blackdown jdk and sun jdk programs return immediated with "Killed" I can only execute java -help happens with javac, jar, etc. as well I set the system jdk and paths as detailed in the gentoo java doc. I even tried manually installing Sun's JDK (1.4.2_03). The system is a near virgin gentoo install with a couple of ebuilds added. Reproducible: Always Steps to Reproduce: 1.java 2. 3. Actual Results: $ java Killed $ Expected Results: run a java program, complain about no main method, etc. Portage 2.0.49-r21 (default-x86-1.4, gcc-3.2.3, glibc-2.3.2-r3, 2.4.20-gentoo-r6) ================================================================= System uname: 2.4.20-gentoo-r6 i686 Pentium III (Katmai) Gentoo Base System version 1.4.3.10 ccache version 2.3 [enabled] ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O3 -march=pentium3 -fprefetch-loop-arrays -funroll-loops -pipe" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/afs/C /etc/afs/afsws /etc/gconf /etc/env.d" CXXFLAGS="-O3 -march=pentium3 -fprefetch-loop-arrays -funroll-loops -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache sandbox" GENTOO_MIRRORS="ftp://csociety-ftp.ecn.purdue.edu/pub/gentoo/ http://mirrors.tds.net/gentoo http://csociety-ftp.ecn.purdue.edu/pub/gentoo/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acl acpi afs apache2 avi berkdb crypt cups dedicated doc encode foomaticdb gdbm gif gpm gtk2 icc imlib ipv6 java jikes jpeg libg++ libwww mad matrox mpeg mpi ncurses oggvorbis oss pam pdflib perl png postgres python quicktime readline samba sasl slang slp spell sse ssl svga tiff x86 xml2 zlib"
Are you using grsecurity enabled in your kernel ?
Yes, I assume that's the problem. Should I remove it completely or is there a specific setting that should be changed?
Please assing this bug to somebody with GRSecurity Knowledge and/or PAX Knowledge.
Now that I know what the problem was, I looked through some of the documentation and figure out how to use chpax. I have fixed the problem with chpax -s /opt/black.../bin/* Thanks for the assitance.
Trevor, This falls under known issues for us. Java by design requires the full address space to be RWX and not executable base address to be randomized. This means you can't really have PaX protect all of it. However a work around is available to you so you don't have to disable PaX system wide on your system at all. Here are your options. option 1) (Suggested) emerge chpax /etc/init.d/chpax start At this point it will set all the proper pax flags on the java binaries and other files you may have installed. these as defined by the filenames in /etc/conf.d/chpax and I try to keep that file as up2date when end users report known other binaries that for one reason or another need special PaX flags set to function. # Note: The md5sum's will change on all the ELF executables at this time as chpax will write a one byte flag in the ELF eheader. option 2) chpax -spr /opt/*jdk*/{jre,}/bin/* -- Using the tool scanelf from pax-utils. My working java looks like this. solar@simple / $ scanelf /opt/*jdk*/{jre,}/bin peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/jre/bin/java peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/jre/bin/keytool peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/jre/bin/policytool peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/jre/bin/kinit peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/jre/bin/klist peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/jre/bin/ktab peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/jre/bin/rmiregistry peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/jre/bin/rmid peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/jre/bin/orbd peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/jre/bin/servertool peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/jre/bin/tnameserv peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/jre/bin/java_vm peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/java peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/javac peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/javadoc peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/javah peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/idlj peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/keytool peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/jarsigner peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/policytool peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/kinit peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/klist peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/ktab peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/jar peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/appletviewer peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/rmic peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/rmiregistry peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/rmid peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/javap peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/native2ascii peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/serialver peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/orbd peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/servertool peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/tnameserv peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/extcheck peMrxs ET_EXEC /opt/blackdown-jdk-1.4.1_beta/bin/jdb
I'm supprised you got it to work at all without the -r