grsecurity forums

by **osa** » Fri May 11, 2007 7:56 am

Hi

I installed debian etch 4.0 with grsecurity , when I try gradm -E i have error message

gradm -E
Duplicate subject found for "/sbin/gradm" in role bsadmin, on line 1608 of /etc/grsec/policy.
"/sbin/gradm" references the same object as "/sbin/gradm" specified on an earlier line.

line 1608
subject /sbin/gradm {
/ h
/sbin/gradm x
/etc/ld.so.cache r
-CAP_ALL
}

I check all policy file and I don't find the same line entry

Where is the error?

by **spender** » Sun May 13, 2007 9:49 pm

You don't need to add a policy for gradm. It is automatically added by the RBAC system.

-Brad

by **osa** » Mon May 14, 2007 1:38 am

spender wrote:You don't need to add a policy for gradm. It is automatically added by the RBAC system.

-Brad

Hi

If it's automatically add how I can add this,where I add +CAP_SYS_ADMIN?

grsec: From 192.168.1.50: (root:U:/sbin/gradm) use of CAP_SYS_ADMIN denied for /sbin/gradm[gradm:8341] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:8284] uid/euid:0/0 gid/egid:0/0

osa

by **spender** » Mon May 14, 2007 7:18 am

gradm should not need CAP_SYS_ADMIN. What action were you performing to make it generate that log?

-Brad

by **osa** » Mon May 14, 2007 3:56 pm

When I used this command gradm -D I have this error on console

grsecurity forums

Debian 4.0 and policy problem

Debian 4.0 and policy problem