Displaying 17 results from an estimated 17 matches for "rlimit_nproc".
2003 Apr 27
1
dovecot and grsecurity (problem with resource limits)
...exploits, it also reports violations of rlimits.
The following messages show up in the log, but it seems that the IMAP
Server works fine:
Apr 26 19:20:04 src at gate imap-login: Login: hz [192.168.0.11]
Apr 26 19:20:05 src at gate kernel: grsec: attempted resource overstep by
requesting 37 for RLIMIT_NPROC against limit 0 by (dovecot:10246) UID(0)
EUID(0), parent (dovecot:634) UID(0) EUID(0)
Apr 26 19:22:18 src at gate kernel: grsec: attempted resource overstep by
requesting 37 for RLIMIT_NPROC against limit 0 by (dovecot:19802) UID(0)
EUID(0), parent (dovecot:634) UID(0) EUID(0)
Apr 26 19:22:18 s...
2016 May 09
2
R process killed when allocating too large matrix (Mac OS X)
...t you cap memory to some fixed value.
> library(RAppArmor)
> rlimit_as(1e9)
> rnorm(1e9)
Error: cannot allocate vector of size 7.5 Gb
The RAppArmor package has many other utilities to protect your server
such from a mis-behaving process such as limiting cpu time
(RLIMIT_CPU), fork bombs (RLIMIT_NPROC) and file sizes (RLIMIT_FSIZE).
[1] http://linux.die.net/man/2/getrlimit
2001 Feb 08
0
openssh2.3.0p1 and /etc/limits
...imum filesize (KB)
+ * [Mm]: m = RLIMIT_MEMLOCK max locked-in-memory address space (KB)
+ * [Nn]: n = RLIMIT_NOFILE max number of open files
+ * [Rr]: r = RLIMIT_RSS max resident set size (KB)
+ * [Ss]: s = RLIMIT_STACK max stack size (KB)
+ * [Tt]: t = RLIMIT_CPU max CPU time (MIN)
+ * [Uu]: u = RLIMIT_NPROC max number of processes
+ * [Ll]: l = max number of logins for this user
+ * [Pp]: p = process priority -20..20 (negative = high priority)
+ *
+ * Return value:
+ * 0 = okay, of course
+ * LOGIN_ERROR_RLIMIT = error setting some RLIMIT
+ * LOGIN_ERROR_LOGIN = error - too many logins for this us...
2007 Oct 27
2
Resource temporarily unavailable
Hello, Im using dovecot for ages and im happy..
but at now strange things happens:
mutt returns:
Error talking to localhost (Connection reset by peer)
so i started telnet:
alnagon ~ % telnet localhost 143
Trying 127.0.0.1...
Connected to alnagon.localnet.cz.
Escape character is '^]'.
* OK Dovecot ready.
1 login karpi blablabla
1 OK Logged in.
Connection closed by foreign host.
Last
2011 Jun 22
3
sandbox pre-auth privsep child
...,16 @@ AC_SUBST([LD])
AC_C_INLINE
AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
+AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
+ #include <sys/types.h>
+ #include <sys/param.h>
+ #include <dev/systrace.h>
+])
+AC_CHECK_DECL([RLIMIT_NPROC],
+ [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
+ #include <sys/types.h>
+ #include <sys/resource.h>
+])
use_stack_protector=1
AC_ARG_WITH([stackprotect],
@@ -2461,6 +2471,34 @@ AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [
[non-privileged user for p...
2011 Jun 23
1
sandbox for OS X
Hi,
The systrace and rlimit sandboxes have been committed and will be in
snapshots dated 20110623 and later. This diff adds support for
pre-auth privsep sandboxing using the OS X sandbox_init(3) service.
It's a bit disappointing that the OS X developers chose such as
namespace-polluting header and function names "sandbox.h",
"sandbox_init()", etc. It already forced me to
2016 May 11
0
R process killed when allocating too large matrix (Mac OS X)
...t;
>> library(RAppArmor)
>> rlimit_as(1e9)
>> rnorm(1e9)
> Error: cannot allocate vector of size 7.5 Gb
>
> The RAppArmor package has many other utilities to protect your server
> such from a mis-behaving process such as limiting cpu time
> (RLIMIT_CPU), fork bombs (RLIMIT_NPROC) and file sizes (RLIMIT_FSIZE).
>
> [1] http://linux.die.net/man/2/getrlimit
>
> ______________________________________________
> R-devel at r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel
2003 Jun 15
1
Dovecot will not run on secure kernel.
...the kernel reports: kernel: grsec: From 192.168.1.22: attempt to overstep process limit by (dovecot:14491) UID(0) EUID(0), parent (dovecot:23872) UID(0) EUID(0)
I have never seen this problem in the 3 years I have used GrSecurity together with a lot of programs.
GrSecurity explains: "Enforce RLIMIT_NPROC on execs. Users with a resource limit on processes will have the value checked during execve() calls. The current system only checks the system limit during fork() calls."
Any ideas why Dovecot causes this problem?
--
Ola
2002 Jun 26
0
[Bug 301] New: In openssh 3.3 and 3.4 pam session seems be called from non-root
...ax=2147483647}) = 0
11860 setrlimit(RLIMIT_STACK, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(RLIMIT_CORE, {rlim_cur=50000*1024, rlim_max=50000*1024}) = -1
EPERM (Operation not permitted)
11860 setrlimit(RLIMIT_RSS, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(RLIMIT_NPROC, {rlim_cur=257, rlim_max=257}) = 0
11860 setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
11860 setrlimit(RLIMIT_MEMLOCK, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(RLIMIT_AS, {rlim_cur=2147483647, rlim_max=2147483647}) = 0
11860 setrlimit(0xa /* RLIMIT_??? */, {rli...
2016 May 05
2
R process killed when allocating too large matrix (Mac OS X)
On 05.05.2016 04:25, Marius Hofert wrote:
> Hi Simon,
>
> ... all interesting (but quite a bit above my head). I only read
> 'Linux' and want to throw in that this problem does not appear on
> Linux (it seems). I talked about this with Martin Maechler and he
> reported that the same example (on one of his machines; with NA_real_
> instead of '0's in the matrix)
2004 Nov 26
0
Dovecot 1.0-test52 and LDAP authentication
...0
setuid32(97) = 0
setuid32(0) = -1 EPERM (Operation not permitted)
getgid32() = 97
getegid32() = 97
setgid32(0) = -1 EPERM (Operation not permitted)
setrlimit(RLIMIT_NPROC, {rlim_cur=1, rlim_max=1}) = 0
gettimeofday({1101483703, 638988}, {4294967236, 0}) = 0
rt_sigaction(SIGHUP, {0x8056320, [], 0}, NULL, 8) = 0
rt_sigaction(SIGINT, {0x8056330, [INT], SA_RESTART}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTERM, {0x8056330, [TERM], SA_RESTART}, {SIG_DFL}, 8) = 0
rt_sigaction(S...
2023 Mar 28
1
[PATCH v6 11/11] vhost: allow userspace to create workers
...G_WORKER command.
+ *
+ * This must be called after VHOST_SET_OWNER and the caller must be the owner
+ * of the device. The new thread will inherit caller's cgroups and namespaces,
+ * and will share the caller's memory space. The new thread will also be
+ * counted against the caller's RLIMIT_NPROC value.
+ */
+#define VHOST_NEW_WORKER _IOW(VHOST_VIRTIO, 0x8, struct vhost_worker_state)
+/* Free a worker created with VHOST_NEW_WORKER if it's not attached to any
+ * virtqueue. If userspace is not able to call this for workers its created,
+ * the kernel will free all the device's worker...
2016 May 12
3
R process killed when allocating too large matrix (Mac OS X)
...(1e9)
>>> rnorm(1e9)
>> Error: cannot allocate vector of size 7.5 Gb
>>
>> The RAppArmor package has many other utilities to protect your server
>> such from a mis-behaving process such as limiting cpu time
>> (RLIMIT_CPU), fork bombs (RLIMIT_NPROC) and file sizes (RLIMIT_FSIZE).
>>
>> [1] http://linux.die.net/man/2/getrlimit
and from my current explorations I gather that all of these are
*not* Apparmor related... so could/should maybe rather migrate
into a lightweight package not mentioning AppArmor ?
2023 Dec 02
33
[Bug 3639] New: server thread aborts during client login after receiving SSH2_MSG_KEXINIT
https://bugzilla.mindrot.org/show_bug.cgi?id=3639
Bug ID: 3639
Summary: server thread aborts during client login after
receiving SSH2_MSG_KEXINIT
Product: Portable OpenSSH
Version: 9.2p1
Hardware: ARM
OS: Linux
Status: NEW
Severity: critical
Priority: P5
Component:
2004 Sep 21
2
2.6.2 rsync --daemon is not working for me
Hi!
I'm unable to write with remote rsync in daemon mode.
********* My configuration:
rsync 2.6.2
Linux 2.4.20-alt16-up (ALTLinux www.altlinux.org)
(There is owl-patch in ALTLinux-kernel)
========== /etc/rsyncd.conf =============
log file = /var/log/rsync
[routers]
comment = Our Backups
path = /mnt/backup/routers
uid = archiver
gid = archiver
use chroot = true
read only = false
list = true
2023 Mar 28
12
[PATCH v6 00/11] vhost: multiple worker support
The following patches were built over linux-next which contains various
vhost patches in mst's tree and the vhost_task patchset in Christian
Brauner's tree:
git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux.git
kernel.user_worker branch:
https://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux.git/log/?h=kernel.user_worker
The latter patchset handles the review comment
2010 May 17
0
strace log
......}) = 0
getpid() = 24666
getppid() = 24665
brk(0x6ce000) = 0x6ce000
getpgrp() = 24665
rt_sigaction(SIGCHLD, {0x439730, [], SA_RESTORER, 0x7f4868183f60},
{SIG_DFL}, 8) = 0
getrlimit(RLIMIT_NPROC, {rlim_cur=63440, rlim_max=63440}) = 0
brk(0x6cf000) = 0x6cf000
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
open("/usr/sbin/xm", O_RDONLY) = 3
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffffffcf00) = -1 ENOTTY
(Inappropriate ioctl for device)
lseek(3, 0...