hald-addon-storage refusing to read /dev/hdc

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

hald-addon-storage refusing to read /dev/hdc

Postby Christian_Rebel » Sun Feb 18, 2007 11:25 pm

Okay I have a problem which is popping up every 4 seconds on the
console and it reads as follows:

grsec:(default:D:/)denied open of /dev/hdd for reading by
/usr/lib/hal/hald-addon-storage[hald-addon-stor:5210] uid/euid:115/115
gid/egid:115/115, parent /usr/lib/hal/hald-runner[hald-runner:5185]
uid/euid:0/0 gid/egid:0/0


After a couple of tries with the policy learning tool this hasn't seemed
to iron itself out. So I'm going to post my subject line for
hald-addon-storage here and hope someone can spot something I missed:

subject /usr/lib/hal/hald-addon-storage l
{
/dev h
/dev/hdc r
/dev/hdd r

bind disabled
connect disabled
}


Help will be appreciated.
Christian_Rebel
 
Posts: 3
Joined: Thu Feb 15, 2007 3:36 am

Postby `VL » Sun Apr 01, 2007 3:44 pm

The main thing that you should understand is:

grsec:(default:D:/)denied open of /dev/hdd for reading by


this line shows you that process, which you want to control is using default policy(this shows D) for ROOT(/).

So, rules you wrote for it in "subject /usr/lib..." do not work.

You have to understand why. Maybe you misspelled it, maybe you put it to other role, maybe something else.
`VL
 
Posts: 28
Joined: Wed Feb 23, 2005 2:11 pm


Return to RBAC policy development

cron