grsecurity forums


http://forums.grsecurity.net/

hald-addon-storage refusing to read /dev/hdc

http://forums.grsecurity.net/viewtopic.php?f=5&t=1686

Page 1 of 1

hald-addon-storage refusing to read /dev/hdc

PostPosted: Sun Feb 18, 2007 11:25 pm
by Christian_Rebel
Okay I have a problem which is popping up every 4 seconds on the
console and it reads as follows:

grsec:(default:D:/)denied open of /dev/hdd for reading by
/usr/lib/hal/hald-addon-storage[hald-addon-stor:5210] uid/euid:115/115
gid/egid:115/115, parent /usr/lib/hal/hald-runner[hald-runner:5185]
uid/euid:0/0 gid/egid:0/0


After a couple of tries with the policy learning tool this hasn't seemed
to iron itself out. So I'm going to post my subject line for
hald-addon-storage here and hope someone can spot something I missed:

subject /usr/lib/hal/hald-addon-storage l
{
/dev h
/dev/hdc r
/dev/hdd r

bind disabled
connect disabled
}


Help will be appreciated.

PostPosted: Sun Apr 01, 2007 3:44 pm
by `VL
The main thing that you should understand is:

grsec:(default:D:/)denied open of /dev/hdd for reading by


this line shows you that process, which you want to control is using default policy(this shows D) for ROOT(/).

So, rules you wrote for it in "subject /usr/lib..." do not work.

You have to understand why. Maybe you misspelled it, maybe you put it to other role, maybe something else.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/