grsecurity forums

Skip to content

Gradm: Dns and cloud services

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

Gradm: Dns and cloud services

Postby ioJeW2 » Fri Aug 15, 2014 9:55 am

Hi,

i have a problem with gradm and domain-names with more than one ip.

My mailclient is allowed to:
Code: Select all
connect pop.googlemail.com:995 stream tcp


Which works fine.
But google has more than one ip for this name and it seems,
that gradm is resolving the names only once at start/restart.
Thus it's a game of choice if this policy works.

Is there any solution to handle this kind of problem?
Maybe a CAP_ flag, which tells gradm not to resolve before runtime?

Best regards
ioJeW2
 
Posts: 1
Joined: Thu Aug 14, 2014 2:56 am
Top

Re: Gradm: Dns and cloud services

Postby spender » Sun Aug 24, 2014 2:52 pm

The hostname allowance in policy is a convenience feature, used where a hostname won't have its possible list of resolved IPs changed (otherwise i'd need to delay connections in order to do DNS resolution in the kernel, which I won't add).

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group