denied rename with rwcd

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

denied rename with rwcd

Postby joeyt » Wed May 25, 2005 3:49 pm

How do I allow ntpd to rename drift.TEMP to drift and vice versa? I thought that the rwcd on both file names would take care of it. I don't have any subjects for /sbin/init so I'm guessing that it falls under the role root as that who it is being run as. What am I missing?

Code: Select all
grsec: (root:U:/usr/sbin/ntpd) denied rename of /etc/ntp/drift.TEMP to /etc/ntp/drift by /usr/sbin/ntpd[ntpd:13008] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Code: Select all
role root uG
...
subject /usr/sbin/ntpd o {
        /                               h
        /etc/ntp
        /etc/ntp/drift                  rwcd
        /etc/ntp/drift.TEMP             rwcd
        -CAP_ALL
        +CAP_IPC_LOCK
        +CAP_SYS_TIME
        bind    disabled
        connect 10.10.0.12/32:123 dgram udp
}
joeyt
 
Posts: 4
Joined: Tue Feb 15, 2005 3:21 pm

Return to grsecurity support