ACL files quoestion

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

ACL files quoestion

Postby piavka » Tue Jul 09, 2002 5:44 am

The acl documentation says that /etc/grsec/proc.acl file is used for proccess acls and
/etc/grsec/file.acl is used for file acls. Howether then I run 'gradm -E' i get the error:
Unable to open /etc/grsec/acl for reading.
Error: No such file or directory
then i run 'strings /sbin/gradm | grep /etc/grsec' i see that it looks for /etc/grsec/acl only.
So i tried to merge my file.acl & proc.acl in single file /etc/grsec/acl. First come the file acls
and then proc acls. But now then i run 'gradm -E' i get the error:
"/bin" caused a syntax error on line 2 of /etc/grsec/acl
while /etc/grsec/acl starts with:
/ rwx
/bin rx
/sbin rx
/lib rx
.....

I use grsecurity-1.9.5-rc3 and gradm-1.3-rc3.
It seems like(from 'strace gradm -E') gradm reads only /etc/grsec/acl and you can put only
proc acls inside /etc/grsec/acl. So where does the file acls got to?
There & how should i put the file & proc acls for gradm to parse them correctly. And does it read other acl files besides /etc/grsec/acl.

Thanks a lot.
piavka
 
Posts: 20
Joined: Tue Jul 02, 2002 10:03 am

Re: ACL files quoestion

Postby PaX Team » Tue Jul 09, 2002 9:14 am

piavka wrote:The acl documentation says that /etc/grsec/proc.acl file is used for proccess acls and /etc/grsec/file.acl is used for file acls.

that was true for the old/previous release of the ACL system, 1.9.5 has changed a lot, read about it at http://grsecurity.net/papers.php .
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm


Return to grsecurity support