From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LR6pW-0007RV-LV for garchives@archives.gentoo.org; Sun, 25 Jan 2009 15:23:22 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 628BBE074E; Sun, 25 Jan 2009 15:23:21 +0000 (UTC) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.190]) by pigeon.gentoo.org (Postfix) with ESMTP id 2231FE074E for ; Sun, 25 Jan 2009 15:23:21 +0000 (UTC) Received: by mu-out-0910.google.com with SMTP id i2so4001908mue.6 for ; Sun, 25 Jan 2009 07:23:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=xWAZ+2jVRMT5VQLpr+q+ekLLKepY3HFsF9J/n8Dq6hs=; b=p6v5w4gtvSn0CFo+OOA1MatweNmlhQg33iIPKVk4KHSdfvEH1DSSC0FpSs6zN7qo5J 6h5mFmsx9swcwMkBbMc7+C47lAa3dAoatQ0sPt+mKt+92NG51b+hfPBEo+1V00TdCewB PGfVSKdnFnbjbBW6Peam5XEGB910oimAjHJX4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=o0hlPxOJK93jljT1f56aB3wmJQ6IrkYMEOSELlA09V8WFVXMlOqGPDkhNGr7vZ/Z66 tZ73P+4cUx75vIAn+TDE5UzV2vqRO444uzH3k5WUcBKoqjU9oooNrlaem+XPFcJk3c/u sWw893p9BmDAzfB4CnZi3LL/XHZ6mzkHuoYLs= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.103.229.12 with SMTP id g12mr870542mur.16.1232897000527; Sun, 25 Jan 2009 07:23:20 -0800 (PST) In-Reply-To: <49bf44f10901250712i74b5c288odc24029975adbfd6@mail.gmail.com> References: <49bf44f10901250712i74b5c288odc24029975adbfd6@mail.gmail.com> Date: Sun, 25 Jan 2009 16:23:20 +0100 Message-ID: <897813410901250723r10c10336he53632cfee517de0@mail.gmail.com> Subject: Re: [gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m From: =?ISO-8859-1?Q?Javier_J=2E_Mart=EDnez_Cabez=F3n?= To: gentoo-hardened@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 8cff8d6d-bba2-45d4-bca4-33c24f324ac3 X-Archives-Hash: ede80a81c161783570a0df3f349f058b can you put the output of file /usr/bin/miro? 2009/1/25 Grant : > I'm getting: > > grsec: denied resource overstep by requesting 135168 for > RLIMIT_MEMLOCK against limit 32768 for > /usr/bin/miro.real[miro.real:12965] uid/euid:1000/1000 > gid/egid:100/100, parent /usr/bin/miro[miro:12964] uid/euid:1000/1000 > gid/egid:100/100 > > but both 'paxctl -m /usr/bin/miro' and 'paxctl -m /usr/bin/miro.real' > return "file is not a valid ELF executable". Am I using the wrong > command? > > - Grant > >