rpc.mountd getfs

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

rpc.mountd getfs

Postby sunny » Thu Mar 02, 2006 6:54 am

Hey,

i have the following error in my syslog:

kernel: grsec: From 192.168.XXX.XXX: (root:U:/usr/sbin/rpc.mountd) denied access to hidden file //.getfs by /usr/sbin/rpc.mountd[rpc.mountd:27418] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

It occurs, when i try to mount a nfs-share from a client. I don't know how to fix that.

Part of my policy file:
subject /usr/sbin/rpc.mountd o {
/ h
/usr h
/usr/sbin/rpc.mountd rx
//.getfs r
/etc h
/etc/hosts r
/etc/hosts.allow r
/var h
/var/lib/nfs r
/var/lib/nfs/rmtab rwcd
/var/lib/nfs/rmtab.tmp rwcd
/home
/home/share
-CAP_ALL
bind 0.0.0.0/32:0 dgram ip igmp
connect 192.168.0.0/16:0-1023 dgram igmp udp
connect 127.0.0.1/32:53 dgram igmp udp
}
sunny
 
Posts: 3
Joined: Thu Mar 02, 2006 5:25 am
Location: DA, Germany

Postby spender » Sun Mar 12, 2006 4:09 pm

What version of grsecurity are you using?

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Location: VA, USA

Postby sunny » Sun Mar 12, 2006 8:21 pm

grsecurity-2.1.9-2.6.14.7-200602141849.patch
sunny
 
Posts: 3
Joined: Thu Mar 02, 2006 5:25 am
Location: DA, Germany

Postby spender » Mon Mar 13, 2006 6:55 pm

Is this the first version of grsecurity you've used in which the error has occured? Some changes were made to the filename generation code in 2.1.8

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Location: VA, USA

Postby sunny » Tue Mar 14, 2006 8:57 am

Iirc the first version of the policy was made with gradm-2.1.8-200601212342 in full learning mode. Because that caused the named problems i retried with selective learning with the 2.1.9 version.
sunny
 
Posts: 3
Joined: Thu Mar 02, 2006 5:25 am
Location: DA, Germany


Return to RBAC policy development

cron