I'm getting following errors with grsecurity-2.9-2.6.32.59-201204272005.patch and gradm-2.9-201202232055 (i386):
- Code: Select all
May 5 13:59:03 host kernel: : grsec: (skype:U:/usr/bin/skype) denied executable mmap of /SYSV00000000 by /usr/bin/skype[skype:6996] uid/euid:1009/1009 gid/egid:1009/1009, parent /usr/lib/kde4/libexec/kdesu_stub[kdesu_stub:6993] uid/euid:1009/1009 gid/egid:1009/1009
despite having following rule in RBAC policy:
- Code: Select all
...
role skype u
...
subject /usr/bin/skype oO {
...
/SYSV00000000 rxi
}
Similar problem was mentioned in old 2005 thread: viewtopic.php?f=3&t=1120
It seems now /SYSV... is correctly recognized in gradm2 as special and globbed mode is used for it, but I'm still getting denied errors.
Any suggestions?