Hello,
I rebuild the 2.6.10 kernel with grsec. I put the system into leanring mode as detailed in the quick start guide:
gradm –F –L /etc/grsec/learning.log
I let the system run for 12 hours and then:
gradm –F –L /etc/grsec/learning.log –O /
etc/grsec/acl
When I try to enable:
gradm -E
I get an error message saying something about the default role has 1 hole in it, CAP_SYS_BOOT has not been removed and a hacker could reboot the system.
I added -CAP_SYS_BOOT to the default role in the acl and I still get the error message.
Any advice?
Thank-you.