From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LQ63s-0002EU-Rp for garchives@archives.gentoo.org; Thu, 22 Jan 2009 20:22:01 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3287FE07C3; Thu, 22 Jan 2009 20:21:46 +0000 (UTC) Received: from ey-out-1920.google.com (ey-out-1920.google.com [74.125.78.144]) by pigeon.gentoo.org (Postfix) with ESMTP id E7733E07C3 for ; Thu, 22 Jan 2009 20:21:45 +0000 (UTC) Received: by ey-out-1920.google.com with SMTP id 4so554285eyg.10 for ; Thu, 22 Jan 2009 12:21:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=BT1oHMRsfD3kITPC6K/gBxct6Zb5cd5DTZrGfWPLwXo=; b=OQdum8g7p1blDGGjzqyRZzfu8W1XUTeHIZnXfVcPBhk65kld3kYdi6bOV5thLmBmwh bQ3yU6W6YnDsCVoLf/BemrG1U+P8KRXeimRFKuAkBp7t0iYxrZECUIW8SjI6I8tubi8a q+ui4ZPkjWeqQ+OX7tvnfXudgnqfz2kx000XA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=IF6Pawwvzgr1/c/NqgYDj/A/Dj8FLTKekl8oQ/wUGCVGqn5OUwUn2N9VR2RF6+M1rg JJmiEOxoByLFAmVU5nMD3bSalL6qzg7saw+yEX1treM0gVHNRQ6uDwV9rjTYmwQrDiPX FoXogFLoWHDTgyzTLHDutBXJYaHnK8gJj8xzM= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.210.34.5 with SMTP id h5mr1320149ebh.161.1232655705361; Thu, 22 Jan 2009 12:21:45 -0800 (PST) In-Reply-To: <4255c2570901221126p1d52dbc3r649fbf21793fd49a@mail.gmail.com> References: <49bf44f10901221106n630d668fwc7fe390f53a600b8@mail.gmail.com> <4255c2570901221126p1d52dbc3r649fbf21793fd49a@mail.gmail.com> Date: Thu, 22 Jan 2009 12:21:45 -0800 Message-ID: <49bf44f10901221221t413fafe6qa8f4cf70ce8dd216@mail.gmail.com> Subject: Re: [gentoo-hardened] 'paxctl -m bin' everything that complains? From: Grant To: gentoo-hardened@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 4c487321-561f-4c37-ab63-9387f8fa0afc X-Archives-Hash: eb005f0a34fb09b959719ceba380fd1e >> I'm getting a lot of messages like this in dmesg: >> >> "denied resource overstep by requesting 4096 for RLIMIT_CORE" >> >> Should I 'paxctl -m bin' all of these even if they seem to function OK anyway? > > You're barking up the wrong tree. Applications are trying to coredump > (or prepare for one), and your default size limit for that (0) is > lower than what they're trying to allocate. You're seeing those > specific logs because you have CONFIG_GRKERNSEC_RESLOG on, but it > would be happening whether or not you were running -hardened. > > Check out 'ulimit -a' or search for 'ulimit' in bash(1). Got it, thank you. - Grant