grsecurity forums • View topic - ACL problem....confused...

ACL problem....confused...

2 posts • Page 1 of 1

Reply with quote

ACL problem....confused...

by kolargol » Thu Sep 23, 2004 5:23 am

Hello,

i have strange filling that when i enable RBAC (gradm -E) it don't read or ignore some entries in /etc/grsec/acl, look:

syslog:

Code: Select all: grsec: From X.X.X.X: (default:D:/) use of CAP_SYS_CHROOT denied for /usr/sbin/popa3d[popa3d:25227] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/popa3d[popa3d:17434] uid/euid:0/0 gid/egid:0/0

but in ACL there is:

Code: Select all: subject /usr/sbin/popa3d o { / h /dev h /dev/log rw /etc h /etc/ld.so.cache r /etc/pam.d r /etc/passwd r /etc/shadow r /lib h /lib/libcrypt-2.3.2.so rx /lib/security/pam_unix.so rx /usr h /usr/share/zoneinfo/Europe/Warsaw r /var h /var/lib/popa3d -CAP_ALL +CAP_SETGID +CAP_SETUID +CAP_SYS_CHROOT bind disabled connect disabled }

any help on that? - why it doesn't agree witch +CAP_SYS_CHROOT ?

kolargol: Posts: 36; Joined: Thu Sep 23, 2004 5:19 am

Reply with quote

by spender » Thu Sep 23, 2004 10:39 am

In 2.0.1, the file is /etc/grsec/policy.

-Brad

spender: Posts: 2185; Joined: Wed Feb 20, 2002 8:00 pm

2 posts • Page 1 of 1

Return to grsecurity support