613216 – x11-base/xorg-server-1.19.2 with DRI3 on hardened - dmesg spam: denied resource overstep for RLIMIT_NOFILE

Bug 613216 - x11-base/xorg-server-1.19.2 with DRI3 on hardened - dmesg spam: denied resource overstep for RLIMIT_NOFILE

Summary: x11-base/xorg-server-1.19.2 with DRI3 on hardened - dmesg spam: denied resour...

Status:	RESOLVED OBSOLETE

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-03-19 13:00 UTC by tttttttqqqqqqq
Modified:	2018-10-12 00:51 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description tttttttqqqqqqq 2017-03-19 13:00:11 UTC

intel graphics
permanent noise in dmesg after switching to xorg 1.19

[   16.921193] grsec: denied resource overstep by requesting 2048 for RLIMIT_NOFILE against limit 1024 for /usr/bin/Xorg[X:1982] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sddm[sddm:1942] uid/euid:0/0 gid/egid:0/0
[   16.921782] grsec: denied resource overstep by requesting 2048 for RLIMIT_NOFILE against limit 1024 for /usr/bin/Xorg[X:1982] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sddm[sddm:1942] uid/euid:0/0 gid/egid:0/0
[   16.926095] grsec: denied resource overstep by requesting 2048 for RLIMIT_NOFILE against limit 1024 for /usr/bin/Xorg[X:1982] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sddm[sddm:1942] uid/euid:0/0 gid/egid:0/0
[   16.974350] grsec: denied resource overstep by requesting 2048 for RLIMIT_NOFILE against limit 1024 for /usr/bin/Xorg[X:1982] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sddm[sddm:1942] uid/euid:0/0 gid/egid:0/0
[   16.974603] grsec: denied resource overstep by requesting 2048 for RLIMIT_NOFILE against limit 1024 for /usr/bin/Xorg[X:1982] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sddm[sddm:1942] uid/euid:0/0 gid/egid:0/0
[   17.021800] grsec: denied resource overstep by requesting 2048 for RLIMIT_NOFILE against limit 1024 for /usr/bin/Xorg[X:1982] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sddm[sddm:1942] uid/euid:0/0 gid/egid:0/0
[   17.040621] grsec: denied resource overstep by requesting 2048 for RLIMIT_NOFILE against limit 1024 for /usr/bin/Xorg[X:1982] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sddm[sddm:1942] uid/euid:0/0 gid/egid:0/0
[   17.062488] grsec: more alerts, logging disabled for 10 seconds

affected both modesetting DDX (by default) and xf86-video-intel (with USE="dri3" or Option "DRI" "3" in xorg.conf)

workarounds that could solve this for me:
- set rc_ulimit="-n 2049" in /etc/conf.d/xdm
- disable dri3 (export LIBGL_DRI3_DISABLE=1 in /etc/profile or somewhere else) or USE="-dri3" for media-libs/mesa

Comment 1 Matt Turner gentoo-dev

2017-03-30 03:53:04 UTC

hardened@, feel free to Cc x11@ if there's something for us to do.