On Sat, Feb 15, 2014 at 06:03:28PM +0100, Luis Ressel wrote:
> I've had a first look at this. Sadly, there's no gid mount option for
> sysfs. Another complication is that the group isn't granted any rights
> anyway.
>
> I'll examine what changes to the kernel would be neccessary. (For sure,
> one
I am new to grsecurity I am having a problem when I enable RBAC, where
grsecurity denies gradm and certain directories such as /etc/grsec are
inaccessible, and even /dev/grsec.
gentoo ~ # gradm -E
gentoo ~ # gradm -F -L /etc/grsec/learning.log
Could not open /dev/grsec.
open: Permission denied
/v
On Mon, 17 Feb 2014 19:24:51 +
Sven Vermeulen wrote:
> The init script approach is what most distributions are doing. We also
> relabel cpu/online in the selinux_gentoo init script.
>
> But the approach you mentioned on the other mailinglist (regarding
> reusing the statement already in use
I think you should not issue gradm -E before activating learning mode.
Also make sure to populate your policy with at least some default stuff
for the admin role before enabling it. The example policy file gives a
starting point.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiol
What should that stuff be so gradm works. I tried add
Also the wiki instructs me to issue gradm -E before putting it in learning mode.
I've tried adding some lines to the admin role myself but the same
problem occurs, and gradm can no longer find /dev/grsec..
role admin sA
subject / rvka
BTW, I was supposed to delete the first two lines of that email.
On Tue, Feb 18, 2014 at 9:25 AM, John Tate wrote:
> What should that stuff be so gradm works. I tried add
>
> Also the wiki instructs me to issue gradm -E before putting it in learning
> mode.
>
> I've tried adding some lines to th
