grsecurity forums

[Randseed]

I have a problem with Grsecurity+PAX+SELinux with postgresql that's driving me insane.

Running the postgresql server results in an error about an "attempted resource overstep by requesting 1024 for RLIMIT_NOFILE against limit 1024 by /usr/bin/postgres[postmaster:pid] ..." The kernel then unceremoniously blows the process away with a SIGABRT, triggering a core dump, which isn't allowed to happen by a RLIMIT_CORE limit of 0 (by design).

No matter what I set the RLIMIT_NOFILE to in /etc/security/limits.conf, the same thing will happen, except that 1024 will be replaced with whatever I set the limit to.

At this point, I'd be happy just turning off the actual killing of processes due to resource limitations, particularly since I'm beginning to suspect that this might be a bug in postgresql 7.3. (How?) Postgresql is the only process on this machine that I would worry about going off the deepend anyway.

Any ideas?

[PaX Team]

At this point, I'd be happy just turning off the actual killing of processes due to resource limitations, particularly since I'm beginning to suspect that this might be a bug in postgresql 7.3. (How?) Postgresql is the only process on this machine that I would worry about going off the deepend anyway.

Any ideas?

maybe this is it: http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=1VFVB-6L8-13%40gated-at.bofh.it and http://www.mail-archive.com/pgsql-bugs@postgresql.org/msg08457.html

[Randseed]

maybe this is it: http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=1VFVB-6L8-13%40gated-at.bofh.it and http://www.mail-archive.com/pgsql-bugs@postgresql.org/msg08457.html

Yep. That's it. Thanks a lot!

[spender]

BTW, grsecurity does nothing other than report the attempted resource overstep, which means it doesn't kill your postgresql.

-Brad