Brant Williams asked for the Grsecurity _RBAC_ denial messages.
Do you have Grsecurity RBAC enabled? Hardened Gentoo has several flavors:
you can use either SELinux, RSBAC or Grsecurity (or Apparmor) for access
control purposes.
What access control mechanism do you use? Do you use Grsecurity?
If
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Well, it's not an RBAC/role problem, otherwise you'd see more 'grsec:'
lines in syslog. Based on this info, chrony is setting the time
correctly. You might want to look at mailing lists for this daemon and/or
google for the errors you get.
On Monday 31 December 2007 16:39:30 brant williams wrote:
> Can you paste the error you're referring to?
Here goes (sorry if line wrapping spoils it), with my four comments:
Dec 31 17:32:55 gate chronyd[23772]: chronyd exiting on signal # I'd restarted
it; no mention of file operations, note
D
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Okay, if grsec's RBAC system denies the write (or whatever operation), the
syslog entry will show which role that the process is currently using.
Whichever role it is (probably root), it'll need the right permissions in
/etc/grsec/policy.
The
On Monday 31 December 2007 16:39:30 brant williams wrote:
> If grsec is denying the write, it should show up in your syslog.
That's where I found the error message.
> Are you running grsec's RBAC system?
Yes; what would you like to know about it?
> Can you paste the error you're referring to?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
If grsec is denying the write, it should show up in your syslog. Are you
running grsec's RBAC system?
Can you paste the error you're referring to?
brant williams
FCAA CDCA 20BC 3925 D634 F5C4 7420 6784 4DEB 6002
On Mon, 31 Dec 2007, Peter
My gateway box has gentoo-hardened on it, and I want to install chrony to
give a smoother control of time adjustments than ntp gives. But when I do,
chrony complains that it can't write its /etc/chrony.rtc file. It works
fine on another box that has standard gentoo-sources, so is a grsec control
