From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
by finch.gentoo.org with esmtp (Exim 4.60)
(envelope-from <gentoo-hardened+bounces-2427-garchives=archives.gentoo.org@lists.gentoo.org>)
id 1LR8wY-0007cn-0j
for garchives@archives.gentoo.org; Sun, 25 Jan 2009 17:38:46 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id 270F5E049A;
Sun, 25 Jan 2009 17:38:45 +0000 (UTC)
Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.191])
by pigeon.gentoo.org (Postfix) with ESMTP id DBE3CE049A
for <gentoo-hardened@lists.gentoo.org>; Sun, 25 Jan 2009 17:38:44 +0000 (UTC)
Received: by mu-out-0910.google.com with SMTP id i2so4043647mue.6
for <gentoo-hardened@lists.gentoo.org>; Sun, 25 Jan 2009 09:38:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:in-reply-to:references
:date:message-id:subject:from:to:content-type
:content-transfer-encoding;
bh=LgW9Srn2AOZRAkSqx79/UWmULF6uVV3GlROvELr3a9U=;
b=bLOtkKkEfVyTvvGNwBOojFc0CPyZ662ICxJ94kayg3Bsc30yuNoYAxOfYudYLlubXt
WR2wdkyDSE3HPeqj6GhdL88I3CFFmLt1PaOj5LdWozyIm4yk1UQyc5BFUg6ZPCGoy8b4
wRQQcnfj9iRWoMb3yePrbhnRx2Z1Sk1qiL9tE=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type:content-transfer-encoding;
b=gtIP21LajvYVc+CxxinDy4T3XePhVkJKFByFhFA8PPatDfWYloEvnuGnhK+xiD83W7
gY0b9qtWrTFi1U4unjs7CyStFPkJPJJgHRbWE5RHNLvMg8AGZE/t3AJ+7nbBZvE8Pl1Z
4Mc0sUViYZyDotFTD3x/eyNb+RutYNdTOzxOk=
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.103.213.19 with SMTP id p19mr51504muq.9.1232905124241; Sun, 25
Jan 2009 09:38:44 -0800 (PST)
In-Reply-To: <49bf44f10901250935n376fd682l465bd459804c57b4@mail.gmail.com>
References: <49bf44f10901250712i74b5c288odc24029975adbfd6@mail.gmail.com>
<897813410901250723r10c10336he53632cfee517de0@mail.gmail.com>
<49bf44f10901250728x1c8637b1n2b53450082a41a04@mail.gmail.com>
<897813410901250928p515349cdua657d6f519edd194@mail.gmail.com>
<49bf44f10901250935n376fd682l465bd459804c57b4@mail.gmail.com>
Date: Sun, 25 Jan 2009 18:38:44 +0100
Message-ID: <897813410901250938w305b4136vcae96eabdd3b1ad6@mail.gmail.com>
Subject: Re: [gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m
From: =?ISO-8859-1?Q?Javier_J=2E_Mart=EDnez_Cabez=F3n?= <tazok.id0@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 77971f0c-74cd-47c3-a29c-5a1bdd5347a2
X-Archives-Hash: b275a684d2123cabf5dde79e8c3d7bc6
I think is ulimit related (I'm not an grsec user) look for ulimit.
2009/1/25 Grant <emailgrant@gmail.com>:
>> PaX flags only marks elf files not scripts.
>
> Is there anything I can do about the "denied resource overstep by
> requesting 135168 for
> RLIMIT_MEMLOCK"?
>
> - Grant
>
>
>>>> can you put the output of file /usr/bin/miro?
>>>
>>> That file is just:
>>>
>>> #!/bin/sh
>>> miro.real "$@"
>>>
>>> and /usr/bin/miro.real is a python script.
>>>
>>> - Grant
>>>
>>>
>>>>> I'm getting:
>>>>>
>>>>> grsec: denied resource overstep by requesting 135168 for
>>>>> RLIMIT_MEMLOCK against limit 32768 for
>>>>> /usr/bin/miro.real[miro.real:12965] uid/euid:1000/1000
>>>>> gid/egid:100/100, parent /usr/bin/miro[miro:12964] uid/euid:1000/1000
>>>>> gid/egid:100/100
>>>>>
>>>>> but both 'paxctl -m /usr/bin/miro' and 'paxctl -m /usr/bin/miro.real'
>>>>> return "file is not a valid ELF executable". Am I using the wrong
>>>>> command?
>>>>>
>>>>> - Grant
>
>