From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-2429-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1LRALR-0000Wx-K8
	for garchives@archives.gentoo.org; Sun, 25 Jan 2009 19:08:33 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 42378E03E5;
	Sun, 25 Jan 2009 19:08:31 +0000 (UTC)
Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.152])
	by pigeon.gentoo.org (Postfix) with ESMTP id F0028E03E5
	for <gentoo-hardened@lists.gentoo.org>; Sun, 25 Jan 2009 19:08:30 +0000 (UTC)
Received: by fg-out-1718.google.com with SMTP id e21so3342862fga.14
        for <gentoo-hardened@lists.gentoo.org>; Sun, 25 Jan 2009 11:08:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        bh=dqkpN4rMzRQmzsWEV+2E8nYshZxpxp75JZyzwUyXYSI=;
        b=sLq0lC4dNDJCoZ85GL5KW2MAfY+p453rn3u4eOYUpB+8croe2wwTaqIqDeGtAo6yEg
         lbYYYpEtTtwgnTPCSkc3S9gQgpX1ZQ2d2Kn98u8+s9zSxcO8h5fFXE6FTQll2vMlMdwN
         hUDXYU2x28mYgs94QwVjL/Xhd2uTnQk5YOE1Y=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        b=VzEz5CJ4x3Sup3loX898C15fuc1Z9y32ybAifYGuYHZP9HKrbg6n6o/cYBkhHP6TYc
         7ZPdU90pxsUBKYuy7IzHOmb2UvQMapviFoWmFy147nCbLXFl8cgbQepFDxF6lwpogcbc
         0eZgd1X6ywgFpqtfBFXwXk6M601/lyaU77y2M=
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.181.49.3 with SMTP id b3mr690363bkk.21.1232910510260; Sun, 25 
	Jan 2009 11:08:30 -0800 (PST)
In-Reply-To: <497CB788.7540.5BFD86B@pageexec.freemail.hu>
References: <49bf44f10901250712i74b5c288odc24029975adbfd6@mail.gmail.com>
	 <497CB788.7540.5BFD86B@pageexec.freemail.hu>
Date: Sun, 25 Jan 2009 11:08:30 -0800
Message-ID: <49bf44f10901251108t3d59eb4aif1b58d895c396a55@mail.gmail.com>
Subject: Re: [gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m
From: Grant <emailgrant@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Archives-Salt: cdfca59f-7c7e-4da5-a6f0-da08b87bee35
X-Archives-Hash: d7fdd1d064d985d138960e08ab5cae85

>> I'm getting:
>>
>> grsec: denied resource overstep by requesting 135168 for
>> RLIMIT_MEMLOCK against limit 32768 for
>> /usr/bin/miro.real[miro.real:12965] uid/euid:1000/1000
>> gid/egid:100/100, parent /usr/bin/miro[miro:12964] uid/euid:1000/1000
>> gid/egid:100/100
>>
>> but both 'paxctl -m /usr/bin/miro' and 'paxctl -m /usr/bin/miro.real'
>> return "file is not a valid ELF executable".  Am I using the wrong
>> command?
>
> pax has nothing to do with such resource limits so paxctl won't 'fix'
> them ;). 'man 1 bash' is your friend and look for 'ulimit' in there.

Alright, thank you.

- Grant