grsecurity forums

[T2000]

Hi,

I'm running 2.6.13.4-grsec on my gentoo linux box. Some days ago, the postfix version 2.2.5 became stable in gentoo x86 tree. From this time on, i get the following error:

Nov 19 12:21:45 c3po postfix/sendmail[5128]: warning: can't open /proc/net/if_inet6 (Permission denied) - skipping IPv6 configuration
Nov 19 11:21:45 c3po postfix/postdrop[7810]: warning: can't open /proc/net/if_inet6 (Permission denied) - skipping IPv6 configuration

the permission were: -r--r---r-- 1 root pax 0 19. Nov 13:51 if_inet6

and I changed them for testing purposes to:

ls -l /proc/net/ | grep if_inet6
-rw-rw-r-- 1 root pax 0 19. Nov 13:51 if_inet6

I set postfix into the group pax, but i didn't help.
Any ideas?

Thx T2000

[T2000]

The patch against 2.6.14.2 doesn't help either

No ideas where the problem could be?

[rocky]

whats the permissions of /proc/net/


i'm having a similar problem where /proc/net is set to 550, and no matter how i try to set it to 555, grsec prevents it.

[spender]

The /proc restrictions cause this. Had you read the configuration help for the features you enabled, you would know that you have to allow a special group to access the restricted /proc files, and add postfix to this group.

-Brad

[T2000]

pretty old thread, but...
I put this error into logckeck.ignore so i didn't see it until now, where i'm reading in this forum.

postfix is in the group pax and pax has GID 440 and this exactly what i configured into the kernel: CONFIG_GRKERNSEC_PROC_GID=440

Any ideas?