gradm2 needs a device entry: gradm2 needs a special entry, a device called /dev/grsec to communicate with the kernel. It's not created for you, so if you don't already have it and you don't have devfs or udev please create this as root with the following command: mknod -m 0622 /dev/grsec2 c 1 13 Changes of release 2.1.6: * PaX updates * Inverted socket policies (see the sample policy with gradm for syntax) * gradm now can work on both 2.4 and 2.6 kernels without requiring a recompile for the currently running kernel * ATI Radeon (and more) video cards will work properly with the /dev/(k)mem restriction feature * PAM authentication support has been added to the RBAC system for special roles, which allows you to use a variety of different authentication methods in place of the regular kernel-based password authentication. * A new subject flag was added to be placed on binaries that are allowed to communicate with the /dev/grsec device. The "a" mode should be added to special roles like the admin role. The sample policy has been updated to reflect this change * The learn_config file has been updated with new rules to facilitate better reduced policies * The always-reduce-path directive in learn_config is now interpreted by the learning daemon itself, allowing paths to be rewritten before they ever reach the disk * Various other bugs have been fixed, including improper role reduction in some cases in policy generation