grsecurity forums

by **Steve** » Mon Nov 25, 2002 9:12 pm

Hey,

My Current ACL is as follows, ive tired to make it open as possible but it still dont seem to want to work.

/ {
/ rwx
/opt rx
/home rwx
/bin rx
/dev rx
/dev/mem h
/dev/kmem h
/sbin rx
/lib rx
/usr rx
/usr/local/mysql rwx
/etc rx
/proc rwx
/proc/sys r
/root r
/tmp rw
/var rwx
/var/log rwx
/boot r
/etc/grsec h
-CAP_ALL
}

When i start it with gradm -E

I try start postfix or my courier imap/pop3 server and i getting getting errors

postfix: error while loading shared libraries: failed to map segment from shared object: cannot load shared object file: Permission denied

by **Steve** » Tue Nov 26, 2002 4:29 am

Also is there a way to make it so gradm only learns stuff about your system it dosent actually apply the acls..

because i want to add acls to my system but i cant just keep trying acls to see if they work or not, as its a web hosting server/shell hosting clients would get pissed off if things keep going up and down..

So is it possible to make grdam just go into learning mode for many the whole system or mabey just some files i select or something?

/Steve

by **Steve** » Tue Nov 26, 2002 7:20 pm

ok i figured out how to make it learn the system..

but gradm dosent seem to want to log at all?

the only logs i can find are when i type demsg it shows some gradm stuff.. but it dosent log anything into /var/log/ ...

is there a thing i have to add to syslogd.conf or something?

by **Steve** » Tue Nov 26, 2002 11:45 pm

ahh what a pain ive fixed it all now..

now i gota go though the painfull job of getting all info on the deamons i run on my server..

by **pasholy** » Tue Jan 14, 2003 4:11 am

hi:

I have the same library problem, I would really like to know what the solution is.

thanks.

pasholy.

by **spender** » Tue Jan 14, 2003 10:08 am

what you need to do is find the full path of the library that was mmap'd (grsecurity 1.9.9-rc2 will do this for you) and then give execute permissions to it in your ACL.

-Brad