[gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m

[gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m

[Grant]

I'm getting:

grsec: denied resource overstep by requesting 135168 for
RLIMIT_MEMLOCK against limit 32768 for
/usr/bin/miro.real[miro.real:12965] uid/euid:1000/1000
gid/egid:100/100, parent /usr/bin/miro[miro:12964] uid/euid:1000/1000
gid/egid:100/100

but both 'paxctl -m /usr/bin/miro' and 'paxctl -m /usr/bin/miro.real'
return "file is not a valid ELF executable".  Am I using the wrong
command?

- Grant

Re: [gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m

[Javier J. Martínez Cabezón]

can you put the output of file /usr/bin/miro?

2009/1/25 Grant <emailgrant@gmail.com>:
> I'm getting:
>
> grsec: denied resource overstep by requesting 135168 for
> RLIMIT_MEMLOCK against limit 32768 for
> /usr/bin/miro.real[miro.real:12965] uid/euid:1000/1000
> gid/egid:100/100, parent /usr/bin/miro[miro:12964] uid/euid:1000/1000
> gid/egid:100/100
>
> but both 'paxctl -m /usr/bin/miro' and 'paxctl -m /usr/bin/miro.real'
> return "file is not a valid ELF executable".  Am I using the wrong
> command?
>
> - Grant
>
>

Re: [gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m

[Grant]

> can you put the output of file /usr/bin/miro?

That file is just:

#!/bin/sh
miro.real "$@"

and /usr/bin/miro.real is a python script.

- Grant


>> I'm getting:
>>
>> grsec: denied resource overstep by requesting 135168 for
>> RLIMIT_MEMLOCK against limit 32768 for
>> /usr/bin/miro.real[miro.real:12965] uid/euid:1000/1000
>> gid/egid:100/100, parent /usr/bin/miro[miro:12964] uid/euid:1000/1000
>> gid/egid:100/100
>>
>> but both 'paxctl -m /usr/bin/miro' and 'paxctl -m /usr/bin/miro.real'
>> return "file is not a valid ELF executable".  Am I using the wrong
>> command?
>>
>> - Grant

Re: [gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m

[Javier J. Martínez Cabezón]

PaX flags only marks elf files not scripts.

2009/1/25 Grant <emailgrant@gmail.com>:
>> can you put the output of file /usr/bin/miro?
>
> That file is just:
>
> #!/bin/sh
> miro.real "$@"
>
> and /usr/bin/miro.real is a python script.
>
> - Grant
>
>
>>> I'm getting:
>>>
>>> grsec: denied resource overstep by requesting 135168 for
>>> RLIMIT_MEMLOCK against limit 32768 for
>>> /usr/bin/miro.real[miro.real:12965] uid/euid:1000/1000
>>> gid/egid:100/100, parent /usr/bin/miro[miro:12964] uid/euid:1000/1000
>>> gid/egid:100/100
>>>
>>> but both 'paxctl -m /usr/bin/miro' and 'paxctl -m /usr/bin/miro.real'
>>> return "file is not a valid ELF executable".  Am I using the wrong
>>> command?
>>>
>>> - Grant
>
>

Re: [gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m

[Grant]

> PaX flags only marks elf files not scripts.

Is there anything I can do about the "denied resource overstep by
requesting 135168 for
RLIMIT_MEMLOCK"?

- Grant


>>> can you put the output of file /usr/bin/miro?
>>
>> That file is just:
>>
>> #!/bin/sh
>> miro.real "$@"
>>
>> and /usr/bin/miro.real is a python script.
>>
>> - Grant
>>
>>
>>>> I'm getting:
>>>>
>>>> grsec: denied resource overstep by requesting 135168 for
>>>> RLIMIT_MEMLOCK against limit 32768 for
>>>> /usr/bin/miro.real[miro.real:12965] uid/euid:1000/1000
>>>> gid/egid:100/100, parent /usr/bin/miro[miro:12964] uid/euid:1000/1000
>>>> gid/egid:100/100
>>>>
>>>> but both 'paxctl -m /usr/bin/miro' and 'paxctl -m /usr/bin/miro.real'
>>>> return "file is not a valid ELF executable".  Am I using the wrong
>>>> command?
>>>>
>>>> - Grant

Re: [gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m

[Javier J. Martínez Cabezón]

I think is ulimit related (I'm not an grsec user) look for ulimit.

2009/1/25 Grant <emailgrant@gmail.com>:
>> PaX flags only marks elf files not scripts.
>
> Is there anything I can do about the "denied resource overstep by
> requesting 135168 for
> RLIMIT_MEMLOCK"?
>
> - Grant
>
>
>>>> can you put the output of file /usr/bin/miro?
>>>
>>> That file is just:
>>>
>>> #!/bin/sh
>>> miro.real "$@"
>>>
>>> and /usr/bin/miro.real is a python script.
>>>
>>> - Grant
>>>
>>>
>>>>> I'm getting:
>>>>>
>>>>> grsec: denied resource overstep by requesting 135168 for
>>>>> RLIMIT_MEMLOCK against limit 32768 for
>>>>> /usr/bin/miro.real[miro.real:12965] uid/euid:1000/1000
>>>>> gid/egid:100/100, parent /usr/bin/miro[miro:12964] uid/euid:1000/1000
>>>>> gid/egid:100/100
>>>>>
>>>>> but both 'paxctl -m /usr/bin/miro' and 'paxctl -m /usr/bin/miro.real'
>>>>> return "file is not a valid ELF executable".  Am I using the wrong
>>>>> command?
>>>>>
>>>>> - Grant
>
>

Re: [gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m

[pageexec]

On 25 Jan 2009 at 7:12, Grant wrote:

> I'm getting:
> 
> grsec: denied resource overstep by requesting 135168 for
> RLIMIT_MEMLOCK against limit 32768 for
> /usr/bin/miro.real[miro.real:12965] uid/euid:1000/1000
> gid/egid:100/100, parent /usr/bin/miro[miro:12964] uid/euid:1000/1000
> gid/egid:100/100
> 
> but both 'paxctl -m /usr/bin/miro' and 'paxctl -m /usr/bin/miro.real'
> return "file is not a valid ELF executable".  Am I using the wrong
> command?

pax has nothing to do with such resource limits so paxctl won't 'fix'
them ;). 'man 1 bash' is your friend and look for 'ulimit' in there.

Re: [gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m

[Grant]

>> I'm getting:
>>
>> grsec: denied resource overstep by requesting 135168 for
>> RLIMIT_MEMLOCK against limit 32768 for
>> /usr/bin/miro.real[miro.real:12965] uid/euid:1000/1000
>> gid/egid:100/100, parent /usr/bin/miro[miro:12964] uid/euid:1000/1000
>> gid/egid:100/100
>>
>> but both 'paxctl -m /usr/bin/miro' and 'paxctl -m /usr/bin/miro.real'
>> return "file is not a valid ELF executable".  Am I using the wrong
>> command?
>
> pax has nothing to do with such resource limits so paxctl won't 'fix'
> them ;). 'man 1 bash' is your friend and look for 'ulimit' in there.

Alright, thank you.

- Grant