Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 613216

Summary: x11-base/xorg-server-1.19.2 with DRI3 on hardened - dmesg spam: denied resource overstep for RLIMIT_NOFILE
Product: Gentoo Linux Reporter: tttttttqqqqqqq <RottenStumpy>
Component: Current packagesAssignee: The Gentoo Linux Hardened Team <hardened>
Status: RESOLVED OBSOLETE    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description tttttttqqqqqqq 2017-03-19 13:00:11 UTC 
intel graphics
permanent noise in dmesg after switching to xorg 1.19

[   16.921193] grsec: denied resource overstep by requesting 2048 for RLIMIT_NOFILE against limit 1024 for /usr/bin/Xorg[X:1982] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sddm[sddm:1942] uid/euid:0/0 gid/egid:0/0
[   16.921782] grsec: denied resource overstep by requesting 2048 for RLIMIT_NOFILE against limit 1024 for /usr/bin/Xorg[X:1982] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sddm[sddm:1942] uid/euid:0/0 gid/egid:0/0
[   16.926095] grsec: denied resource overstep by requesting 2048 for RLIMIT_NOFILE against limit 1024 for /usr/bin/Xorg[X:1982] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sddm[sddm:1942] uid/euid:0/0 gid/egid:0/0
[   16.974350] grsec: denied resource overstep by requesting 2048 for RLIMIT_NOFILE against limit 1024 for /usr/bin/Xorg[X:1982] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sddm[sddm:1942] uid/euid:0/0 gid/egid:0/0
[   16.974603] grsec: denied resource overstep by requesting 2048 for RLIMIT_NOFILE against limit 1024 for /usr/bin/Xorg[X:1982] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sddm[sddm:1942] uid/euid:0/0 gid/egid:0/0
[   17.021800] grsec: denied resource overstep by requesting 2048 for RLIMIT_NOFILE against limit 1024 for /usr/bin/Xorg[X:1982] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sddm[sddm:1942] uid/euid:0/0 gid/egid:0/0
[   17.040621] grsec: denied resource overstep by requesting 2048 for RLIMIT_NOFILE against limit 1024 for /usr/bin/Xorg[X:1982] uid/euid:0/0 gid/egid:0/0, parent /usr/bin/sddm[sddm:1942] uid/euid:0/0 gid/egid:0/0
[   17.062488] grsec: more alerts, logging disabled for 10 seconds

affected both modesetting DDX (by default) and xf86-video-intel (with USE="dri3" or Option "DRI" "3" in xorg.conf)

workarounds that could solve this for me:
- set rc_ulimit="-n 2049" in /etc/conf.d/xdm
- disable dri3 (export LIBGL_DRI3_DISABLE=1 in /etc/profile or somewhere else) or USE="-dri3" for media-libs/mesa
Comment 1 Matt Turner gentoo-dev 2017-03-30 03:53:04 UTC 
hardened@, feel free to Cc x11@ if there's something for us to do.