On Sat, Sep 09, 2006 at 02:52:47PM +0200, [EMAIL PROTECTED] wrote: > the problem is that in 2.6.13 or so the default rlimit for > locked memory has been changed for both root and non-root > users, in particular they all get 8 pages by default. this > in turn catches unaware root apps by surprise (ntpd comes > to mind) as they no longer can mlock/mlockall beyond these > 8 pages, this is what grsecurity reported.
Ok, that makes sense. > there're two solutions: > > 1. patch the root app to explicitly increase RLIMIT_MEMLOCK > via setrlimit(3) before calling mlock/mlockall > > 2. execute 'ulimit -l unlimited' in the shell and start the > root app by hand > > the former is the correct method but the latter can be used > as a quick fix/confirmation at least. Damien can you see if the second option resolves your problem? I will see about geting the 1st adoped upstream if this hasn't happend already. > on a sidenote, based on the grsecurity log, heartbeat drops > only its euid from root but not its uid, is that intentional? I'm not sure, but I will find out. Thanks for all the excellent info, it certainly saved me a lot of hunting around. -- Horms H: http://www.vergenet.net/~horms/ W: http://www.valinux.co.jp/en/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
