here is the end of an emerge with CC="${CC:gcc} -yet_exec -yno_propolice" the machine has linux-2.4.22-grsecurity-1.9.12 with PaX kernel all activated and without grsecurity ACL loaded String reference < > could not be resolved. f4102: Warning in the object (Type: Lang_Chars): String reference <String 2000 > could not be resolved. f4102: Warning in the object (Type: InfoBox, 1005): String reference < > could not be resolved. f4102: Warning in the object (Type: Lang_Chars): String reference <String 2000 > could not be resolved. f4102: Warning in the object (Type: InfoBox, 1012): String reference < > could not be resolved. ------------- rm -f ../unxlngi4.pro/bin/setup_services.rdb ../unxlngi4.pro/bin/regcomp.rdb ../unxlngi4.pro/bin/setup_services.tmp regcomp -register -r ../unxlngi4.pro/bin/setup_services.tmp -c "libi18n645li.so libi18npool645li.so libtk645li.so libmcnttype.so libdtransX11645li.so" register component 'libi18n645li.so' in registry '../unxlngi4.pro/bin/setup_services.tmp' succesful! register component 'libi18npool645li.so' in registry '../unxlngi4.pro/bin/setup_services.tmp' succesful! register component 'libtk645li.so' in registry '../unxlngi4.pro/bin/setup_services.tmp' succesful! register component 'libmcnttype.so' in registry '../unxlngi4.pro/bin/setup_services.tmp' succesful! register component 'libdtransX11645li.so' in registry '../unxlngi4.pro/bin/setup_services.tmp' succesful! regcomp -register -r ../unxlngi4.pro/bin/setup_services.tmp -c "javavm.uno.so javaloader.uno.so" register component 'javavm.uno.so' in registry '../unxlngi4.pro/bin/setup_services.tmp' succesful! register component 'javaloader.uno.so' in registry '../unxlngi4.pro/bin/setup_services.tmp' succesful! regcomp -register -r ../unxlngi4.pro/bin/regcomp.rdb -c "javavm.uno.so javaloader.uno.so" register component 'javavm.uno.so' in registry '../unxlngi4.pro/bin/regcomp.rdb' succesful! register component 'javaloader.uno.so' in registry '../unxlngi4.pro/bin/regcomp.rdb' succesful! regmerge ../unxlngi4.pro/bin/regcomp.rdb / /var/tmp/portage/openoffice-1.1.0/work/oo_1.1_src/solver/645/unxlngi4.pro/bin/udkapi.rdb merging registry "/var/tmp/portage/openoffice-1.1.0/work/oo_1.1_src/solver/645/unxlngi4.pro/bin/udkapi.rdb" under key "/" in registry "../unxlngi4.pro/bin/regcomp.rdb". setenv CLASSPATH /var/tmp/portage/openoffice-1.1.0/work/oo_1.1_src/solver/645/unxlngi4.pro/bin/unoil.jar:/var/tmp/portage/openoffice-1.1.0/work/oo_1.1_src/solver/645/unxlngi4.pro/bin/java_uno.jar:/var/tmp/portage/openoffice-1.1.0/work/oo_1.1_src/solver/645/unxlngi4.pro/bin/ridl.jar:/var/tmp/portage/openoffice-1.1.0/work/oo_1.1_src/solver/645/unxlngi4.pro/bin/sandbox.jar:/var/tmp/portage/openoffice-1.1.0/work/oo_1.1_src/solver/645/unxlngi4.pro/bin/jurt.jar:/var/tmp/portage/openoffice-1.1.0/work/oo_1.1_src/solver/645/unxlngi4.pro/lib:/opt/blackdown-jdk-1.4.1/jre/lib/rt.jar:. && setenv LD_LIBRARY_PATH .:/usr/i386-pc-linux-gnu/gcc-bin/3.2:/var/tmp/portage/openoffice-1.1.0/work/oo_1.1_src/solenv/unxlngi4.pro/lib:/opt/blackdown-jdk-1.4.1/jre/lib/i386:/opt/blackdown-jdk-1.4.1/jre/lib/i386/client:/opt/blackdown-jdk-1.4.1/jre/lib/i386/native_threads:../lib:/var/tmp/portage/openoffice-1.1.0/work/oo_1.1_src/solver/645/unxlngi4.pro/lib:: && \ regcomp -br ../unxlngi4.pro/bin/regcomp.rdb \ -register \ -r ../unxlngi4.pro/bin/setup_services.tmp \ -l com.sun.star.loader.Java2 \ -env:UNO_JAVA_COMPPATH=file:///var/tmp/portage/openoffice-1.1.0/work/oo_1.1_src/solver/645/unxlngi4.pro/bin\ -c vnd.sun.star.expand:\$UNO_JAVA_COMPPATH/java_uno_accessbridge.jar Killed dmake: Error code 137, while making '../unxlngi4.pro/bin/setup_services.rdb' ---* TG_SLO.MK *--- ERROR: Error 65280 occurred while making /var/tmp/portage/openoffice-1.1.0/work/oo_1.1_src/setup2/util !!! ERROR: app-office/openoffice-1.1.0 failed. !!! Function src_compile, Line 457, Exitcode 1 !!! Build failed! 05:56:47 [KW:][BOOTSYS] [19492.pty-s6.camille] [hcc-2.4.5-x86] camille ~ # PAX: terminating task: /var/tmp/portage/openoffice-1.1.0/work/oo_1.1_src/solver/645/unxlngi4.pro/bin/regcomp(regcomp):16411, uid/euid: 0/0, PC: 27d2ab28, SP: 5e85950c PAX: bytes at PC: 68 7f 02 00 00 d9 6c 24 00 58 c3 90 cc cc cc cc 00 00 00 00 grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (regcomp:16411) UID(0) EUID(0), parent (tcsh:16410) UID(0) EUID(0) PAX: terminating task: /var/tmp/portage/openoffice-1.1.0/work/oo_1.1_src/solver/645/unxlngi4.pro/bin/regcomp(regcomp):22467, uid/euid: 0/0, PC: 2e91db28, SP: 58a8516c PAX: bytes at PC: 68 7f 02 00 00 d9 6c 24 00 58 c3 90 cc cc cc cc 00 00 00 00 grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (regcomp:22467) UID(0) EUID(0), parent (tcsh:22466) UID(0) EUID(0) the resource overstep attempts are because PaX prevents "core" files to be written. a possible solution could be a chirugical implantation of chpax commands into the Makefile of openoffice building the regcomp please assing this bug to hardened@gentoo.org thanks, Alex Reproducible: Always Steps to Reproduce: 1. emerge grsec-sources, make menuconfig, enable all PaX options but not "disable Text Relocs" 2. reboot the system and compile all applications with hardened-gcc 3. edit openoffice to resemble -yet_exec -yno_propolice and emerge it Actual Results: see above in the output of the failed compile Expected Results: PaX should not have killed the regcomp running can we add hardened-gcc output to emerge info please? 12:47:33 [KW:][BOOTSYS] [19492.pty-s6.camille] [hcc-2.4.5-x86] camille ~ # emerge info Portage 2.0.49-r15 (hardened-x86-1.4, gcc-3.2.3, glibc-2.3.2-r1, 2.4.22-grsec-1.9.12) ================================================================= System uname: 2.4.22-grsec-1.9.12 i686 Intel(R) Celeron(TM) CPU 1200MHz Gentoo Base System version 1.4.3.10 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -mcpu=i686 -fomit-frame-pointer" CHOST="i386-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /var/qmail/control /usr/share/config /usr/kde/2/share/config /usr/kde/3/share/config /usr/X11R6/lib/X11/xkb" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-O2 -mcpu=i686 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="ccache autoaddcvs sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.oregonstate.edu http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 crypt nls zlib berkdb readline java X tcpd pam libwww ssl perl python esd imlib gtk opengl mozilla cdr"
I just ran into this too with the openoffice-bin build (and seemingly blackdown-jdk): grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by /opt/blackdown-jdk-1.4.1/bin/java[java:32763] uid/euid:1000/1000 gid/egid:407/407, parent /opt/OpenOffice.org1.1.0/program/setup.bin[setup.bin:25908] uid/euid:1000/1000 gid/egid:407/407 PAX: terminating task: /opt/OpenOffice.org1.1.0/program/soffice.bin(soffice.bin):32100, uid/euid: 1000/1000, PC: 3203265c, SP: 5cd0399c PAX: bytes at PC: b8 03 00 00 00 89 e2 e9 ea d3 33 00 00 00 00 00 00 00 00 00 grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by /opt/OpenOffice.org1.1.0/program/soffice.bin[soffice.bin:32100] uid/euid:1000/1000 gid/egid:407/407, parent /bin/bash[bash:21887] uid/euid:1000/1000 gid/egid:407/407 Just wanted to verify what you're seeing. This seems like something that needs to be fixed upstream?
frogger, see blackdown bug #14480
emrge chpax /etc/init.d/chpax restart fixes.
Hmmm, I just ran into the same problem when building OO on a PaX system. However, I cannot make sense out of the comments here and in blackdown bug #14480: 1.) My system is "newstyle" pax: It uses only paxctl flags, not chpax flags, and it doesn't have /etc/init.d/chpax as mentioned by solar in comment #3. 2.) I *have* applied paxctl to all the blackdown *binaries* (at least I believe so). However, PaX doesn't kill a blackdown *binary* here. It kills a binary named "regcomp", which is dynamically created during the OO build process and is linked against the blackdown *library* "libjvm.so", which causes the execution violation: Sep 22 13:52:47 kkhome kernel: PAX: execution attempt in: /opt/blackdown-jdk-1.4.1/jre/lib/i386/client/libjvm.so, 26fa8000-26fc3000 0035b000 Sep 22 13:52:47 kkhome kernel: PAX: terminating task: /var/tmp/portage/openoffice-ximian-1.3.4/work/oo_1.1.2_src/solver/645/unxlngi4.pro/bin/regcomp(regcomp): 1637, uid/euid: 250/250, PC: 26fb8b28, SP: 5c91caec So the question is: How do I apply "paxctl" to an executable which is dynamically created and used during an emerge???
reopening for user
*** Bug 64968 has been marked as a duplicate of this bug. ***
What do you want us to do here?
Simple: We have to find a way to massage the use of paxctl into the deeply nested Makefiles of this extraordinary long build. But until then: WONTFIX. Sincerely, Alex
solar@gentoo.org asked: "What do you want us to do here?" Good question. Long-term solutions: * Mess around with the ebuild or the makefiles of openoffice. * Upstream in PaX: Introduce a way to set pax flags on *libraries* (inherited by all executables using the lib). This would also solve this problem nicely. Short-term solutions: * Document the problem, emit some message when openoffice is emerged and PaX is active. * Make openoffice build cleanly without java (the openoffice-ximian ebuilds have IUSE="... java ...", but at least for me, openoffice-ximian-1.3.4 fails when emerged with USE="-java").
