http://qa.mandrakesoft.com/show_bug.cgi?id=5880
Product: kernel
Component: secure
Summary: kernel-secure is broken
Product: kernel
Version: 2.4.22-10mdk
Platform: PC
OS/Version: All
Status: NEW
Severity: blocker
Priority: P1
Component: secure
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
the grsec part of kernel-secure is locking the kernel "too tight",
as it blocks the initrd to get unmounted on boot...
(or actually it fails to sense the limits, setting them to 0)
Easy way to reproduce:
1. install kernel-secure
2. boot with it
3. you will see an error message about failing to unmount initrd..
if you look at the syslogs you will see:
grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against
limit 0 by... (in this case console-chars)
now this same bug will show up if you try to start for example X (not that I
want tu run X on a secured kernel, but anyway...)
The worse part of this is that if you put it on your firewall,
it will slowly start to "lock up" the kernel since the grsec thinks it's an
hacking attempt, and will freeze it's functions by longer and longer periods
until your firewall/gw stops passing traffic through...
--
Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
