After last software update, these messages started to appear in logs:
- Code: Select all
Jan 7 13:52:53 local grsec: (root:U:/) denied access to hidden file /dev/initctl by /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0, parent /[swapper:0] uid/euid:0/0 gid/egid:0/0
Jan 7 13:52:53 local grsec: (root:U:/) denied access to hidden file /dev by /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0, parent /[swapper:0] uid/euid:0/0 gid/egid:0/0
Jan 7 13:52:53 local grsec: (root:U:/) denied access to hidden file /dev/initctl by /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0, parent /[swapper:0] uid/euid:0/0 gid/egid:0/0
Jan 7 13:53:01 local grsec: (root:U:/) denied access to hidden file /dev/initctl by /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0, parent /[swapper:0] uid/euid:0/0 gid/egid:0/0
Jan 7 13:53:01 local grsec: (root:U:/) denied access to hidden file /dev by /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0, parent /[swapper:0] uid/euid:0/0 gid/egid:0/0
Subject /sbin/init exists in my ACL, and has permissions to access the device nodes above. But after updating to newer versions, these subjects are completely ignored and all of them are identified as "/" (main subject). Disabling/enabling or reloading grsec will not fix this.
Any way to fix this problem without rebooting? Normally, after update of some software, i need to restart chpax for grsec to accept it and stop writing errors regarding it(reboot helps too here, but it is the worst way)
Unfortunately, it doesn't work for init. Also, how do i create ACL for "swapper"?