1 |
On 10 Nov 2008 at 7:24, Brian Kroth wrote: |
2 |
|
3 |
> atoth@××××××××××.hu <atoth@××××××××××.hu> 2008-11-10 12:31: |
4 |
> > I usually have some of these while I'm listening to music: |
5 |
> > grsec: (atoth:U:/usr/bin/audacious) denied resource overstep by requesting |
6 |
> > 135168 for RLIMIT_MEMLOCK against limit 32768 for |
7 |
> > /usr/bin/audacious[audacious:24077] uid/euid:1000/1000 gid/egid:100/100, |
8 |
> > parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 |
9 |
> > and usual report about signal 11s for eg. with java while browsing. Of |
10 |
> > course that RLMIT_MEMLOCK value requested is not so insane like that for |
11 |
> > perl & pwd. |
12 |
> |
13 |
> Same here: |
14 |
> |
15 |
> grsec: denied resource overstep by requesting 69632 for RLIMIT_MEMLOCK |
16 |
> against limit 32768 for /usr/bin/aplay[aplay:16674] uid/euid:1000/1000 |
17 |
> gid/egid:1000/1000, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 |
18 |
|
19 |
the memlock limit overstep is harmless, it won't cause any application |
20 |
per se and you can get rid of it by granting the user in question a higher |
21 |
limit for mlockable pages (the 32k is the linux default since 2.6.9 or so). |
22 |
|
23 |
> And for the perl forloop: |
24 |
> |
25 |
> grsec: denied resource overstep by requesting 4511036391424 for |
26 |
> RLIMIT_STACK against limit 8388608 for /bin/pwd[pwd:18765] |
27 |
> uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:18636] |
28 |
> uid/euid:1000/1000 gid/egid:1000/1000 |
29 |
|
30 |
now this one definitely looks fishy and spender's looking into it already. |