1 |
atoth@××××××××××.hu <atoth@××××××××××.hu> 2008-11-10 12:31: |
2 |
> I usually have some of these while I'm listening to music: |
3 |
> grsec: (atoth:U:/usr/bin/audacious) denied resource overstep by requesting |
4 |
> 135168 for RLIMIT_MEMLOCK against limit 32768 for |
5 |
> /usr/bin/audacious[audacious:24077] uid/euid:1000/1000 gid/egid:100/100, |
6 |
> parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 |
7 |
> and usual report about signal 11s for eg. with java while browsing. Of |
8 |
> course that RLMIT_MEMLOCK value requested is not so insane like that for |
9 |
> perl & pwd. |
10 |
|
11 |
Same here: |
12 |
|
13 |
grsec: denied resource overstep by requesting 69632 for RLIMIT_MEMLOCK |
14 |
against limit 32768 for /usr/bin/aplay[aplay:16674] uid/euid:1000/1000 |
15 |
gid/egid:1000/1000, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 |
16 |
|
17 |
And for the perl forloop: |
18 |
|
19 |
grsec: denied resource overstep by requesting 4511036391424 for |
20 |
RLIMIT_STACK against limit 8388608 for /bin/pwd[pwd:18765] |
21 |
uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:18636] |
22 |
uid/euid:1000/1000 gid/egid:1000/1000 |
23 |
|
24 |
For me, nothing ever crashed so I just started to ignore them. I did |
25 |
wonder at them though. |
26 |
|
27 |
> Question is: do you use a hardened toolchain pie-ssp enabled, or a |
28 |
> regular? It would be interesting to test it using a non-hardened userland |
29 |
> with a grsec-enabled kernel... |
30 |
|
31 |
$ eselect profile show |
32 |
Current make.profile symlink: |
33 |
/usr/portage/profiles/default/linux/amd64/2008.0/desktop |
34 |
|
35 |
$ uname -a |
36 |
Linux omnius 2.6.26-hardened-r2 #3 SMP Sat Oct 4 16:00:09 CDT 2008 |
37 |
x86_64 Intel(R) Xeon(R) CPU X3220 @ 2.40GHz GenuineIntel GNU/Linux |
38 |
|
39 |
I'll try with a 2.6.27 based one later today. |
40 |
|
41 |
Brian |