Summary: | ebuild for sun-jdk does not run paxctl on grsecurity systems | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Morten Mertner <morten> |
Component: | [OLD] Development | Assignee: | Java team <java> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hardened |
Priority: | High | Keywords: | InVCS |
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Morten Mertner
2005-04-26 16:03:29 UTC
we use chpax for it if it's on the system. just emerge chpax and afterwards a jdk, then you're set I already have chpax installed, and that didn't help: james root # rc-update -s default | grep chpax chpax | default james root # /etc/init.d/chpax status * status: started Seems like the chpax tool isn't detecting new packages then. I waited more than an hour and still the newly emerged javadoc wouldn't run. I had to manually run both chpax and paxctl (not sure which of them fixed it) on the packages as described previously. Jan - the ebuilds fail to set the PaX flags for javadoc, both in the sun-jdk and the blackdown-jdk. Morten - currently /sbin/chpax is the only utility that works for foreign binaries, /sbin/paxctl is ineffective (but see bug #91122 if you're interested). However you're talking about /etc/init.d/chpax, the boot-time utility solar put together to set flags on boot across the system. It works, but you need to stop/start it after installing a package that needs it (this happens across a reboot, of course). /etc/init.d/chpax stop /etc/init.d/chpax start fixed in cvs, now we call chpax also for the javadoc binary. Thanks! (also to Kevin for the useful information bits) |