grsecurity forums

[matty]

I run tripwire daily from a mounted CD-ROM. The executable and the database is on the CD. Normally it works fine, but with RBAC enabled sometimes(!) it does not. The execution of the binary on the CD is being denied:

syslog:

Code: Select all

Feb  7 06:25:10 XXX syslogd 1.4.1#17: restart.
Feb  7 06:25:13 XXX kernel: ISO 9660 Extensions: Microsoft Joliet Level 3
Feb  7 06:25:13 XXX kernel: ISOFS: changing to secondary root
Feb  7 06:25:13 XXX kernel: grsec: (root:U:/etc/cron.daily) denied execution of /media/cdrom0/usr/sbin/tripwire by /usr/bin/nice[nice:7011] uid/euid:0/0
 gid/egid:0/0, parent /etc/cron.daily/tripwire[tripwire:24007] uid/euid:0/0 gid/egid:0/0

ACL:

Code: Select all

subject /etc/cron.daily o {
user_transition_allow root
group_transition_allow root
...
        /media
        /media/cdrom0
        /media/cdrom0/usr/sbin          rxi
        /media/cdrom0/var/lib/tripwire/XXX.twd     r
...
}

But the next day it may work fine. I think it does not work, if the CD was just mounted. If it was already mounted it seems to work. But that's just an assumption. How can I fix that behaviour, so that tripwire is run every day without problems?

Kernel 2.6.14.6
grsecurity 2.1.8-2.6.14.6-200601211647
gradm v2.1.8

If you need additional ACL subjects, let me know.

[spender]

Grsecurity's RBAC system doesn't yet support policies on filesystems that haven't been mounted at enable time.

-Brad

[matty]

So if the CD is mounted before enabling the RBAC system it should work? I will try that, thanks for your answer.

[matty]

Yes, that fixed it.