http://qa.mandrakesoft.com/show_bug.cgi?id=5880
[EMAIL PROTECTED] changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|blocker |normal
Priority|P1 |P2
Summary|kernel-secure is broken |kernel-secure is "broken"
------- Additional Comments From [EMAIL PROTECTED] 2003-01-10 00:23 -------
Well, I can't reproduce the "firewall bug" above anymore,
since I have been running the 10mdksecure for about 7 days,
without lockups...
so the only problem left is the initrd umount failure wich still is valid...,
so I'm lowering the rating on this bug ...
--
Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
------- Reminder: -------
assigned_to: [EMAIL PROTECTED]
status: NEW
creation_date:
description:
the grsec part of kernel-secure is locking the kernel "too tight",
as it blocks the initrd to get unmounted on boot...
(or actually it fails to sense the limits, setting them to 0)
Easy way to reproduce:
1. install kernel-secure
2. boot with it
3. you will see an error message about failing to unmount initrd..
if you look at the syslogs you will see:
grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against
limit 0 by... (in this case console-chars)
now this same bug will show up if you try to start for example X (not that I
want tu run X on a secured kernel, but anyway...)
The worse part of this is that if you put it on your firewall,
it will slowly start to "lock up" the kernel since the grsec thinks it's an
hacking attempt, and will freeze it's functions by longer and longer periods
until your firewall/gw stops passing traffic through...
