Generating ACL from learning.log hangs...

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

Generating ACL from learning.log hangs...

Postby stevie » Mon Sep 10, 2007 6:04 am

Hello,

im just trying to get RBAC running and i have generated a learning.log file. But while generating the acl the gradm hangs up after a while and it seems, that the script is in a loop.

The output from gradm:

gradm -F -L learning.log -O /etc/grsec/acl
Beginning full learning 1st pass...done.
Beginning full learning role reduction...done.
Beginning full learning 2nd pass...done.
Beginning full learning subject reduction for user root...done.
Beginning full learning subject reduction for user list...done.
Beginning full learning subject reduction for user popuser...done.
Beginning full learning subject reduction for user mysql...done.
Beginning full learning subject reduction for user qmaild...done.
Beginning full learning subject reduction for user qmaill...done.
Beginning full learning subject reduction for user www-data...done.
Beginning full learning subject reduction for group qmail...done.
Beginning full learning subject reduction for user bind...done.
Beginning full learning subject reduction for user daemon...done.
Beginning full learning subject reduction for user bommel...done.
Beginning full learning subject reduction for user ntp...done.
Beginning full learning subject reduction for group psacln...done.
Beginning full learning subject reduction for user clamav...done.
Beginning full learning subject reduction for group nogroup...done.
Beginning full learning subject reduction for user psaadm...done.
Beginning full learning subject reduction for user man...done.
Beginning full learning object reduction for subject /...done.
Beginning full learning object reduction for subject /bin/bash...done.
Beginning full learning object reduction for subject /bin/chmod...done.
Beginning full learning object reduction for subject /bin/cp...done.
Beginning full learning object reduction for subject /bin/grep...done.
Beginning full learning object reduction for subject /bin/ip...done.
Beginning full learning object reduction for subject /bin/ls...done.
Beginning full learning object reduction for subject /bin/mv...done.
Beginning full learning object reduction for subject /bin/nc...done.
Beginning full learning object reduction for subject /bin/ps...done.
Beginning full learning object reduction for subject /bin/rm...done.
Beginning full learning object reduction for subject /bin/su...done.
Beginning full learning object reduction for subject /bin/touch...done.
Beginning full learning object reduction for subject /etc/cron.daily...


And that its. strace shows:

brk(0x238e6000) = 0x238e6000
brk(0x23907000) = 0x23907000
brk(0x23928000) = 0x23928000
brk(0x23949000) = 0x23949000
brk(0x2396a000) = 0x2396a000
brk(0x2398b000) = 0x2398b000
brk(0x239ac000) = 0x239ac000
brk(0x239cd000) = 0x239cd000
brk(0x239ee000) = 0x239ee000
brk(0x23a0f000) = 0x23a0f000
brk(0x23a30000) = 0x23a30000
brk(0x23a52000) = 0x23a52000
brk(0x23a75000) = 0x23a75000
brk(0x23a96000) = 0x23a96000
brk(0x23ab7000) = 0x23ab7000
brk(0x23adc000) = 0x23adc000
brk(0x23afe000) = 0x23afe000
brk(0x23b1f000) = 0x23b1f000
brk(0x23b40000) = 0x23b40000
brk(0x23b61000) = 0x23b61000
brk(0x23b82000) = 0x23b82000
brk(0x23ba3000) = 0x23ba3000
brk(0x23bc4000) = 0x23bc4000
brk(0x23be5000) = 0x23be5000
brk(0x23c06000) = 0x23c06000

And so on. How long should i wait before killing gradm?

What to do?
stevie
 
Posts: 2
Joined: Mon Sep 10, 2007 5:57 am

Postby spender » Thu Sep 20, 2007 5:58 pm

How large is your learning.log? How many lines of it contain "cron.daily"?

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Location: VA, USA


Return to RBAC policy development

cron