Page 1 of 1

rpc.mountd getfs

PostPosted: Thu Mar 02, 2006 6:54 am
by sunny
Hey,

i have the following error in my syslog:

kernel: grsec: From 192.168.XXX.XXX: (root:U:/usr/sbin/rpc.mountd) denied access to hidden file //.getfs by /usr/sbin/rpc.mountd[rpc.mountd:27418] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

It occurs, when i try to mount a nfs-share from a client. I don't know how to fix that.

Part of my policy file:
subject /usr/sbin/rpc.mountd o {
/ h
/usr h
/usr/sbin/rpc.mountd rx
//.getfs r
/etc h
/etc/hosts r
/etc/hosts.allow r
/var h
/var/lib/nfs r
/var/lib/nfs/rmtab rwcd
/var/lib/nfs/rmtab.tmp rwcd
/home
/home/share
-CAP_ALL
bind 0.0.0.0/32:0 dgram ip igmp
connect 192.168.0.0/16:0-1023 dgram igmp udp
connect 127.0.0.1/32:53 dgram igmp udp
}

PostPosted: Sun Mar 12, 2006 4:09 pm
by spender
What version of grsecurity are you using?

-Brad

PostPosted: Sun Mar 12, 2006 8:21 pm
by sunny
grsecurity-2.1.9-2.6.14.7-200602141849.patch

PostPosted: Mon Mar 13, 2006 6:55 pm
by spender
Is this the first version of grsecurity you've used in which the error has occured? Some changes were made to the filename generation code in 2.1.8

-Brad

PostPosted: Tue Mar 14, 2006 8:57 am
by sunny
Iirc the first version of the policy was made with gradm-2.1.8-200601212342 in full learning mode. Because that caused the named problems i retried with selective learning with the 2.1.9 version.