# gradm initscript errors

## schmeggahead

Having difficulty creating an init script to enable RBAC grsecurity at boot:

Here is my first feeble try at this:

```
#!/sbin/runscript

depend() {

  after *

}

start() {

    start-stop-daemon --start --exec /sbin/gradm \

    --pidfile /var/run/gradm.pid --make-pidfile \

    -- -E 

}

```

And here is the result:

# /etc/init.d/gradm start

 * Caching service dependencies ...

 *  Services 'gradm' and 'local' have circular

 *  dependency of type 'iafter';  continuing...                           [ ok ]

/lib/rcscripts/sh/rc-daemon.sh: line 194: /bin/pidof: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 243: /bin/sleep: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 194: /bin/pidof: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 243: /bin/sleep: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 194: /bin/pidof: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 243: /bin/sleep: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 194: /bin/pidof: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 243: /bin/sleep: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 194: /bin/pidof: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 243: /bin/sleep: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 194: /bin/pidof: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 243: /bin/sleep: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 194: /bin/pidof: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 243: /bin/sleep: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 194: /bin/pidof: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 243: /bin/sleep: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 194: /bin/pidof: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 243: /bin/sleep: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 194: /bin/pidof: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 243: /bin/sleep: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 250: /bin/sleep: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 194: /bin/pidof: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 194: /bin/pidof: No such file or directory

/lib/rcscripts/sh/rc-daemon.sh: line 194: /bin/pidof: No such file or directory

/lib/rcscripts/sh/rc-services.sh: line 572: rm: command not found

/lib/rcscripts/sh/rc-services.sh: line 590: rm: command not found

I have an extremely strict default policy but I thought that was the idea.

This sort of thing doesn't lend itself to using grsecurity learning, since enabling with learning is at start.

Should I give access to the init script /etc/init.d/gradm to these files or is there a start-stop-daemon that I should give access to?

I figure the dependency could potentially be overcome by making this script alphabetically last in the list since they are started alphabetically unless there are other constraints using the --name to rename the script.

Otherwise, as I add scripts, either I have to learn the start and add to the policy or maintain the after statements to include all scripts.

----------

## didl

Your policy has to be such that after enabling it the services

that need to run afterward have enough permission to do so.

----------

## schmeggahead

I realized that I could adjust the script to do the learning and get the required minimal access.

Thanks for setting me in the right direction / right mindset.

----------

