP_SYS_ADMIN. What action were you performing to make it generate that log?

-Brad

PostPosted: Mon May 14, 2007 3:56 pm
by osa
When I used this command gradm -D I have this error on console
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/