grsecurity forums

Hi,

for all the docs I've read about grsec I'm still wonding how to get RBAC working. Specifically, one can activate grsec RBAC manually with gradm. But how to do it automatically at system boot time?

Moreover, how can I assign a role to a daemon (such that it enters it automatically)?

Thanks for advice.

See this link for startup/shutdown ideas:

viewtopic.php?f=5&t=2248

There is a nice shutdown role that is available.

To start it automatically add /sbin/gradm -E to rc.local (location will vary pending your *nix flavor).

Create subjects for daemons/processes that you want protected in the grsec policy. Use full learning mode to get a good baseline for a policy. There are docs for doing this.