From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LQ5C9-0002IP-B0 for garchives@archives.gentoo.org; Thu, 22 Jan 2009 19:26:29 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1A498E057B; Thu, 22 Jan 2009 19:26:28 +0000 (UTC) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.232]) by pigeon.gentoo.org (Postfix) with ESMTP id DFDF7E057B for ; Thu, 22 Jan 2009 19:26:27 +0000 (UTC) Received: by rv-out-0506.google.com with SMTP id f9so29003rvb.2 for ; Thu, 22 Jan 2009 11:26:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=I1+jCsQn3JLGoyTuBwt2td2nrvdbkbTjPaGt4pqhRAA=; b=fLzS7UwseSWuiRqsNAc5k+nHsmc+F4TdmT0KIS/QjBmxaabhQxIxTsjQSLDCuiFGXk Kwm5Y4Z38fv18iwauM5SHGDgUxEu/Aoc078QY59sWdP4/uJfPeD/hvcJ7xYwue3skN0n jUdFYtzT4ZU5eyOjjp9jDyvcAyDG6Zmer15HA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=U8PVq5pPxjib5YI9CTdo8C3VCQO7D7Kct2o1qhELeuEQXwgyrjvDdo/civYhchu/7D 8U1vWsx5xFrqRsZOYefiDNwgkY0EtxKKDm16pxpGJL+SO8NpAPVcXwGmOcrgtFPdx4ZM KEU2u8tb9xTLac7FSUj71gDhPxjT5L+X6PfKo= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.141.197.14 with SMTP id z14mr2634045rvp.63.1232652387284; Thu, 22 Jan 2009 11:26:27 -0800 (PST) In-Reply-To: <49bf44f10901221106n630d668fwc7fe390f53a600b8@mail.gmail.com> References: <49bf44f10901221106n630d668fwc7fe390f53a600b8@mail.gmail.com> Date: Thu, 22 Jan 2009 12:26:26 -0700 Message-ID: <4255c2570901221126p1d52dbc3r649fbf21793fd49a@mail.gmail.com> Subject: Re: [gentoo-hardened] 'paxctl -m bin' everything that complains? From: RB To: gentoo-hardened@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: 01b941e6-58e4-462d-8a80-c43341caea58 X-Archives-Hash: 2fcf75de3583d202d9c597a71d375ee8 On Thu, Jan 22, 2009 at 12:06, Grant wrote: > I'm getting a lot of messages like this in dmesg: > > "denied resource overstep by requesting 4096 for RLIMIT_CORE" > > Should I 'paxctl -m bin' all of these even if they seem to function OK anyway? You're barking up the wrong tree. Applications are trying to coredump (or prepare for one), and your default size limit for that (0) is lower than what they're trying to allocate. You're seeing those specific logs because you have CONFIG_GRKERNSEC_RESLOG on, but it would be happening whether or not you were running -hardened. Check out 'ulimit -a' or search for 'ulimit' in bash(1).