override "denied read of sensitive /proc/pid/environ" ?
Posted: Tue Oct 28, 2014 6:54 am
Is there a way to allow some subject to override "denied read of sensitive /proc/pid/environ entry"?
I have GRKERNSEC_PROC_MEMMAP enabled, and would like that protection for ALMOST all subjects. However I have one subject that needs to access /proc/<pid>/environ (and possible other per-process data) of other processes (it is intrusion detection script, which looks at suspicios processes and logs and alerts admin)
I have GRKERNSEC_PROC_MEMMAP enabled, and would like that protection for ALMOST all subjects. However I have one subject that needs to access /proc/<pid>/environ (and possible other per-process data) of other processes (it is intrusion detection script, which looks at suspicios processes and logs and alerts admin)