attempted resource overstep by requesting 4096 for RLIMIT...
Posted:
Sat Jun 21, 2003 11:58 pmby tschak909
when trying to run
ht://dig, htnotify dies in the middle of index building with:
grsec: From 63.84.43.65: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (htnotify:27281) UID(0) EUID(0), parent (rundig:27276) UID(0) EUID(0)
what do I need to do to give more resources to this program so it can complete?
-Thom
Re: attempted resource overstep by requesting 4096 for RLIMI
Posted:
Sun Jun 22, 2003 6:08 amby PaX Team
tschak909 wrote:what do I need to do to give more resources to this program so it can complete?
first check your logs for more messages related to this, especially those from PaX. my bet is that your app is getting killed by PaX, posting the relevant logs will help determine (and fix) it for sure.
Re: attempted resource overstep by requesting 4096 for RLIMI
Posted:
Sun Jun 22, 2003 2:44 pmby tschak
PaX Team wrote:tschak909 wrote:what do I need to do to give more resources to this program so it can complete?
first check your logs for more messages related to this, especially those from PaX. my bet is that your app is getting killed by PaX, posting the relevant logs will help determine (and fix) it for sure.
there are no PaX related messages, because I disabled PaX completely.
I deliberately turned off PaX in the kernel configs, and turning off all the options with chpax doesn't make a dent.
is there a way to increase RLIMIT_CORE for this app???
Resource overstep at seemingly random times.
Posted:
Mon Jun 23, 2003 11:56 pmby Nox
I am getting this resource overstep as well, but its very odd. At first it was just when i attempted to start squid for the first time. I thought ok, squid is being a bit too big for grsec's tastes, understandable. Then it started happenning with various other programs as well. nscd is now routinly shot by grsec and whenever I ping the local network, ping somehow manages to overstep resources, however pinging the internet is fine... Here are some log messages:
Jun 24 23:15:00 [kernel] grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (ping:23629) UID(0) EUID(0), parent (bash:7227) UID(0) EUID(0)
Jun 24 23:15:21 [kernel] grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (ping:14932) UID(0) EUID(0), parent (bash:7227) UID(0) EUID(0)
Jun 24 23:27:35 [kernel] grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (ping:25579) UID(0) EUID(0), parent (bash:12895) UID(0) EUID(0)
Jun 24 23:31:33 [kernel] grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (slapd:18210) UID(0) EUID(0), parent (runscript.sh:24483) UID(0) EUID(0)
Jun 24 23:31:42 [kernel] grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (slapd:12865) UID(0) EUID(0), parent (runscript.sh:14174) UID(0) EUID(0)
Jun 24 23:37:36 [kernel] grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (ping:14924) UID(0) EUID(0), parent (strace:32453) UID(0) EUID(0)
Jun 24 23:38:32 [kernel] grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (ping:27446) UID(0) EUID(0), parent (bash:12895) UID(0) EUID(0)
Jun 24 23:39:22 [kernel] grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (nscd:5637) UID(0) EUID(0), parent (nscd:21813) UID(0) EUID(0)
Jun 24 23:39:22 [kernel] grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (ping:10593) UID(0) EUID(0), parent (bash:12895) UID(0) EUID(0)
I do not get any other grsec logs, interestingly enough I turned on timechange and (un)mount logging, and none of those events actually get logged. I believe this is a bug in grsec.
I am using kernel 2.4.21 with the ck2 patch which includes some ck patches along with grsecurity and xfs. I would have thought it to be the other patches I applied though I'm seeing other people with the same problem. It would be nice if we could get this working.
Re: Resource overstep at seemingly random times.
Posted:
Wed Jun 25, 2003 10:41 amby PaX Team
Nox wrote:I am using kernel 2.4.21 with the ck2 patch which includes some ck patches along with grsecurity and xfs. I would have thought it to be the other patches I applied though I'm seeing other people with the same problem. It would be nice if we could get this working.
you should try the plain grsec patch first to see if the problem persists, then we'll need more info about the coredumps. generally you can try 'ulimit -c' to increase the core file size limit for apps started from a shell then you'll have to analyze the coredumps (so it's quite some debugging work). what may also help is an strace output where one of the last syscalls before the crash could give us a clue (e.g., a syscall returns some error due to a grsec restriction but the app doesn't check it).
No problem after disabling resource overstep logging.
Posted:
Wed Jun 25, 2003 12:21 pmby Nox
I disabled resource overstep auditing and the programs no longer die, I was able to start squid without a hitch and havn't had a single program, its wierd that resource auditing would kill programs as well, unfortunetly I don't know how much time I have to play around with this but I will make a new kernel on my testing box and see if I can get it to do this.