grsecurity forums

Hey,

My Current ACL is as follows, ive tired to make it open as possible but it still dont seem to want to work.

/ {
/ rwx
/opt rx
/home rwx
/bin rx
/dev rx
/dev/mem h
/dev/kmem h
/sbin rx
/lib rx
/usr rx
/usr/local/mysql rwx
/etc rx
/proc rwx
/proc/sys r
/root r
/tmp rw
/var rwx
/var/log rwx
/boot r
/etc/grsec h
-CAP_ALL
}


When i start it with gradm -E

I try start postfix or my courier imap/pop3 server and i getting getting errors

postfix: error while loading shared libraries: failed to map segment from shared object: cannot load shared object file: Permission denied

Also is there a way to make it so gradm only learns stuff about your system it dosent actually apply the acls..

because i want to add acls to my system but i cant just keep trying acls to see if they work or not, as its a web hosting server/shell hosting clients would get pissed off if things keep going up and down..

So is it possible to make grdam just go into learning mode for many the whole system or mabey just some files i select or something?

/Steve

ok i figured out how to make it learn the system..

but gradm dosent seem to want to log at all?

the only logs i can find are when i type demsg it shows some gradm stuff.. but it dosent log anything into /var/log/ ...

is there a thing i have to add to syslogd.conf or something?

ahh what a pain ive fixed it all now..


now i gota go though the painfull job of getting all info on the deamons i run on my server..

hi:

I have the same library problem, I would really like to know what the solution is.

thanks.

pasholy.

what you need to do is find the full path of the library that was mmap'd (grsecurity 1.9.9-rc2 will do this for you) and then give execute permissions to it in your ACL.

-Brad