About this list Date view Thread view Subject view Author view Attachment view

From: Justinas S. (pollar_at_alus.dokeda.lt)
Date: Wed 31 Mar 2004 - 10:13:06 BST


Heh, normaly it's not needed to add +CAP_SYS_ADMIN to gradm, even it's not
needed to set up ACLs for gradm at all. Because they are added by default and
/sbin/gradm record in acls will return an error reporting about double definitions
of /sbin/gradm. Seems I got stuck :)

-----Original Message-----
From: vserver-admin_at_list.linux-vserver.org [mailto:vserver-admin_at_list.linux-vserver.org] On Behalf Of Sandino Araico S─»nchez
Sent: Tuesday, March 30, 2004 2:27 PM
To: vserver_at_list.linux-vserver.org
Subject: Re: [Vserver] vserver + grsec + gradm problem

Justinas S. wrote:

>Hi Sandino,
>
>Thanks for your reply. Do you have any suggestions how I can solve my
>problem?
>
>More details:
>
>After (on main system - not vserver, after building kernel, compiling
>gradm and rebooting) # gradm -E # gradm -a
>Password:
>Could not open /proc/sys/kernel/grsecurity/acl
>open: Permission denied
>
>Kernel log shows this:
>Mar 30 09:31:47 alus2 kernel: grsec: From 192.168.1.2: use of
>CAP_SYS_ADMIN denied for (gradm:1374) UID(0) EUID(0), parent (bash:706)
>UID(0) EUID(0) (why it's denied? It never happens in grsec+gradm only)
>
>
I have not much experience with ACLs but seems like you are dropping the
CAP_SYS_ADMIN cappability at some point.

>I used 2 different patches of vs+grsec:
>http://www.sandino.net/parches/vserver/linux-2.4.25-grsec-1.9.14-vserver-1.26.patch.gz
>http://www.firehead.org/~jeffrey/linux-vserver/grsecurity-1.9.14-2.4.25-vs1.26.patch
>and message was the same.
>
>
>
>>
>>
>
>
>
>

-- 
Sandino Araico Sánchez
-- Mel├│n se comi├│ las plumas....

_______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver

_______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 30 Mar 2004 - 23:11:07 BST by hypermail 2.1.3