grsecurity forums


https://forums.grsecurity.net./

denied resource overstep RLIMIT_FSIZE

https://forums.grsecurity.net./viewtopic.php?f=3&t=2113

Page 1 of 1

denied resource overstep RLIMIT_FSIZE

PostPosted: Tue Mar 10, 2009 7:10 am
by Vincent
Hi All,

I've run into a problem with grsec and RLIMIT_FSIZE. When a user on my system tries to mail a large mail (around 10MB) with postfix, grsec outputs the following:
Code: Select all
Mar 10 10:15:36 ssh1.c1.internal kernel: grsec: (user:U:/usr/sbin/postdrop) denied resource overstep by requesting 10240000 for RLIMIT_FSIZE against limit 10240000 for /usr/sbin/postdrop[postdrop:3201] uid/euid:17818/17818 gid/egid:1001/103, parent /usr/sbin/sendmail[sendmail:3200] uid/euid:17818/17818 gid/egid:1001/1001


Trying to solve the problem I added
Code: Select all
RES_FSIZE       unlimited unlimited

to the user policy.

Unfortunatly the error still occurs. What am I doing wrong?

Thanks in advance.
Vincent

Re: denied resource overstep RLIMIT_FSIZE

PostPosted: Tue Mar 10, 2009 10:43 pm
by spender
This is because Postfix sets its own resource limits. To raise this limit, you have to modify the "message_size_limit" line in Postfix's main.cf

-Brad

Re: denied resource overstep RLIMIT_FSIZE

PostPosted: Thu Mar 12, 2009 6:20 am
by Vincent
Hi Brad,

Thanks for your reply. I was aware that postfix has its own message_size_limit, but I didn't know grsec would output an error when postfix hit its own limit.
I changed the message_size_limit and it works.

Thanks for your help.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/