grsecurity forums

root@lore:/etc/grsec# gradm -E
Duplicate object found for "/dev/adsp0" in role raf256, subject /, on line 1177 of /etc/grsec/policy.
"/dev/adsp0" references the same object as the following object(s):
/dev/adsp (due to symlinking/hardlinking)
/dev/adsp0 (due to symlinking/hardlinking)
specified on an earlier line.The RBAC system will not load until this error is fixed.

root@lore:/etc/grsec# file /dev/adsp
/dev/adsp: symbolic link to `adsp0'
root@lore:/etc/grsec# file /dev/adsp0
/dev/adsp0: character special (14/12)

Shouldnt learning code automaticly fix such problems (or shouldng RBAC ignore them)?

There are meany problems like above in generated policy.

It is "files aliasing" problem right?

If this is not solved, then perhaps solution would be to add new flags, meaning:
1) if this symlink S points to already defined rule/file F, then use rules of target file F on this symlink S (copy them)
2) ..., then discard this problem and still use rules S on the symlink, even if it will allow to access F in other way
3) ... while accessing symlink S allow it only if *BOTH* restrictions defined by target file F and symlink S are meet.

Rule 3) seems most reasonable to me.
And learning process will set up the flag 3 while learning, if the symlink existed then.

or something simmilar?

Raf256 wrote:"/dev/adsp0" references the same object as the following object(s):
/dev/adsp (due to symlinking/hardlinking)
/dev/adsp0 (due to symlinking/hardlinking)
specified on an earlier line.

root@lore:/etc/grsec# file /dev/adsp
/dev/adsp: symbolic link to `adsp0'
root@lore:/etc/grsec# file /dev/adsp0
/dev/adsp0: character special (14/12)

RTFM: "You must specify the ACL for the target first, otherwise gradm will report a duplicate".

RTFM: "You must specify the ACL for the target first, otherwise gradm will report a duplicate".

...and a question is: in which FM this is written? give us link please...