supress alert flag for resource restrictions

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

supress alert flag for resource restrictions

Postby salam » Wed Feb 29, 2012 3:45 am

Hello,

Any chance to implement "s" flag for resource alerts? Lets take postfix as example. Here i have
RES_NPROC 120 130 for subject /usr/lib64/postfix/pipe

I have no idea why the program requests so much resources as there is only a very small mailserver running. Because of this, the logs gets filled with messages like
Code: Select all
kernel: grsec: (root:U:/usr/lib64/postfix/pipe) denied resource overstep by requesting 120 for RLIMIT_NPROC against limit 120 for /usr/lib64/postfix/pipe[pipe:15521] uid/euid:0/207 gid/egid:0/207, parent /usr/lib64/postfix/master[master:5340] uid/euid:0/0 gid/egid:0/0


From what I found here in the past, it seems that postfix generates alert when it hits its own limit specified in master.cf (dovecot unix - n n - 120 pipe) - my "120" process limit.
These messages are quite annoying as something more important may be missed in the mess. Regarding mail service itself, everything works ok, i just think that the daemon requests much more resources than it really needs(which may be abused for possible DDOS). What about an idea to implement ability to supress these kind of alerts in the future releases?
salam
 
Posts: 27
Joined: Wed Jul 19, 2006 7:22 am

Return to grsecurity support