From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-2391-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1LQ6g4-0008HT-UN
	for garchives@archives.gentoo.org; Thu, 22 Jan 2009 21:01:29 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id C3FF0E0638;
	Thu, 22 Jan 2009 21:01:27 +0000 (UTC)
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.185])
	by pigeon.gentoo.org (Postfix) with ESMTP id 7A199E0638
	for <gentoo-hardened@lists.gentoo.org>; Thu, 22 Jan 2009 21:01:27 +0000 (UTC)
Received: by nf-out-0910.google.com with SMTP id c7so767887nfi.26
        for <gentoo-hardened@lists.gentoo.org>; Thu, 22 Jan 2009 13:01:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        bh=fEoTGHbOIbBLxOo/jutJi3Ov/BNb8sQieoplTPR14lY=;
        b=TinhkFzbatroKSY4P9nqBy5+Y8XHIWf/d6wfLM7ZOO6PJFcnfEOgzOvIgiINiKGZHF
         9jgY+GgPobC2KC0c2w4Ya1SLz6k2tmqAQMT6yOHxLluvjAfJBmxyv/gM5hhFQP/xGNjX
         t2A/kSgtWtLB7Km0kfR4Dv2wVUzqKXmmdg0AM=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        b=EyRhplJ4xLQslMb28mze3OC0AGJ47WbSLu4MC8QLqEvEzw6gf5H4Ndqfgoacc6YWBH
         3IIZVw5/nut8VwmUv61EmQVmY/ORBTZGUylb0cRUio3vp3RtHF17Nv8ppqEFMIB7OsjU
         Cdw5wq6w4Phgl8+cwERHKCKs9bQYn1KOOVfeg=
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.210.35.5 with SMTP id i5mr7933091ebi.174.1232658086915; Thu, 
	22 Jan 2009 13:01:26 -0800 (PST)
In-Reply-To: <4255c2570901221126p1d52dbc3r649fbf21793fd49a@mail.gmail.com>
References: <49bf44f10901221106n630d668fwc7fe390f53a600b8@mail.gmail.com>
	 <4255c2570901221126p1d52dbc3r649fbf21793fd49a@mail.gmail.com>
Date: Thu, 22 Jan 2009 13:01:26 -0800
Message-ID: <49bf44f10901221301k47941d92lc717e237a657e139@mail.gmail.com>
Subject: Re: [gentoo-hardened] 'paxctl -m bin' everything that complains?
From: Grant <emailgrant@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 626960cd-ed6f-4ece-9c69-f8b37426a361
X-Archives-Hash: 17294b4460f7d9956f92d52926fbaa92

>> I'm getting a lot of messages like this in dmesg:
>>
>> "denied resource overstep by requesting 4096 for RLIMIT_CORE"
>>
>> Should I 'paxctl -m bin' all of these even if they seem to function OK anyway?
>
> You're barking up the wrong tree.  Applications are trying to coredump
> (or prepare for one), and your default size limit for that (0) is
> lower than what they're trying to allocate.  You're seeing those
> specific logs because you have CONFIG_GRKERNSEC_RESLOG on, but it
> would be happening whether or not you were running -hardened.
>
> Check out 'ulimit -a' or search for 'ulimit' in bash(1).

I read about ulimit and I'm wondering if I need to worry about
increasing that coredump size from zero.  Can I just ignore those
grsec messages without causing a problem?

- Grant