Grsecurity Patch killt my Server

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Grsecurity Patch killt my Server

Postby A-N » Tue Feb 08, 2005 9:24 am

Hi,

yesterday the Grsec. Patch has kill my Server.

Code: Select all
Feb  7 23:49:24 Server1 kernel: VM: killing process eggdrop
Feb  7 23:49:41 Server1 kernel: VM: killing process neostats
Feb  7 23:50:38 Server1 kernel: VM: killing process services
Feb  7 23:51:08 Server1 kernel: VM: killing process named
Feb  7 23:51:08 Server1 kernel: VM: killing process main
Feb  7 23:54:25 Server1 kernel: VM: killing process psybnc
Feb  7 23:55:26 Server1 kernel: VM: killing process eggdrop
Feb  8 00:05:25 Server1 kernel: VM: killing process httpd
Feb  8 00:05:56 Server1 kernel: VM: killing process services




Code: Select all
Feb  7 23:48:08 Server1 kernel: grsec: From 213.XXX.XXX.XXX: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by /home/user/NeoStats/neostats[neostats:9190] uid/euid:516/516 gid/egid:100/100, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Feb  7 23:48:08 Server1 kernel: grsec: From 213.XXX.XXX.XXX:  attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by /home/user/NeoStats/neostats[neostats:9190] uid/euid:516/516 gid/egid:100/100, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Feb  7 23:48:21 Server1 kernel: grsec: From 213.XXX.XXX.XXX: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by /home/user/NeoStats/neostats[neostats:9190] uid/euid:516/516 gid/egid:100/100, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0


And than the server froze :(

Any idea why Grsecurity do that ?
A-N
 
Posts: 15
Joined: Wed Nov 17, 2004 2:00 pm

Postby spender » Fri Feb 11, 2005 9:47 am

Grsec doesn't itself enforce the resource limits. The kernel does. Grsec was just notifying you of what the system would have already done.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to grsecurity support

cron