| 1 |
Hi, |
| 2 |
Usually i use Gnome, but also have QT, arts and sometimes kdelibs |
| 3 |
installed. |
| 4 |
But when emerging arts-1.3.0 grsec2 breaks the process. Disabling grsec2 |
| 5 |
(in /etc/init.d) does nothing as it seems this comes from grsec2-code in |
| 6 |
the kernel itself. |
| 7 |
here is the dmesg: |
| 8 |
...SKIP...- part1 before disabling grsec2 |
| 9 |
grsec: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE |
| 10 |
against limit 1024 by /usr/bin/postgres[postmaster:28855] uid/euid:70/70 |
| 11 |
gid/egid:70/70, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 |
| 12 |
...SKIP... - part2 after disabling grsec2 |
| 13 |
grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE |
| 14 |
against limit 0 by |
| 15 |
/var/tmp/portage/arts-1.3.0/work/arts-1.3.0/mcopidl/.libs/lt-mcopidl[lt-mcopidl:4517] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/make[make:4516] uid/euid:0/0 gid/egid:0/0 |
| 16 |
grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE |
| 17 |
against limit 0 by |
| 18 |
/var/tmp/portage/arts-1.3.0/work/arts-1.3.0/mcopidl/.libs/lt-mcopidl[lt-mcopidl:4526] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/make[make:4516] uid/euid:0/0 gid/egid:0/0 |
| 19 |
...END... |
| 20 |
Same in in /var/log/mesages. |
| 21 |
One possible solution seems to be: |
| 22 |
1.Disable grsec2 (part or all) functionality which is in the kernel |
| 23 |
just for the emerge (don't know how yet, i'll check) if possible at all; |
| 24 |
2.Compile a temporary kernel w/o grsec and emerge arts (not good); |
| 25 |
3.Compile new kernel (mm,ck) and use it for the emerge (fairly good as i |
| 26 |
may need such a kernel anyway - already had such but is old, before |
| 27 |
changing the mobo). |
| 28 |
Just a non-related question: could i use the 'default' spec GCC file |
| 29 |
(change it manually) to compile something and after that restore the |
| 30 |
default (hardened.spec)? Will this disable hardened-gcc use? Plus |
| 31 |
disabling any flags if needed. |
| 32 |
Should i file a BUG? |
| 33 |
PS: using all ~x86, GCC-3.4.1-r3, quite full grsec2 & PaX. Also could |
| 34 |
give more info on this. |
| 35 |
Thanks |
| 36 |
Rumen |
Archives