[Dovecot] Dovecot will not run on secure kernel.
I am trying to run Dovecot on RH 7.3 with Linux kernel 2.4.20 + GrSecurity patch. I downloaded the RPM yesterday and installed it.
When I start Dovecot the kernel reports: kernel: grsec: From 192.168.1.22: attempt to overstep process limit by (dovecot:14491) UID(0) EUID(0), parent (dovecot:23872) UID(0) EUID(0)
I have never seen this problem in the 3 years I have used GrSecurity together with a lot of programs.
GrSecurity explains: "Enforce RLIMIT_NPROC on execs. Users with a resource limit on processes will have the value checked during execve() calls. The current system only checks the system limit during fork() calls."
Any ideas why Dovecot causes this problem?
-- Ola
On Sun, 2003-06-15 at 15:55, Ola Garstad wrote:
I am trying to run Dovecot on RH 7.3 with Linux kernel 2.4.20 + GrSecurity patch. I downloaded the RPM yesterday and installed it.
When I start Dovecot the kernel reports: kernel: grsec: From 192.168.1.22: attempt to overstep process limit by (dovecot:14491) UID(0) EUID(0), parent (dovecot:23872) UID(0) EUID(0)
I thought v0.99.9 fixed this.. Unless grsec checks it now while trying to set the limit. See if this helps: diff -u -r1.10 main.c --- src/login-common/main.c 27 Apr 2003 01:21:50 -0000 1.10 +++ src/login-common/main.c 16 Jun 2003 08:38:10 -0000 @@ -131,7 +131,7 @@ static void drop_privileges(const char *name) { /* make sure we can't fork() */ - restrict_process_size((unsigned int)-1, 0); + restrict_process_size((unsigned int)-1, 1); /* Log file or syslog opening probably requires roots */ open_logfile(name);
participants (2)
-
Ola Garstad
-
Timo Sirainen