After enabling and disabling policy with line (role root, subject /bin/bash):
- Code: Select all
RES_AS 5M 5M
there still exists limit:
- Code: Select all
xx:~# gradm -E
xx:~# gradm -D
Password:
xx:~# vim /etc/grsec/policy
vim: error while loading shared libraries: libc.so.6: failed to map segment from shared object: Cannot allocate memory
dmesg:
- Code: Select all
grsec: From 192.168.0.2: (root:U:/sbin/gradm) grsecurity 2.1.6 RBAC system loaded by /sbin/gradm[gradm:2339] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:2333] uid/euid:0/0 gid/egid:0/0
grsec: From 192.168.0.2: (root:U:/bin/bash) use of CAP_SYS_ADMIN denied for /bin/bash[bash:2333] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sshd[sshd:2330] uid/euid:0/0 gid/egid:0/0
grsec: From 192.168.0.2: (root:U:/bin/bash) use of CAP_SYS_RESOURCE denied for /bin/bash[bash:2333] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/sshd[sshd:2330] uid/euid:0/0 gid/egid:0/0
grsec: From 192.168.0.2: shutdown auth success for /sbin/gradm[gradm:2340] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:2333] uid/euid:0/0 gid/egid:0/0
grsec: From 192.168.0.22: denied resource overstep by requesting 5529600 for RLIMIT_AS against limit 5242880 for /usr/bin/vim[vim:2342] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:2333] uid/euid:0/0 gid/egid:0/0
regards
Robert