Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 41051

Summary: grsecurity-base-policy ebuild breaks dcron
Product: Gentoo Linux Reporter: Richard Brooklyn <ribs>
Component: New packagesAssignee: The Gentoo Linux Hardened Team <hardened>
Status: RESOLVED WORKSFORME    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Richard Brooklyn 2004-02-09 17:26:32 UTC 
When applying the above-mentioned ebuild, dcron is no longer usable under any user. Including root.

An example of this is when crontab -e is run. The expected result is that nano opens up with the existing crontab entry, ready for the user to edit. However, when grsecurity is enabled, with the grsecurity-base-policy package merged, this error is displayed instead: initgroups failed: $username operation not permitted.

This also affects root user.

When GRSecurity's ACLs are turned off with gradm -D, or the ACL for dcron is removed, the crontab commands work perfectly for all users. It's only when they are applied when the bug is seen.
Comment 1 solar (RETIRED) gentoo-dev 2004-02-10 21:40:45 UTC 
those are example acls and I dont exactly have time to keep them up. Please provide a diff to the existing which fix this problem.
Comment 2 solar (RETIRED) gentoo-dev 2004-02-21 18:32:57 UTC 
changing resolution to something else..