How to know parent of parent process

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

How to know parent of parent process

Postby dimonb » Wed Oct 25, 2006 9:18 am

Hi, I have a such problem.

Code: Select all
grsec: (root:U:/bin/mv) denied access to hidden file /var/lib/init.d/exclusive/local by /bin/mv[mv:4377] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:2880] uid/euid:0/0 gid/egid:0/0

but I don't want to make any /bin/mv possible to write in /var/lib/init.d. and I don't want to any bash be possible to run mv with such rights. But how could I know parent of bash?
Posts: 1
Joined: Thu Sep 28, 2006 3:20 am

Return to RBAC policy development