chromium-browser ptrace problem

Submit your RBAC policies or suggest policy improvements

chromium-browser ptrace problem

Postby lesnoland » Mon Nov 09, 2009 2:32 pm

kernel: 2.6.31.5-grsec (latest grsec patch, grsec low, pax disabled)

problem:
grsec: (default:D:/usr/lib/chromium-browser/chromium-browser-sandbox) denied ptrace of /usr/lib/chromium-browser/chromium-browser by /usr/lib/chromium-browser/chromium-browser[chromium-browse:21722] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/lib/chromium-browser/chromium-browser-sandbox[chromium-browse:21721] uid/euid:1000/0 gid/egid:1000/1000

policy:
subject /usr/lib/chromium-browser/chromium-browser Ot

I tried basically a lot of combinations, t, r, added /usr/lib/chromium-browser/chromium-browser rx below it, still I get the same error. (I need the O flag.)
lesnoland
 
Posts: 7
Joined: Thu May 14, 2009 6:06 am

Re: chromium-browser ptrace problem

Postby spender » Mon Nov 09, 2009 3:33 pm

This is the same problem as the one reported the other thread. It'll be fixed in the next patch.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: chromium-browser ptrace problem

Postby spender » Wed Nov 11, 2009 10:09 am

It's fixed in the patch uploaded last night. I've also updated the subject mode listing in the wikibook.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: chromium-browser ptrace problem

Postby lesnoland » Wed Nov 11, 2009 10:57 am

ok, it works now. thanks
lesnoland
 
Posts: 7
Joined: Thu May 14, 2009 6:06 am


Return to RBAC policy development