denied resource overstep RLIMIT_FSIZE

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

denied resource overstep RLIMIT_FSIZE

Postby Vincent » Tue Mar 10, 2009 7:10 am

Hi All,

I've run into a problem with grsec and RLIMIT_FSIZE. When a user on my system tries to mail a large mail (around 10MB) with postfix, grsec outputs the following:
Code: Select all
Mar 10 10:15:36 ssh1.c1.internal kernel: grsec: (user:U:/usr/sbin/postdrop) denied resource overstep by requesting 10240000 for RLIMIT_FSIZE against limit 10240000 for /usr/sbin/postdrop[postdrop:3201] uid/euid:17818/17818 gid/egid:1001/103, parent /usr/sbin/sendmail[sendmail:3200] uid/euid:17818/17818 gid/egid:1001/1001


Trying to solve the problem I added
Code: Select all
RES_FSIZE       unlimited unlimited

to the user policy.

Unfortunatly the error still occurs. What am I doing wrong?

Thanks in advance.
Vincent
Vincent
 
Posts: 19
Joined: Mon Jan 07, 2008 8:33 am

Re: denied resource overstep RLIMIT_FSIZE

Postby spender » Tue Mar 10, 2009 10:43 pm

This is because Postfix sets its own resource limits. To raise this limit, you have to modify the "message_size_limit" line in Postfix's main.cf

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: denied resource overstep RLIMIT_FSIZE

Postby Vincent » Thu Mar 12, 2009 6:20 am

Hi Brad,

Thanks for your reply. I was aware that postfix has its own message_size_limit, but I didn't know grsec would output an error when postfix hit its own limit.
I changed the message_size_limit and it works.

Thanks for your help.
Vincent
 
Posts: 19
Joined: Mon Jan 07, 2008 8:33 am


Return to grsecurity support