Am Donnerstag, 17. Juli 2003 09:00 schrieben Sie: > Well, grsec and ctx are working together, you can also select them both. > I've choosen the mutual exclusion some time ago for WOLK3 time. The only > exception which does not work is the ACL subsystem which conflicts with > CTX. You cannot disable the ACL subsystem once if its started if CTX is > compiled into the kernel. We did not figure out why yet. i´ve seen this too in wolk, but there is a very easy but ugly workaround, yust copy /sbin/gradm to /usr/sbin/gradm.
/usr/sbin/grsec has the permissions to access /proc/grsec, and can be used for disabling grsec (enable it via /sbin/grsec) .. that way you can workaround the broken standard rules acl ... wich gradm compiles on top of the /etc/grsec/acl (so if u put acls for /sbin/gradm in there they dont work) .. of course the acl for vservers work with the path used on the root server (eg /vserver/<vservername>/bin/ls) so it would be very fine to have some kinde of regexp or wildcard in the acl /vserver/*/bin/ls but this is not implemented yet and prop wont be in future) <promoption>i love wolk</promotion> -- mfg. Georg Glas Hollomey Consultants GmbH phone: +4331681139362 fax: +433168113934
