acl trouble
Posted: Sun Aug 08, 2004 12:06 pmI have popa3d server that starts as root:
Aug 8 20:08:27 ponch kernel: grsec: From 192.168.200.2: denied connect to the unix domain socket /dev/log by /usr/sbin/popa3d[popa3d:20358] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/popa3d[popa3d:16500] uid/euid:0/0 gid/egid:0/0
Aug 8 20:08:27 ponch kernel: grsec: From 192.168.200.2: denied access to hidden file /dev/log by /usr/sbin/popa3d[popa3d:16602] uid/euid:1001/1001 gid/egid:100/100, parent /usr/sbin/popa3d[popa3d:16500] uid/euid:0/0 gid/egid:0/0
I added /dev/log rw for /usr/sbin/popa3d subject but this messeges still drop into debug log.
If i adding it /dev/log rw for root role i got error from gradm about hole in my acl config. How to be?
Aug 8 20:08:27 ponch kernel: grsec: From 192.168.200.2: denied connect to the unix domain socket /dev/log by /usr/sbin/popa3d[popa3d:20358] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/popa3d[popa3d:16500] uid/euid:0/0 gid/egid:0/0
Aug 8 20:08:27 ponch kernel: grsec: From 192.168.200.2: denied access to hidden file /dev/log by /usr/sbin/popa3d[popa3d:16602] uid/euid:1001/1001 gid/egid:100/100, parent /usr/sbin/popa3d[popa3d:16500] uid/euid:0/0 gid/egid:0/0
I added /dev/log rw for /usr/sbin/popa3d subject but this messeges still drop into debug log.
If i adding it /dev/log rw for root role i got error from gradm about hole in my acl config. How to be?