| 1 |
On нд, 2004-10-03 at 10:07, Rumen Yotov wrote: |
| 2 |
> Hi, |
| 3 |
> Usually i use Gnome, but also have QT, arts and sometimes kdelibs |
| 4 |
> installed. |
| 5 |
> But when emerging arts-1.3.0 grsec2 breaks the process. Disabling grsec2 |
| 6 |
> (in /etc/init.d) does nothing as it seems this comes from grsec2-code in |
| 7 |
> the kernel itself. |
| 8 |
> here is the dmesg: |
| 9 |
> ...SKIP...- part1 before disabling grsec2 |
| 10 |
> grsec: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE |
| 11 |
> against limit 1024 by /usr/bin/postgres[postmaster:28855] uid/euid:70/70 |
| 12 |
> gid/egid:70/70, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 |
| 13 |
> ...SKIP... - part2 after disabling grsec2 |
| 14 |
> grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE |
| 15 |
> against limit 0 by |
| 16 |
> /var/tmp/portage/arts-1.3.0/work/arts-1.3.0/mcopidl/.libs/lt-mcopidl[lt-mcopidl:4517] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/make[make:4516] uid/euid:0/0 gid/egid:0/0 |
| 17 |
> grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE |
| 18 |
> against limit 0 by |
| 19 |
> /var/tmp/portage/arts-1.3.0/work/arts-1.3.0/mcopidl/.libs/lt-mcopidl[lt-mcopidl:4526] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/make[make:4516] uid/euid:0/0 gid/egid:0/0 |
| 20 |
> ...END... |
| 21 |
> Same in in /var/log/mesages. |
| 22 |
> One possible solution seems to be: |
| 23 |
> 1.Disable grsec2 (part or all) functionality which is in the kernel |
| 24 |
> just for the emerge (don't know how yet, i'll check) if possible at all; |
| 25 |
> 2.Compile a temporary kernel w/o grsec and emerge arts (not good); |
| 26 |
> 3.Compile new kernel (mm,ck) and use it for the emerge (fairly good as i |
| 27 |
> may need such a kernel anyway - already had such but is old, before |
| 28 |
> changing the mobo). |
| 29 |
> Just a non-related question: could i use the 'default' spec GCC file |
| 30 |
> (change it manually) to compile something and after that restore the |
| 31 |
> default (hardened.spec)? Will this disable hardened-gcc use? Plus |
| 32 |
> disabling any flags if needed. |
| 33 |
> Should i file a BUG? |
| 34 |
> PS: using all ~x86, GCC-3.4.1-r3, quite full grsec2 & PaX. Also could |
| 35 |
> give more info on this. |
| 36 |
> Thanks |
| 37 |
> Rumen |
| 38 |
> |
| 39 |
Hi again, |
| 40 |
As i've written this it seems my primary intention is just to get arts, |
| 41 |
but not i'm more worried why grsec stopping it (there is a reason for |
| 42 |
this i think) and if i should *disable* grsec2 at all to overcome this |
| 43 |
'BUG'. |
| 44 |
Thanks |
| 45 |
Rumen |
Archives