From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-2422-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1LR6eq-0005my-GT
	for garchives@archives.gentoo.org; Sun, 25 Jan 2009 15:12:20 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 451CFE0768;
	Sun, 25 Jan 2009 15:12:17 +0000 (UTC)
Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.188])
	by pigeon.gentoo.org (Postfix) with ESMTP id E9D9AE0768
	for <gentoo-hardened@lists.gentoo.org>; Sun, 25 Jan 2009 15:12:16 +0000 (UTC)
Received: by fk-out-0910.google.com with SMTP id z23so2247342fkz.2
        for <gentoo-hardened@lists.gentoo.org>; Sun, 25 Jan 2009 07:12:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:date:message-id:subject
         :from:to:content-type:content-transfer-encoding;
        bh=5wuZ1tEFJ3BicZ/va5bTQIna+0q7oxWJUkzf3+oTsjQ=;
        b=My7D0AWl7OQEB9jQoNX2C0iNlGBO6OrifxArlRrqFnZVFT3UmOPv1bhZ5F1Aq8kFgj
         OkiXraJjhA+3zHjhUJ7p1CrqsncZ53iIZqHaxQeP25redsEDR4Bblqo8GBFmUXc+PMYq
         ftSJ1Q7NrEFd8D51Y1gJDk2HiFGJhZ0Ue8ilQ=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:date:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        b=XZCPAx66kTEKEnr/pZZ7soxOZmQJj4TSa0mqHX51DFl7hQYDrr3zuF/5zSHOKwlbhk
         QIp2Pina3Ejp6Kt4dgamgfXIIaCBb9cC+eMVORzete30nqhZJrFOmfZ45yv36JKhtTau
         cBFV7APwfIcTHjhJGMS5yxKaq6FaITioFbrPw=
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.180.235.7 with SMTP id i7mr1565043bkh.24.1232896336258; Sun, 
	25 Jan 2009 07:12:16 -0800 (PST)
Date: Sun, 25 Jan 2009 07:12:16 -0800
Message-ID: <49bf44f10901250712i74b5c288odc24029975adbfd6@mail.gmail.com>
Subject: [gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m
From: Grant <emailgrant@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Archives-Salt: a5a0f5b9-a918-48dd-bbcf-ebd4a14f308b
X-Archives-Hash: ffa7b6be1bb12eee2bb6ba652a41c700

I'm getting:

grsec: denied resource overstep by requesting 135168 for
RLIMIT_MEMLOCK against limit 32768 for
/usr/bin/miro.real[miro.real:12965] uid/euid:1000/1000
gid/egid:100/100, parent /usr/bin/miro[miro:12964] uid/euid:1000/1000
gid/egid:100/100

but both 'paxctl -m /usr/bin/miro' and 'paxctl -m /usr/bin/miro.real'
return "file is not a valid ELF executable".  Am I using the wrong
command?

- Grant