grsecurity forums

[ralphy]

Somebody mind telling me how to fix this?

This occurred primarily after a gentoo update (I forgot which one). Restarted using gradm but that was to no avail. Any possible way to fix this other than a reboot?

Code: Select all

Jul 14 02:48:28 HOSTNAME grsec: (default:D:/) denied access to hidden file /dev/md0 by /var/tmp/portage/sys-fs/mdadm-2.6.2/image/sbin (deleted)/mdadm[mdadm:2066] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Jul 14 02:48:28 HOSTNAME grsec: (default:D:/) denied access to hidden file /dev by /var/tmp/portage/sys-fs/mdadm-2.6.2/image/sbin (deleted)/mdadm[mdadm:2066] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0


[zakalwe]

I think this happens when the file is still in use but overwritten. Restart whatever service got updated and that should fix it I think.

[ralphy]

Such a simple solution, don't know why I hadn't thought of it, heh. Many thanks for the help

[spender]

What version of grsecurity are you using, and on what kernel? You shouldn't have "(deleted)" appearing in any of your pathnames.

-Brad

[zakalwe]

I've seen these messages after upgrading a running service. It happens with 2.6.21.6-grsec, and I'm pretty sure it has been like that for a while. I never thought anything of it, because the service needs restarted anyway.

[ralphy]

It's linux-2.4.34, grsec 2.1.10

mdadm had just been upgraded. After following the advice of the previous poster, the error had disappeared.

[spender]

This will be fixed in grsecurity 2.1.11. A patch for 2.4.35 already exists in ~spender and 2.6.22 will follow soon. The problem manifests itself only when the parent directory of a removed file is also removed.

-Brad

[ralphy]

Ah. Thanks spender.