SSH server nolonger works once gradm is on (used to work bef

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

Re: SSH server nolonger works once gradm is on (used to work

Postby PaX Team » Thu Jun 21, 2007 3:48 pm

mikeeusa wrote:SSH server nolonger works once gradm is on (used to work before upgrades, I also updated the policy for the new glibc and friends so that probably isn't the cause).
check your root role again, it doesn't give access to /usr/lib/i686/cmov, only /usr/lib/i686 (it'd probably be better to make use of the include feature and have common ACLs for common subjects like sshd).
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: SSH server nolonger works once gradm is on (used to work

Postby PaX Team » Fri Jun 22, 2007 5:07 am

mikeeusa wrote:I've add the cmov line to everything that had a /usr/lib/i686 line, it still doesn't work:
you enabled visibility of the directory name only, you didn't actually give access to the files in it. i suggest that you check out your other sshd subjects for comparison.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm


Return to RBAC policy development

cron