I have constant problem with RBAC forgotting objects after package update. For example with git on gentoo. After upgrade I am keep getting
- Code: Select all
grsec: From xx.xx.xx.xx: (piotr:U:/bin/zsh) denied access to hidden file /usr/bin/git by /bin/zsh[zsh:6219] uid/euid:1000/1000 gid/egid:100/100, parent /bin/zsh[zsh:6212] uid/euid:1000/1000 gid/egid:100/100
Even that I do have access to object /usr/bin/git in subject / of user role piotr. Same goes for perl. The Portage's TMPDIR is located on another file system so it does not use rename(), so its not connected to the proc's 'exe' symlink that's broken upstream.
It seems to be closely connected to hardlinks, as the /usr/bin/git's inode is present on rootfs 113 times (according to `find / -xdev -inum`)
tl;dr: RBAC renders effectively running system as unusable if objects defined in policy are replaced/owerwritten by hardlinks.