grsecurity forums

[mceith]

Hello,

Im having troubles with named. The error:

grsec: denied unlink of /chroot/named/var/run/named.pid by /usr/local/sbin/named[named:6412] uid/euid:40/40 gid/egid:40/40, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Im running bind in chroot environment. Here is the acl for named:

subject /usr/local/sbin/named idr
/chroot/named/etc/namedb rw
/chroot/named/dev rw
/chroot/named/var/run/named.pid rw
/bin/ln rx
/bin/rm rx
/bin/unlink rx
/chroot/named r
+CAP_ALL
+CAP_SYS_CHROOT
+CAP_NET_BIND_SERVICE

Can anyone help me? thx

[spender]

/chroot/named/var/run/named.pid rw

needs to be

/chroot/named/var/run/named.pid rwcd

-Brad

[mceith]

/chroot/named/var/run/named.pid rw

needs to be

/chroot/named/var/run/named.pid rwcd

-Brad

That solved the problem, thx

Hope we will have docs for 2.0 soon.