grsecurity forums

[hmhansolo]

There are files on the filesystem on most *nix systems, that get deleted and recreated... and as such, the inode changes.. for example.. /etc/resolv.conf.. dhcpd sometimes removes this file and creates a new one.. then, applications like qmail and others, can no longer access /etc/resolv.conf, becuase in the acl they were given permission to access that file by "/etc/resolv.conf r".. i know this problem can be solved by doing "/etc/resolv.conf* r", but then that gives access to other files u may not want the program to have access to.. maybe an object option can be given .. such as "/etc/resolv.conf pr", where p means match based on the filename "/etc/resolv.conf" instead of the inode of /etc/resolv.conf..

another question.. i am assuming matching on inode number instead of file name is for security reasons... if not, why is matching done on inode instead of file name?


--hmhansolo

thanks for the help

[spender]

Grsecurity can handle the /etc/resolv.conf, /etc/passwd, etc cases where a file gets removed and recreated, while still using an inode/dev based system. Inode/dev lookups are preferred because multiple paths can refer to the same file, so using path matching on such files can result in an inconsistent policy (which may be wanted or unwanted).

-Brad

[hmhansolo]

how do i set that up?

everything in my logs seems fine.. and then when dhcpcd messes with my /etc/resolv.conf file, programs like qmail and such, that have not been given access to /etc and only been given explicit access to /etc/resolv.conf, start getting denied access to the /etc/resolv.conf file.

--hmhansolo

[spender]

That shouldn't happen. Can you send me the logs and an strace of dhcpcd?

-Brad