/dev/log problem
Posted: Wed Nov 05, 2003 11:18 amI'm having trouble with a program running under grsecurity (2). I keep getting in the logs
Oct 23 16:11:22 cgi kernel: grsec: denied connect to the unix domain socket /dev/log by /usr/bin/logger[logger:30572] uid/euid:500/500 gid/egid:15000/15000, parent /usr/local/sbin/mailer.pl[sendmail:20769] uid/euid:500/500 gid/egid:15000/15000
So I made a subject
subject /usr/bin/logger ol
/ h
And then ran gradm.
gradm -L /etc/grsec/learning.logs -E
and took this out of the results I got
subject /usr/bin/logger o {
/ h
/dev h
/dev/log rw
/etc h
/etc/ld.so.cache r
/etc/localtime r
/lib h
/lib/ld-2.3.2.so x
/lib/libc-2.3.2.so rx
/usr h
/usr/share/zoneinfo/US/Eastern r
-CAP_ALL
bind disabled
connect disabled
}
The thing is, even after loading, with this in the acl. I still get the same error in the logs. What am I doing wrong?
axehind
Oct 23 16:11:22 cgi kernel: grsec: denied connect to the unix domain socket /dev/log by /usr/bin/logger[logger:30572] uid/euid:500/500 gid/egid:15000/15000, parent /usr/local/sbin/mailer.pl[sendmail:20769] uid/euid:500/500 gid/egid:15000/15000
So I made a subject
subject /usr/bin/logger ol
/ h
And then ran gradm.
gradm -L /etc/grsec/learning.logs -E
and took this out of the results I got
subject /usr/bin/logger o {
/ h
/dev h
/dev/log rw
/etc h
/etc/ld.so.cache r
/etc/localtime r
/lib h
/lib/ld-2.3.2.so x
/lib/libc-2.3.2.so rx
/usr h
/usr/share/zoneinfo/US/Eastern r
-CAP_ALL
bind disabled
connect disabled
}
The thing is, even after loading, with this in the acl. I still get the same error in the logs. What am I doing wrong?
axehind