grsecurity forums

Hello all.

When I've installed grsecurity I couldn't use many programs that must be able to run (the qmal for example). So the solution is to eneble the full system learning mode. But gradm doesn't get all needed informations because programs are killed when they try to do something they can't. So my question is: is there any equivalent of permissive mode of selinux, so the gradm could collect oll the needed informations? Or is there any other proper way to do it?

What programs are being killed? The learning mode does not kill them. If it's PaX killing them (java for instance) then you need to chpax those binaries, but this has nothing to do with the learning system.

-Brad

tcpserver is every time killed due to resource overstep while the learning mode is enabled. I enable the learning mode like:
gradm -F -L /the/path/to/the/learning/log

sample log:
Dec 20 06:27:13 localhost kernel: grsec: attempted resource overstep by requesting 2973696 for RLIMIT_AS against limit 2000
000 by /usr/local/bin/tcpserver[tcpserver:31029] uid/euid:0/0 gid/egid:0/0, parent /package/admin/daemontools-0.76/command/
supervise[supervise:389] uid/euid:0/0 gid/egid:0/0

grsecurity doesn't set resource limits while in learning mode. That resource limit must have been set by the application, and the same log would be seen even if the learning mode is disabled.

-Brad

I always could ulimit tcpserver in it's starting script, but then the policy wouldn't be that restrictive.
So now as I understand grsec shouldn't kill processes (because one trys to braking grsec's restrictions) during learning mode. Is thet right?

Thanks for help.

That's correct. Any problems in applications during learning is not the result of learning.

-Brad