Gentoo Archives: gentoo-hardened

From:	Grant <emailgrant@×××××.com>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m
Date:	Sun, 25 Jan 2009 17:35:07
Message-Id:	`49bf44f10901250935n376fd682l465bd459804c57b4@mail.gmail.com`
In Reply to:	Re: [gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m by "Javier J. Martínez Cabezón"

1	> PaX flags only marks elf files not scripts.
2
3	Is there anything I can do about the "denied resource overstep by
4	requesting 135168 for
5	RLIMIT_MEMLOCK"?
6
7	- Grant
8
9
10	>>> can you put the output of file /usr/bin/miro?
11	>>
12	>> That file is just:
13	>>
14	>> #!/bin/sh
15	>> miro.real "$@"
16	>>
17	>> and /usr/bin/miro.real is a python script.
18	>>
19	>> - Grant
20	>>
21	>>
22	>>>> I'm getting:
23	>>>>
24	>>>> grsec: denied resource overstep by requesting 135168 for
25	>>>> RLIMIT_MEMLOCK against limit 32768 for
26	>>>> /usr/bin/miro.real[miro.real:12965] uid/euid:1000/1000
27	>>>> gid/egid:100/100, parent /usr/bin/miro[miro:12964] uid/euid:1000/1000
28	>>>> gid/egid:100/100
29	>>>>
30	>>>> but both 'paxctl -m /usr/bin/miro' and 'paxctl -m /usr/bin/miro.real'
31	>>>> return "file is not a valid ELF executable". Am I using the wrong
32	>>>> command?
33	>>>>
34	>>>> - Grant

Subject	Author
Re: [gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m	"Javier J. Martínez Cabezón" <tazok.id0@×××××.com>