arts-1.3.0_grsec2_compile problem
Posted: Sun Oct 03, 2004 3:48 am
Posted this on Gentoo-hardened ML.
> Hi,
> Usually i use Gnome, but also have QT, arts and sometimes kdelibs
> installed.
> But when emerging arts-1.3.0 grsec2 breaks the process. Disabling grsec2
> (in /etc/init.d) does nothing as it seems this comes from grsec2-code in
> the kernel itself.
> here is the dmesg:
> ...SKIP...- part1 before disabling grsec2
> grsec: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE
> against limit 1024 by /usr/bin/postgres[postmaster:28855] uid/euid:70/70
> gid/egid:70/70, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
> ...SKIP... - part2 after disabling grsec2
> grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE
> against limit 0 by
> /var/tmp/portage/arts-1.3.0/work/arts-1.3.0/mcopidl/.libs/lt-mcopidl[lt-mcopidl:4517] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/make[make:4516] uid/euid:0/0 gid/egid:0/0
> grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE
> against limit 0 by
> /var/tmp/portage/arts-1.3.0/work/arts-1.3.0/mcopidl/.libs/lt-mcopidl[lt-mcopidl:4526] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/make[make:4516] uid/euid:0/0 gid/egid:0/0
> ...END...
> Same in in /var/log/mesages.
> One possible solution seems to be:
> 1.Disable grsec2 (part or all) functionality which is in the kernel
> just for the emerge (don't know how yet, i'll check) if possible at all;
> 2.Compile a temporary kernel w/o grsec and emerge arts (not good);
> 3.Compile new kernel (mm,ck) and use it for the emerge (fairly good as i
> may need such a kernel anyway - already had such but is old, before
> changing the mobo).
> Just a non-related question: could i use the 'default' spec GCC file
> (change it manually) to compile something and after that restore the
> default (hardened.spec)? Will this disable hardened-gcc use? Plus
> disabling any flags if needed.
> Should i file a BUG?
> PS: using all ~x86, GCC-3.4.1-r3, quite full grsec2 & PaX. Also could
> give more info on this.
> Thanks
> Rumen
>
Hi again,
As i've written this it seems my primary intention is just to get arts,
but not i'm more worried why grsec stopping it (there is a reason for
this i think) and if i should *disable* grsec2 at all to overcome this
'BUG'.
Thanks
Rumen
> Hi,
> Usually i use Gnome, but also have QT, arts and sometimes kdelibs
> installed.
> But when emerging arts-1.3.0 grsec2 breaks the process. Disabling grsec2
> (in /etc/init.d) does nothing as it seems this comes from grsec2-code in
> the kernel itself.
> here is the dmesg:
> ...SKIP...- part1 before disabling grsec2
> grsec: attempted resource overstep by requesting 1024 for RLIMIT_NOFILE
> against limit 1024 by /usr/bin/postgres[postmaster:28855] uid/euid:70/70
> gid/egid:70/70, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
> ...SKIP... - part2 after disabling grsec2
> grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE
> against limit 0 by
> /var/tmp/portage/arts-1.3.0/work/arts-1.3.0/mcopidl/.libs/lt-mcopidl[lt-mcopidl:4517] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/make[make:4516] uid/euid:0/0 gid/egid:0/0
> grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE
> against limit 0 by
> /var/tmp/portage/arts-1.3.0/work/arts-1.3.0/mcopidl/.libs/lt-mcopidl[lt-mcopidl:4526] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/make[make:4516] uid/euid:0/0 gid/egid:0/0
> ...END...
> Same in in /var/log/mesages.
> One possible solution seems to be:
> 1.Disable grsec2 (part or all) functionality which is in the kernel
> just for the emerge (don't know how yet, i'll check) if possible at all;
> 2.Compile a temporary kernel w/o grsec and emerge arts (not good);
> 3.Compile new kernel (mm,ck) and use it for the emerge (fairly good as i
> may need such a kernel anyway - already had such but is old, before
> changing the mobo).
> Just a non-related question: could i use the 'default' spec GCC file
> (change it manually) to compile something and after that restore the
> default (hardened.spec)? Will this disable hardened-gcc use? Plus
> disabling any flags if needed.
> Should i file a BUG?
> PS: using all ~x86, GCC-3.4.1-r3, quite full grsec2 & PaX. Also could
> give more info on this.
> Thanks
> Rumen
>
Hi again,
As i've written this it seems my primary intention is just to get arts,
but not i'm more worried why grsec stopping it (there is a reason for
this i think) and if i should *disable* grsec2 at all to overcome this
'BUG'.
Thanks
Rumen