From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from <gentoo-hardened+bounces-2424-garchives=archives.gentoo.org@lists.gentoo.org>) id 1LR6u9-0007q2-MZ for garchives@archives.gentoo.org; Sun, 25 Jan 2009 15:28:09 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 59C50E0772; Sun, 25 Jan 2009 15:28:08 +0000 (UTC) Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.185]) by pigeon.gentoo.org (Postfix) with ESMTP id 1C9FAE0772 for <gentoo-hardened@lists.gentoo.org>; Sun, 25 Jan 2009 15:28:08 +0000 (UTC) Received: by fk-out-0910.google.com with SMTP id z23so2252487fkz.2 for <gentoo-hardened@lists.gentoo.org>; Sun, 25 Jan 2009 07:28:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=zS2ZvR5yb18NklxMaO54+SSCnJxFncvBbgwzrFrnS6g=; b=o9d6eBSauwnzOncHF6noGC6ye/R0GMog6eypXNa3wirWqBmtYYHVCdtfqmk2eVTaXa tc0P6/WbY8v9wO95vVUVEc6p0ACPSZxhUdCSyWQ+DPX4zhaypuD5AFlJenQSSbdchLHS o88pynNPQMR8Ehw2+yhraSNGv2MN2q1ZVpNB4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=BpluK04k1o5OzFla+QIwQSDrOeR6eq6wyPKtiTOJp92KRPMbbodKQ6x0feLfUCmsEI 5iUkNjAQBL7kWrEysZe2B3wpzKO+ZXMlXMw0p8Igfv4pghm1f8mq7geGVqxrbmgRze5V scncP45/IxgygDWaTxUgsNtgQQvBEfpM9yIuY= Precedence: bulk List-Post: <mailto:gentoo-hardened@lists.gentoo.org> List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org> X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.181.36.19 with SMTP id o19mr1298638bkj.135.1232897287426; Sun, 25 Jan 2009 07:28:07 -0800 (PST) In-Reply-To: <897813410901250723r10c10336he53632cfee517de0@mail.gmail.com> References: <49bf44f10901250712i74b5c288odc24029975adbfd6@mail.gmail.com> <897813410901250723r10c10336he53632cfee517de0@mail.gmail.com> Date: Sun, 25 Jan 2009 07:28:07 -0800 Message-ID: <49bf44f10901250728x1c8637b1n2b53450082a41a04@mail.gmail.com> Subject: Re: [gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m From: Grant <emailgrant@gmail.com> To: gentoo-hardened@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 73783a71-d9a7-4694-afb6-55e09c6230ec X-Archives-Hash: 2a8b26f516a6634a6a8fae970fbd4be7 > can you put the output of file /usr/bin/miro? That file is just: #!/bin/sh miro.real "$@" and /usr/bin/miro.real is a python script. - Grant >> I'm getting: >> >> grsec: denied resource overstep by requesting 135168 for >> RLIMIT_MEMLOCK against limit 32768 for >> /usr/bin/miro.real[miro.real:12965] uid/euid:1000/1000 >> gid/egid:100/100, parent /usr/bin/miro[miro:12964] uid/euid:1000/1000 >> gid/egid:100/100 >> >> but both 'paxctl -m /usr/bin/miro' and 'paxctl -m /usr/bin/miro.real' >> return "file is not a valid ELF executable". Am I using the wrong >> command? >> >> - Grant