Index: Documentation/Configure.help =================================================================== RCS file: /home/cvs/grsecurity2/Documentation/Configure.help,v retrieving revision 1.2 diff -u -r1.2 Configure.help --- Documentation/Configure.help 15 Nov 2005 02:26:19 -0000 1.2 +++ Documentation/Configure.help 30 Jun 2006 01:44:09 -0000 @@ -24028,7 +24028,9 @@ CONFIG_GRKERNSEC_RESLOG If you say Y here, all attempts to overstep resource limits will be logged with the resource name, the requested size, and the current - limit. It is highly recommended that you say Y here. + limit. It is highly recommended that you say Y here. If the sysctl + option is enabled, a sysctl option with name "resource_logging" is + created. If the RBAC system is enabled this option is always on. Signal logging CONFIG_GRKERNSEC_SIGNAL Index: grsecurity/gracl_res.c =================================================================== RCS file: /home/cvs/grsecurity2/grsecurity/gracl_res.c,v retrieving revision 1.1 diff -u -r1.1 gracl_res.c --- grsecurity/gracl_res.c 15 Nov 2005 02:28:42 -0000 1.1 +++ grsecurity/gracl_res.c 30 Jun 2006 01:44:11 -0000 @@ -30,7 +30,7 @@ if (unlikely(((gt && wanted > task->rlim[res].rlim_cur) || (!gt && wanted >= task->rlim[res].rlim_cur)) && task->rlim[res].rlim_cur != RLIM_INFINITY)) - gr_log_res_ulong2_str(GR_DONT_AUDIT, GR_RESOURCE_MSG, task, wanted, restab_log[res], task->rlim[res].rlim_cur); - + if (gr_acl_is_enabled() || grsec_resource_logging) + gr_log_res_ulong2_str(GR_DONT_AUDIT, GR_RESOURCE_MSG, task, wanted, restab_log[res], task->rlim[res].rlim_cur); return; } Index: grsecurity/grsec_init.c =================================================================== RCS file: /home/cvs/grsecurity2/grsecurity/grsec_init.c,v retrieving revision 1.1 diff -u -r1.1 grsec_init.c --- grsecurity/grsec_init.c 15 Nov 2005 02:28:42 -0000 1.1 +++ grsecurity/grsec_init.c 30 Jun 2006 01:44:11 -0000 @@ -47,6 +47,7 @@ int grsec_enable_socket_server; int grsec_socket_server_gid; int grsec_lock; +int grsec_resource_logging; spinlock_t grsec_alert_lock = SPIN_LOCK_UNLOCKED; unsigned long grsec_alert_wtime = 0; @@ -162,6 +163,9 @@ #ifdef CONFIG_GRKERNSEC_TIME grsec_enable_time = 1; #endif +#ifdef CONFIG_GRKERNSEC_RELOG + grsec_resource_logging = 1; +#endif #ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK grsec_enable_chroot_findtask = 1; #endif Index: include/linux/grinternal.h =================================================================== RCS file: /home/cvs/grsecurity2/include/linux/grinternal.h,v retrieving revision 1.1 diff -u -r1.1 grinternal.h --- include/linux/grinternal.h 15 Nov 2005 02:29:15 -0000 1.1 +++ include/linux/grinternal.h 30 Jun 2006 01:44:12 -0000 @@ -71,6 +71,7 @@ extern int grsec_enable_mount; extern int grsec_enable_chdir; extern int grsec_lock; +extern int grsec_resource_logging; extern struct task_struct *child_reaper; Index: kernel/sysctl.c =================================================================== RCS file: /home/cvs/grsecurity2/kernel/sysctl.c,v retrieving revision 1.2 diff -u -r1.2 sysctl.c --- kernel/sysctl.c 15 Nov 2005 02:29:24 -0000 1.2 +++ kernel/sysctl.c 30 Jun 2006 01:44:16 -0000 @@ -313,7 +313,7 @@ #ifdef CONFIG_GRKERNSEC_SYSCTL enum {GS_LINK=1, GS_FIFO, GS_EXECVE, GS_EXECLOG, GS_SIGNAL, -GS_FORKFAIL, GS_TIME, GS_CHROOT_SHMAT, GS_CHROOT_UNIX, GS_CHROOT_MNT, +GS_FORKFAIL, GS_TIME, GS_RESLOG, GS_CHROOT_SHMAT, GS_CHROOT_UNIX, GS_CHROOT_MNT, GS_CHROOT_FCHDIR, GS_CHROOT_DBL, GS_CHROOT_PVT, GS_CHROOT_CD, GS_CHROOT_CM, GS_CHROOT_MK, GS_CHROOT_NI, GS_CHROOT_EXECLOG, GS_CHROOT_CAPS, GS_CHROOT_SYSCTL, GS_TPE, GS_TPE_GID, GS_TPE_ALL, @@ -351,6 +351,10 @@ {GS_TIME, "timechange_logging", &grsec_enable_time, sizeof (int), 0600, NULL, &proc_dointvec}, #endif +#ifdef CONFIG_GRKERNSEC_RESLOG + {GS_RESLOG, "resource_logging", &grsec_resource_logging, sizeof (int), + 0600, NULL, &proc_dointvec}, +#endif #ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT {GS_CHROOT_SHMAT, "chroot_deny_shmat", &grsec_enable_chroot_shmat, sizeof (int), 0600, NULL, &proc_dointvec},