search for: rlimit_nproc

...exploits, it also reports violations of rlimits. The following messages show up in the log, but it seems that the IMAP Server works fine: Apr 26 19:20:04 src at gate imap-login: Login: hz [192.168.0.11] Apr 26 19:20:05 src at gate kernel: grsec: attempted resource overstep by requesting 37 for RLIMIT_NPROC against limit 0 by (dovecot:10246) UID(0) EUID(0), parent (dovecot:634) UID(0) EUID(0) Apr 26 19:22:18 src at gate kernel: grsec: attempted resource overstep by requesting 37 for RLIMIT_NPROC against limit 0 by (dovecot:19802) UID(0) EUID(0), parent (dovecot:634) UID(0) EUID(0) Apr 26 19:22:18 s...

...t you cap memory to some fixed value. > library(RAppArmor) > rlimit_as(1e9) > rnorm(1e9) Error: cannot allocate vector of size 7.5 Gb The RAppArmor package has many other utilities to protect your server such from a mis-behaving process such as limiting cpu time (RLIMIT_CPU), fork bombs (RLIMIT_NPROC) and file sizes (RLIMIT_FSIZE). [1] http://linux.die.net/man/2/getrlimit

...imum filesize (KB) + * [Mm]: m = RLIMIT_MEMLOCK max locked-in-memory address space (KB) + * [Nn]: n = RLIMIT_NOFILE max number of open files + * [Rr]: r = RLIMIT_RSS max resident set size (KB) + * [Ss]: s = RLIMIT_STACK max stack size (KB) + * [Tt]: t = RLIMIT_CPU max CPU time (MIN) + * [Uu]: u = RLIMIT_NPROC max number of processes + * [Ll]: l = max number of logins for this user + * [Pp]: p = process priority -20..20 (negative = high priority) + * + * Return value: + * 0 = okay, of course + * LOGIN_ERROR_RLIMIT = error setting some RLIMIT + * LOGIN_ERROR_LOGIN = error - too many logins for this us...

Hello, Im using dovecot for ages and im happy.. but at now strange things happens: mutt returns: Error talking to localhost (Connection reset by peer) so i started telnet: alnagon ~ % telnet localhost 143 Trying 127.0.0.1... Connected to alnagon.localnet.cz. Escape character is '^]'. * OK Dovecot ready. 1 login karpi blablabla 1 OK Logged in. Connection closed by foreign host. Last

...,16 @@ AC_SUBST([LD]) AC_C_INLINE AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) +AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ + #include <sys/types.h> + #include <sys/param.h> + #include <dev/systrace.h> +]) +AC_CHECK_DECL([RLIMIT_NPROC], + [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ + #include <sys/types.h> + #include <sys/resource.h> +]) use_stack_protector=1 AC_ARG_WITH([stackprotect], @@ -2461,6 +2471,34 @@ AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [ [non-privileged user for p...

Hi, The systrace and rlimit sandboxes have been committed and will be in snapshots dated 20110623 and later. This diff adds support for pre-auth privsep sandboxing using the OS X sandbox_init(3) service. It's a bit disappointing that the OS X developers chose such as namespace-polluting header and function names "sandbox.h", "sandbox_init()", etc. It already forced me to

...t; >> library(RAppArmor) >> rlimit_as(1e9) >> rnorm(1e9) > Error: cannot allocate vector of size 7.5 Gb > > The RAppArmor package has many other utilities to protect your server > such from a mis-behaving process such as limiting cpu time > (RLIMIT_CPU), fork bombs (RLIMIT_NPROC) and file sizes (RLIMIT_FSIZE). > > [1] http://linux.die.net/man/2/getrlimit > > ______________________________________________ > R-devel at r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel

...the kernel reports: kernel: grsec: From 192.168.1.22: attempt to overstep process limit by (dovecot:14491) UID(0) EUID(0), parent (dovecot:23872) UID(0) EUID(0) I have never seen this problem in the 3 years I have used GrSecurity together with a lot of programs. GrSecurity explains: "Enforce RLIMIT_NPROC on execs. Users with a resource limit on processes will have the value checked during execve() calls. The current system only checks the system limit during fork() calls." Any ideas why Dovecot causes this problem? -- Ola

...ax=2147483647}) = 0 11860 setrlimit(RLIMIT_STACK, {rlim_cur=2147483647, rlim_max=2147483647}) = 0 11860 setrlimit(RLIMIT_CORE, {rlim_cur=50000*1024, rlim_max=50000*1024}) = -1 EPERM (Operation not permitted) 11860 setrlimit(RLIMIT_RSS, {rlim_cur=2147483647, rlim_max=2147483647}) = 0 11860 setrlimit(RLIMIT_NPROC, {rlim_cur=257, rlim_max=257}) = 0 11860 setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0 11860 setrlimit(RLIMIT_MEMLOCK, {rlim_cur=2147483647, rlim_max=2147483647}) = 0 11860 setrlimit(RLIMIT_AS, {rlim_cur=2147483647, rlim_max=2147483647}) = 0 11860 setrlimit(0xa /* RLIMIT_??? */, {rli...

On 05.05.2016 04:25, Marius Hofert wrote: > Hi Simon, > > ... all interesting (but quite a bit above my head). I only read > 'Linux' and want to throw in that this problem does not appear on > Linux (it seems). I talked about this with Martin Maechler and he > reported that the same example (on one of his machines; with NA_real_ > instead of '0's in the matrix)

...0 setuid32(97) = 0 setuid32(0) = -1 EPERM (Operation not permitted) getgid32() = 97 getegid32() = 97 setgid32(0) = -1 EPERM (Operation not permitted) setrlimit(RLIMIT_NPROC, {rlim_cur=1, rlim_max=1}) = 0 gettimeofday({1101483703, 638988}, {4294967236, 0}) = 0 rt_sigaction(SIGHUP, {0x8056320, [], 0}, NULL, 8) = 0 rt_sigaction(SIGINT, {0x8056330, [INT], SA_RESTART}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGTERM, {0x8056330, [TERM], SA_RESTART}, {SIG_DFL}, 8) = 0 rt_sigaction(S...

...G_WORKER command. + * + * This must be called after VHOST_SET_OWNER and the caller must be the owner + * of the device. The new thread will inherit caller's cgroups and namespaces, + * and will share the caller's memory space. The new thread will also be + * counted against the caller's RLIMIT_NPROC value. + */ +#define VHOST_NEW_WORKER _IOW(VHOST_VIRTIO, 0x8, struct vhost_worker_state) +/* Free a worker created with VHOST_NEW_WORKER if it's not attached to any + * virtqueue. If userspace is not able to call this for workers its created, + * the kernel will free all the device's worker...

...(1e9) >>> rnorm(1e9) >> Error: cannot allocate vector of size 7.5 Gb >> >> The RAppArmor package has many other utilities to protect your server >> such from a mis-behaving process such as limiting cpu time >> (RLIMIT_CPU), fork bombs (RLIMIT_NPROC) and file sizes (RLIMIT_FSIZE). >> >> [1] http://linux.die.net/man/2/getrlimit and from my current explorations I gather that all of these are *not* Apparmor related... so could/should maybe rather migrate into a lightweight package not mentioning AppArmor ?

https://bugzilla.mindrot.org/show_bug.cgi?id=3639 Bug ID: 3639 Summary: server thread aborts during client login after receiving SSH2_MSG_KEXINIT Product: Portable OpenSSH Version: 9.2p1 Hardware: ARM OS: Linux Status: NEW Severity: critical Priority: P5 Component:

Hi! I'm unable to write with remote rsync in daemon mode. ********* My configuration: rsync 2.6.2 Linux 2.4.20-alt16-up (ALTLinux www.altlinux.org) (There is owl-patch in ALTLinux-kernel) ========== /etc/rsyncd.conf ============= log file = /var/log/rsync [routers] comment = Our Backups path = /mnt/backup/routers uid = archiver gid = archiver use chroot = true read only = false list = true

The following patches were built over linux-next which contains various vhost patches in mst's tree and the vhost_task patchset in Christian Brauner's tree: git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux.git kernel.user_worker branch: https://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux.git/log/?h=kernel.user_worker The latter patchset handles the review comment

......}) = 0 getpid() = 24666 getppid() = 24665 brk(0x6ce000) = 0x6ce000 getpgrp() = 24665 rt_sigaction(SIGCHLD, {0x439730, [], SA_RESTORER, 0x7f4868183f60}, {SIG_DFL}, 8) = 0 getrlimit(RLIMIT_NPROC, {rlim_cur=63440, rlim_max=63440}) = 0 brk(0x6cf000) = 0x6cf000 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 open("/usr/sbin/xm", O_RDONLY) = 3 ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffffffcf00) = -1 ENOTTY (Inappropriate ioctl for device) lseek(3, 0...