grsecurity forums

Hi all!
I'm having problems while trying to create some subject acls.

My "acl" file is the standard one (with some extra restrictions) and at the end (still in the default acl) I have this block:

subject /usr/sbin/sshd lo
/ h
-CAP_ALL
connect disabled
bind disabled

I enable de the ACL system with gradm -L /tmp/sshd -E

I start/stop the sshd service, log in, log out, etc, etc...
I can see the /tmp/sshd file size is increasing and its contents seem "right":

(...)
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1 /etc/ssh/sshd_config 16 10.0.0.2
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1 /etc/ssh/sshd_config 17 10.0.0.2
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1 /etc/ssh/ssh_host_rsa_key 16 10.0.0.2
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1 /etc/ssh/ssh_host_rsa_key 17 10.0.0.2
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1 /etc/ssh/ssh_host_dsa_key 16 10.0.0.2
default 20 0 0 /usr/sbin/sshd /usr/sbin/sshd 1 1
(...)

All seems fine here.
Now my problem:

I try to create the acl from the learning logs using
gradm -L /tmp/sshd -O /tmp/sshd-rules

gradm doesn't give me any warnings or errors but /tmp/sshd-rules is empty.

What is happenning?
I'm probably not doing something right or missing something :/

Thanks in advance,
João P.

Can you mail your ACL and learning log to spender@grsecurity.net ? I'll take a look at it on my machine.

-Brad

Hi Brad.
I updated gradm to the current cvs version and until now all seems to be working fine, sorry for the hassle.
I should have done this sooner...

Thanks for the help,
João