On 08/01/12 09:08, PaX Team wrote: > On 1 Aug 2012 at 8:41, Michael Orlitzky wrote: > >> Thanks, here are strace -f logs from both the hardened box (where it >> fails) and a vanilla gentoo x86 VM (where it works). > > mmap2(NULL, 307200000, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = -1 ENOMEM (Cannot allocate > memory) > > this can fail for several reasons, not enough RAM (depends on how overcommit > is set), > not enough address space (hardened/PIE and ASLR together change how big the > holes in > the address space end up, SEGMEXEC halves the address space), etc. > >
Hmm.. I think this indirectly solves the problem. I've got, # cat /etc/security/limits.d/50-clamd.conf #<domain> <type> <item> <value> clamav - stack 512000 But it isn't taking effect: # cat /proc/25394/limits | grep stack Max stack size 307200000 307200000 bytes So, clamd is likely running out of stack just like the test program. I can probably figure that one out. But, I'd ruled out the stack size limitation because resource oversteps are supposed to be reported: # cat /proc/config.gz | gunzip | grep GRKERNSEC_RESLOG CONFIG_GRKERNSEC_RESLOG=y I've got nothing logged, even after the failures.
