About this list Date view Thread view Subject view Author view Attachment view

From: Georg Glas (glas_at_hollomey.com)
Date: Thu 17 Jul 2003 - 11:16:55 BST


Am Donnerstag, 17. Juli 2003 09:00 schrieben Sie:
> Well, grsec and ctx are working together, you can also select them both.
> I've choosen the mutual exclusion some time ago for WOLK3 time. The only
> exception which does not work is the ACL subsystem which conflicts with
> CTX. You cannot disable the ACL subsystem once if its started if CTX is
> compiled into the kernel. We did not figure out why yet.
ive seen this too in wolk, but there is a very easy but ugly workaround, yust
copy /sbin/gradm to /usr/sbin/gradm.

/usr/sbin/grsec has the permissions to access /proc/grsec, and can be used for
disabling grsec (enable it via /sbin/grsec) .. that way you can workaround
the broken standard rules acl ... wich gradm compiles on top of the
/etc/grsec/acl (so if u put acls for /sbin/gradm in there they dont work) ..
of course the acl for vservers work with the path used on the root server (eg
/vserver/<vservername>/bin/ls) so it would be very fine to have some kinde of
regexp or wildcard in the acl /vserver/*/bin/ls but this is not implemented
yet and prop wont be in future)

<promoption>i love wolk</promotion>

-- 
mfg.
Georg Glas
Hollomey Consultants GmbH
phone: +4331681139362   fax: +433168113934


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 17 Jul 2003 - 12:38:48 BST by hypermail 2.1.3