On Sun, 14 Aug 2005 12:53:28 +0200 Christoph Gysin <[EMAIL PROTECTED]> wrote:
> I'm playing around with grsecurity. Now I get lots of messages like this: > > grsec: denied resource overstep by requesting 7499776 for RLIMIT_MEMLOCK > against limit 32768 for > /usr/sbin/ntpd[ntpd:8525] uid/euid:123/123 gid/egid:123/123, parent > /sbin/init[init:1] uid/euid:0/0 > gid/egid:0/0 > > As far as I understand, ntpd is trying to allocate more memory than it is > allowed due to resource > limits. The limit seems to be 32M while ntpd tries to allocate 7G (!) of RAM? It's trying to *lock* memory, i.e. make it non-swapable. By default, Linux allows a process (root-owned) to lock up to 32kB of memory (those 32768 Bytes above). (Since Linux 2.6.9 even regular users can look up to 32kB of memory. This allows gpg to run securely without root privileges.) The question is, why ntpd is trying to raise that limit to >7MB, and if that is really necessary (see ntpd/ntpd.c). > > What is wrong here? You probably need to configure some rules to allow ntpd to change those limits. I don't know how this is done, though. Regards -- [email protected] mailing list
