grsecurity forums

[fonya]

Hi!

I just setting up the acl system for me, and I've a little problem.
I got this error message time to time:
grsec: attempted to access file [08:01:192850] by (sh:282) UID(102) EUID(102), parent (netsaint:12268) UID(102) EUID(102)

The "08:01:192850" is point to the /bin/bash. The /bin/sh is a link to /bin/bash.
By the way, everyting work right.

My default, netsaint, bash, and sh acls:
/ {
/ r
/opt rx
/home rx
/home/fonya rwx
/home/ratman rwx
/home/dobosgy rwx
/home/hajnal rwx
/home/nmadmin rwx
/home/UnrealTournament rwx
/mnt r
/dev rw
/dev/mem h
/dev/kmem h
/bin rx
/sbin rx
/lib rx
/usr rx
/etc rx
/etc/shadow- h
/etc/shadow h
/etc/localtime rw
/proc rwx
/proc/sys r
/root/.bash_history ar
/root/.mc r
/root/.mc/tmp rw
/root r
/tmp rw
/var rx
/var/cache rw
/var/spool rw
/var/spool/postfix/lib rx
/var/run rw
/var/spool/postfix rwx
/home/httpd rx
/var/tmp rw
/var/log
/boot r
/etc/grsec h

-CAP_ALL
}

/bin/bash {
/bin/stty rwx
/bin/bash rx
/etc/bashrc r
/etc/profile r
/etc/profile.d r
+CAP_DAC_OVERRIDE
}

/bin/sh {
/bin/stty rwx
/bin/bash rx
/etc/bashrc r
/etc/profile r
/etc/profile.d r
+CAP_DAC_OVERRIDE
}

/usr/sbin/netsaint {
/etc/ld.so.preload r
/etc/ld.so.cache rx
/etc/netsaint r
/lib/ld-linux.so.2 rx
/lib/libc.so.6 rx
/lib/libm.so.6 rx
/usr/sbin/netsaint x
/var/log/netsaint rw
/var/run/netsaint.pid rw
/bin/bash rx
/bin/sh rx
/ h
connect {
disabled
}
bind {
disabled
}

}

So, my question: Can I eliminate this message?
Thanks a lot for Your work! Its great!

Fonya