denied access to hidden /dev/grsec by mdadm : udev leaks it

Submit your RBAC policies or suggest policy improvements

denied access to hidden /dev/grsec by mdadm : udev leaks it

Postby bearclaw » Thu Dec 27, 2012 10:51 am

Hi.

I have in my logs

grsec: From <>: (default:D:/sbin/mdadm) denied access to hidden file /dev/mem by /sbin/mdadm[mdadm:1168] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/strace[strace:1167] uid/euid:0/0 gid/egid:0/0
grsec: From <>: (default:D:/sbin/mdadm) denied access to hidden file /dev/grsec by /sbin/mdadm[mdadm:1168] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/strace[strace:1167] uid/euid:0/0 gid/egid:0/0


Although /dev/grsec has the hidden object mode.

This is caused by udev leaking grsec's existance through a symlink in /dev/.udev/db/mem:grsec

Same thing happens with /dev/mem.

Just wanted to let you know.
bearclaw
 
Posts: 7
Joined: Mon Nov 29, 2004 6:41 pm

Return to RBAC policy development

cron