grsecurity forums

[koziolek]

Hello

I have RBAC enabled system (Gentoo Linux, 2.6.20-hardened-r5).

1. SSH logins work.
2. Root can login locally.
3. User (UID 1000, GID 100) cannot login locally with errors:

Code: Select all

Jul 17 15:51:12 bambo grsec: (default:D:/) denied access to hidden file /home/kozik by /bin/login[login:7767] uid/euid:1000/1000 gid/egid:100/100, parent /bin/login[login:17973] uid/euid:0/0 gid/egid:100/100
Jul 17 15:51:12 bambo grsec: (default:D:/) denied access to hidden file / by /bin/login[login:7767] uid/euid:1000/1000 gid/egid:100/100, parent /bin/login[login:17973] uid/euid:0/0 gid/egid:100/100
Jul 17 15:51:12 bambo grsec: (default:D:/) denied access to hidden file /etc/localtime by /bin/login[login:7767] uid/euid:1000/1000 gid/egid:100/100, parent /bin/login[login:17973] uid/euid:0/0 gid/egid:100/100
Jul 17 15:51:12 bambo grsec: (default:D:/) denied access to hidden file /etc/localtime by /bin/login[login:7767] uid/euid:1000/1000 gid/egid:100/100, parent /bin/login[login:17973] uid/euid:0/0 gid/egid:100/100
Jul 17 15:51:12 bambo grsec: (default:D:/) denied access to hidden file /etc/localtime by /bin/login[login:7767] uid/euid:1000/1000 gid/egid:100/100, parent /bin/login[login:17973] uid/euid:0/0 gid/egid:100/100
Jul 17 15:51:12 bambo grsec: more alerts, logging disabled for 10 seconds

I have tried to add /bin/login to role default but then it wanted /bin/bash and so on...

Any idea how to solve it? Add /bin/login and /bin/bash to role default:D:/?

Full grsec policy can be found here:
http://www.kozik.net.pl/unix/inne/bambo.grsec.policy