I think there is something with the new learning introduced in 2.1.0. By default, this line is added to learn_config:
inherit-learn /etc/cron.daily
Then I had gradm -F ... run for a few days, then started gradm -F -L ... -O ...
The problem is, when I start the system with gradm -E, it says the following:
- Code: Select all
# gradm -E
Duplicate object found for "/usr/lib/libsablot.so.0.100.0" in role root, subject /etc/cron.daily, on line 566 of /etc/grsec/policy.
"/usr/lib/libsablot.so.0.100.0" references the same object as the following object(s):
/usr/lib/libsablot.so.0
/usr/lib/libsablot.so
/usr/lib/libsablot.so.0.100.0
So it seems, that the new learning method doesn't recognise softlinks, and it adds all of theese entries to policy. I removed them, so that's not a problem, but I think this is not the normal behaviour
I didn't check, maybe it is already fixed in 2.1.1-pre, but I thought maybe you don't know about this.
Thank you,
Balint