grsecurity forums

by **voided** » Tue Jul 29, 2003 3:07 pm

Hi! i need some help with making screen work again. Some help with the acl system would be appreciated.

Thank you

by **voided** » Mon Aug 04, 2003 12:48 am

nm.. learning mode.

problem solved

by **Xeper** » Mon Sep 22, 2003 1:36 am

Hey i've problems with my screen too (just as normal user) it says:

No more PTY's.
Sorry, could not find a PTY.

My rules:

/usr/bin/screen o {
/ r
/dev
/dev/null rw
/dev/pty* rwx
/dev/tty* rwx
/dev/console rwx
/dev/pts rwx
/dev/ptmx rwx
/dev/mem h
/dev/kmem h
/dev/port h
/bin rx
/sbin rx
/lib rx
/usr rx
/etc rx
/etc/ssh h
/proc rxw
/proc/kcore h
/proc/sys r
/root r
/tmp rw
/var rxw
/var/tmp rw
/var/log r
/boot h
/etc/grsec h
/usr/bin/screen x
+CAP_ALL
-CAP_LINUX_IMMUTABLE
-CAP_NET_BIND_SERVICE
-CAP_NET_ADMIN
-CAP_NET_RAW
-CAP_SYS_MODULE
-CAP_SYS_RAWIO
-CAP_SYS_CHROOT
-CAP_SYS_PTRACE
-CAP_SYS_ADMIN
-CAP_SYS_TTY_CONFIG
-CAP_MKNOD
}

SOrry but i dont know what is wrong (im newbie in grsecurity problems)

by **gredi** » Sat Jul 16, 2005 7:18 pm

I have the same problem exactly as Xeper

Code: Select all: role gredi u role_allow_ip AAA.BBB.CCC.DDD/32 subject / { / h /bin x /dev h /dev/null r /dev/pts rwc /dev/tty rw /dev/urandom r /etc rx /etc/grsec h /etc/ssh h /etc/shadow h /etc/shadow- h /etc/gshadow h /etc/gshadow- h /etc/exim h /etc/ppp/chap-secrets h /etc/ppp/pap-secrets h /etc/samba/smbpasswd h /lib rx /usr h /usr/bin x /usr/bin/w h /usr/lib rx /usr/share h /usr/share/locale r /usr/share/terminfo r /var h /var/run /var/spool/mail /home h /home/gredi rwcxd /proc /proc/meminfo r /proc/sys/kernel/ngroups_max r /proc/sys/kernel/version r /proc/kcore h /proc/bus h /proc/prs rx -CAP_ALL bind disabled connect disabled } subject /usr/bin/screen-4.0.2 o { / h /bin h /bin/bash x /etc h /etc/ld.so.cache rx /etc/nsswitch.conf r /etc/passwd rx /etc/screenrc r /etc/shadow r /home h /home/*/.screen rwcd /lib rx /usr h /usr/bin h /usr/bin/screen-4.0.2 x /usr/lib rx /usr/sbin h /usr/sbin/utempter x /usr/share h /usr/share/locale r /usr/share/terminfo r /var h /var/run /var/run/utmp rw /dev /dev/null rw /dev/ptmx rw /dev/pts rw /dev/grsec h /dev/mem h /dev/kmem h /dev/port h /dev/log h /proc /proc/kcore h /proc/sys h /proc/bus h -CAP_ALL bind disabled connect disabled } subject /usr/sbin/utempter o { / h /dev h /dev/pts /etc h /etc/ld.so.cache rx /etc/nsswitch.conf r /etc/passwd rx /lib x /lib/tls rx /usr h /usr/sbin/utempter x /var h /var/log/wtmp w /var/run /var/run/utmp rw -CAP_ALL bind disabled connect disabled }