search for: rlimit_fsize

Hi all. I have an old windows VM with an oldish cygwin that I use for the regression tests. Investigating one of the test failures, I see that it's for UsePrivilegeSeparation=sandbox, and it seems to be because setrlimit(RLIMIT_FSIZE, ...) is not supported. IMO, this isn't a big loss, since the most useful thing in the rlimit "sandbox" is the descriptor limits. Can anyone see a reason not to just omit RLIMIT_FSIZE on cygwin? It's a no-op unless you've explicitly set "UsePrivilegeSeparation sandbox&...

....d -c main.c main.c: In function 'sigxfsz_handler': main.c:545:19: error: storage size of 'rlim' isn't known struct rlimit rlim; ^ main.c:547:5: warning: implicit declaration of function 'getrlimit' [-Wimplicit-function-declaration] getrlimit(RLIMIT_FSIZE, &rlim); ^ main.c:547:15: error: 'RLIMIT_FSIZE' undeclared (first use in this function) getrlimit(RLIMIT_FSIZE, &rlim); ^ main.c:547:15: note: each undeclared identifier is reported only once for each function it appears in main.c:549:5: warning: implicit de...

...value. > library(RAppArmor) > rlimit_as(1e9) > rnorm(1e9) Error: cannot allocate vector of size 7.5 Gb The RAppArmor package has many other utilities to protect your server such from a mis-behaving process such as limiting cpu time (RLIMIT_CPU), fork bombs (RLIMIT_NPROC) and file sizes (RLIMIT_FSIZE). [1] http://linux.die.net/man/2/getrlimit

...limit) + * [Aa][Cc][Dd][Ff][Mm][Nn][Rr][Ss][Tt][Uu][Ll][Pp] + * (eg. 'C2F256D2048N5' or 'C2 F256 D2048 N5') + * where: + * [Aa]: a = RLIMIT_AS max address space (KB) + * [Cc]: c = RLIMIT_CORE max core file size (KB) + * [Dd]: d = RLIMIT_DATA max data size (KB) + * [Ff]: f = RLIMIT_FSIZE Maximum filesize (KB) + * [Mm]: m = RLIMIT_MEMLOCK max locked-in-memory address space (KB) + * [Nn]: n = RLIMIT_NOFILE max number of open files + * [Rr]: r = RLIMIT_RSS max resident set size (KB) + * [Ss]: s = RLIMIT_STACK max stack size (KB) + * [Tt]: t = RLIMIT_CPU max CPU time (MIN) + * [Uu]:...

Hi, I'm getting the following error occasional and can't find out why; 05/14/2011 09:28:51 rsyncing /dbtmp to /dbtmp.new (1st pass) .... rsync: writefd_unbuffered failed to write 4 bytes [sender]: Broken pipe (32) rsync: write failed on "/dbtmp.new/file.dmp": File too large (27) rsync error: error in file IO (code 11) at receiver.c(258) [receiver=2.6.9] rsync: connection

Has anyone tried LFS (ie >2G files support) and Ext3 together? Are there good reasons why this should/should not work? I see the RH enterprise kernel patch set specifically does not attempt both lfs and ext3, but the lfs patches themselves touch some reasonably localised parts of ext2, so I would hope (without having dived in there to test), that the ext3 changes would mirror that

Hi, The systrace and rlimit sandboxes have been committed and will be in snapshots dated 20110623 and later. This diff adds support for pre-auth privsep sandboxing using the OS X sandbox_init(3) service. It's a bit disappointing that the OS X developers chose such as namespace-polluting header and function names "sandbox.h", "sandbox_init()", etc. It already forced me to

...>> rlimit_as(1e9) >> rnorm(1e9) > Error: cannot allocate vector of size 7.5 Gb > > The RAppArmor package has many other utilities to protect your server > such from a mis-behaving process such as limiting cpu time > (RLIMIT_CPU), fork bombs (RLIMIT_NPROC) and file sizes (RLIMIT_FSIZE). > > [1] http://linux.die.net/man/2/getrlimit > > ______________________________________________ > R-devel at r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel

...uot;..., 4096) = 2508 11860 read(9, "", 4096) = 0 11860 close(9) = 0 11860 munmap(0x126000, 4096) = 0 11860 setreuid(1000, 4294967295) = 0 11860 setrlimit(RLIMIT_CPU, {rlim_cur=2147483647, rlim_max=2147483647}) = 0 11860 setrlimit(RLIMIT_FSIZE, {rlim_cur=2147483647, rlim_max=2147483647}) = 0 11860 setrlimit(RLIMIT_DATA, {rlim_cur=2147483647, rlim_max=2147483647}) = 0 11860 setrlimit(RLIMIT_STACK, {rlim_cur=2147483647, rlim_max=2147483647}) = 0 11860 setrlimit(RLIMIT_CORE, {rlim_cur=50000*1024, rlim_max=50000*1024}) = -1 EPERM (Operation...

...Red Hat Linux passwd-0.50-7 program without shadowing. #include <stdio.h> #include <sys/time.h> #include <stdlib.h> #include <unistd.h> #include <sys/resource.h> main () { struct rlimit rl, *rlp; rlp=&rl; rlp->rlim_cur=4000 ; rlp->rlim_max=4000 ; setrlimit(RLIMIT_FSIZE, rlp); execl("/usr/bin/passwd", "passwd", (char *) 0); } The resource being restricted is filesize, and if the passwd file is large enough it cannot be written back and the passwd program dies. This leaves the passwd file locked against further password changes - a denial of se...

On 05.05.2016 04:25, Marius Hofert wrote: > Hi Simon, > > ... all interesting (but quite a bit above my head). I only read > 'Linux' and want to throw in that this problem does not appear on > Linux (it seems). I talked about this with Martin Maechler and he > reported that the same example (on one of his machines; with NA_real_ > instead of '0's in the matrix)

Hi, I'm sorry if this is plain dumb or was already asked, but I couldn't find any reference to this. This is about ssh acting as a real terminal. Do some of you know pipe viewer, or 'pv' ? http://www.ivarch.com/programs/pv.shtml This clever little bit of code tries to write on your terminal some stats about data going through some pipes. But there's a nasty limitation

Hi, we're in the process of setting up large-page support on IBM regattas, but for large-page support the users have to have a set of extra capabilities (CAP_BYPASS_RAC_VMM,CAP_PROPAGATE). This are configured on a per user basis by listing which capability each user have in /etc/security/user. Unfortunately they don't get set when the users log in via OpenSSH (3.1p1). Does anybody know

When changing a file size with fallocate() the new size isn't being checked. In particular, the FSIZE ulimit isn't being checked, which makes fstest generic/228 fail. Simply adding a call to inode_newsize_ok() fixes this issue. Signed-off-by: Lu?s Henriques <lhenriques at suse.de> --- fs/ocfs2/file.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git

...5-RELEASE, are not vulnerable. The following command can be used to determine the block size used on a given filesystem: # dumpfs /some/filesystem | grep '^bsize' IV. Workaround On filesystems with 16k blocks, the bug cannot be exploited when a process has a file size resource limit (RLIMIT_FSIZE) of 63 MB or less. This can be most easily accomplished by modifying /etc/login.conf so that the appropriate login classes (typically `default') contain a field entry such as the following: :filesize=63m:\ After editing /etc/login.conf, the corresponding capability database must be r...

Hi. New (2.1.1p1) login code is nicer on AIX (4.2.1.0.06). Thanks. A couple of issues, though, which I haven't really dug into yet. I'm wondering if anyone else has seen them? If not, I'll investigate & report. 1. If I set "UseLogin" to "yes", everything seems fine except that the authentication agent forwarding doesn't work. The "SSH"

...y the API. + */ + debug3("%s: preparing rlimit sandbox", __func__); + box = xcalloc(1, sizeof(*box)); + box->child_pid = 0; + + return box; +} + +void +ssh_sandbox_child(struct ssh_sandbox *box) +{ + struct rlimit rl_zero; + + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + + if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) + fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", + __func__, strerror(errno)); + if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) + fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", + __func__, strerror(errno)); +#ifdef HAVE_RLIMIT_NPROC + if (...

...e9) >> Error: cannot allocate vector of size 7.5 Gb >> >> The RAppArmor package has many other utilities to protect your server >> such from a mis-behaving process such as limiting cpu time >> (RLIMIT_CPU), fork bombs (RLIMIT_NPROC) and file sizes (RLIMIT_FSIZE). >> >> [1] http://linux.die.net/man/2/getrlimit and from my current explorations I gather that all of these are *not* Apparmor related... so could/should maybe rather migrate into a lightweight package not mentioning AppArmor ?

https://bugzilla.mindrot.org/show_bug.cgi?id=3639 Bug ID: 3639 Summary: server thread aborts during client login after receiving SSH2_MSG_KEXINIT Product: Portable OpenSSH Version: 9.2p1 Hardware: ARM OS: Linux Status: NEW Severity: critical Priority: P5 Component:

depends on "autoconf: regenerate configure scripts with 4.4 version" This series removes some of the really old deadwood from the tools build and makes some other things which are on their way out configurable at build time with a default depending on how far down the slope I judge them to be. * nuke in tree copy of libaio * nuke obsolete tools: xsview, miniterm, lomount & sv *