Hi all
I have setup a policy with an administrative role:
role admin sA
subject / adkrvO
/ rwxcdml
/etc rwxcdmlW
+CAP_ALL
This is the only role that should be able to modify the ACL settings. It gets access to /etc/grsec/* , but when trying to reload the policy afterwards, gradm fails with the error: "readlink: Permission denied"
strace reveals that gradm is trying to read its own /proc/<pid>/exe, but gets an error (besides other strange messages):
# strace gradm -R
[...]
Password:
[...]
chdir("/etc/grsec") = 0
open("/etc/grsec/policy", O_RDONLY) = 3
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfff6108) = -1 ENOTTY (Inappropriate ioctl for device)
[...]
getpid() = 4377
readlink("/proc/4377/exe", 0xbfff514c, 4095) = -1 EACCES (Permission denied)
write(2, "readlink: Permission denied\n\n", 29readlink: Permission denied
) = 29
munmap(0xb7f65000, 4096) = 0
exit_group(1) = ?
The policy is then not reloaded. No error is logged to syslog or console.
Do I need to specify any further permissions for the admin role?
Thanks /markus
gradm -R fails with "readlink: Permission denied"
1 post
• Page 1 of 1
gradm -R fails with "readlink: Permission denied"
by xor » Mon Oct 15, 2007 12:00 pm
- xor
- Posts: 7
- Joined: Wed Jul 12, 2006 6:15 am
1 post
• Page 1 of 1