Just had to rebuild it on hardened amd64 because of update to python-3.3 and got compile error: ... libtool: link: x86_64-pc-linux-gnu-gcc -o /var/tmp/portage/net-libs/webkit-gtk-2.0.4/work/webkitgtk- 2.0.4/tmp-introspect36w_2o/.libs/WebKit2-3.0 -march=native -O2 -pipe -std=c99 -Wl,-O1 -Wl,--no-keep-memory /var/tmp/portage/net-libs/webkit-gtk-2.0.4/work/webkitgtk-2.0.4/tmp-introspect36w_2o/WebKit2-3.0.o -Wl,--export-dynamic -pthread -Wl,--export-dynamic -Wl,--as-needed -L. /var/tmp/portage/net-libs/webkit-gtk-2.0.4/work/webkitgtk-2.0.4/.libs/libwebkit2gtk-3.0.so -L/usr/lib64 -lenchant -lharfbuzz-icu -lharfbuzz -lgailutil-3 -lgeoclue -ldbus-glib-1 -ldbus-1 -lgstapp-1.0 -lgstaudio-1.0 -lgstfft-1.0 -lgstpbutils-1.0 -lgstvideo-1.0 -lgstbase-1.0 -lgstreamer-1.0 -ljpeg -lxslt -lxml2 -lGL -ldl -lpangoft2-1.0 -lfreetype -lfontconfig -lpng15 -lsqlite3 -lwebp -lXrender -lXcomposite -lXdamage -lXfixes -lXt -lX11 -lz /var/tmp/portage/net-libs/webkit-gtk-2.0.4/work/webkitgtk-2.0.4/.libs/libjavascriptcoregtk-3.0.so -lpthread -licui18n -licuuc -licudata -lgthread-2.0 -lgmodule-2.0 -lrt -lgtk-3 -lgdk-3 -lpangocairo-1.0 -lpango-1.0 -latk-1.0 -lcairo-gobject -lcairo -lgdk_pixbuf-2.0 -lsoup-2.4 -lgio-2.0 -lgobject-2.0 -lglib-2.0 -pthread /var/tmp/portage/net-libs/webkit-gtk-2.0.4/work/webkitgtk-2.0.4/tmp-introspect36w_2o/.libs/WebKit2-3.0: error while loading shared libraries: libGL.so.1: failed to map segment from shared object: Operation not permitted ERROR: can't resolve libraries to shared libraries: webkit2gtk-3.0, javascriptcoregtk-3.0 make[1]: *** [WebKit2-3.0.gir] Error 1 and this in kernel log: kern.alert: grsec: denied RWX mmap of /usr/lib64/opengl/nvidia/lib/libGL.so.331.20 by /var/tmp/portage/net-libs/webkit-gtk-2.0.4/work/webkitgtk-2.0.4/tmp-introspect36w_2o/.libs/WebKit2-3.0[WebKit2-3.0:14258] uid/euid:250/250 gid/egid:250/250, parent /usr/bin/ldd[ldd:14256] uid/euid:250/250 gid/egid:250/250 I've work around this by temporary switching to `eselect opengl set xorg-x11`, but looks like some paxmarking needed in ebuild or Makefile. Portage 2.2.7 (hardened/linux/amd64, gcc-4.7.3, glibc-2.16.0, 3.11.2-hardened x86_64) ================================================================= System uname: Linux-3.11.2-hardened-x86_64-Intel-R-_Core-TM-_i7-2600K_CPU_@_3.40GHz-with-gentoo-2.2 KiB Mem: 8162352 total, 1189624 free KiB Swap: 4200960 total, 3599992 free Timestamp of tree: Wed, 18 Dec 2013 02:15:02 +0000 ld GNU ld (GNU Binutils) 2.23.1 app-shells/bash: 4.2_p45 dev-java/java-config: 2.1.12-r1 dev-lang/python: 2.7.5-r3, 3.3.2-r2 dev-util/cmake: 2.8.11.2 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.12.4 sys-apps/sandbox: 2.6-r1 sys-devel/autoconf: 2.13, 2.69 sys-devel/automake: 1.11.6, 1.13.4 sys-devel/binutils: 2.23.1 sys-devel/gcc: 4.7.3-r1 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.9 (virtual/os-headers) sys-libs/glibc: 2.16.0 Repositories: gentoo perl-experimental-snapshots gamerlay powerman local ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /opt/upsmon-usb/EXT/DownOS /opt/upsmon-usb/EXT/JSystem /service /usr/inferno/keydb /usr/inferno/lib /usr/inferno/services /usr/share/config /usr/share/gnupg/qualified.txt /var/log /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage-distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps=y --autounmask-write=y --backtrack=15" FCFLAGS="-march=native -O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync webrsync-gpg xattr" FFLAGS="-march=native -O2 -pipe" GENTOO_MIRRORS="http://gentoo.iteam.net.ua/ http://tux.rainside.sk/gentoo/ http://trumpetti.atm.tut.fi/gentoo/ http://gentoo.inode.at/" LANG="ru_RU.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j8" PKGDIR="/usr/portage-packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_EXTRA_OPTS="--exclude ChangeLog --delete-excluded" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/perl-experimental-snapshots /var/lib/layman/gamerlay /var/lib/layman/powerman /usr/local/portage" SYNC="rsync://rsync3.ua.gentoo.org/gentoo-portage" USE="X a52 aac alac alsa amd64 avx bash-completion berkdb bzip2 caps cdda cddb cli cracklib crypt cxx dbus dri drm dts dvb dvd egl flac fontconfig gallium gdbm gif gles2 gnutls gpg hardened iconv icu id3tag idn ipv6 jpeg jpeg2k justify libnotify mac mad matroska mbox mmx mng modules mp3 mpeg mudflap multilib musepack mysql ncurses network-cron nls nptl nsplugin ogg opengl openmp openvg pam pax_kernel pcre perl png qt3support readline session spell sse sse2 sse3 sse4_1 sse4_2 ssl ssse3 svg tcpd theora tiff truetype unicode urandom vdpau vim-syntax vorbis wavpack x264 xattr xosd xv xvid xvmc zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="log_config vhost_alias autoindex alias rewrite dir deflate filter mime negotiation auth_basic authn_file authz_host authz_user authz_groupfile cgi actions headers env setenvif" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en ru" NGINX_MODULES_HTTP="access auth_basic autoindex browser charset empty_gif fastcgi geo gzip limit_conn limit_req map memcached proxy referer rewrite scgi split_clients ssi upstream_ip_hash userid uwsgi fancyindex" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" QEMU_SOFTMMU_TARGETS="x86_64 i386" QEMU_USER_TARGETS="x86_64 i386" RUBY_TARGETS="ruby19 ruby18" USERLAND="GNU" VIDEO_CARDS="nvidia nouveau" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, USE_PYTHON
Duplicate of https://bugs.gentoo.org/show_bug.cgi?id=483610 ?
(In reply to Anton Kochkov from comment #1) > Duplicate of https://bugs.gentoo.org/show_bug.cgi?id=483610 ? Oops, sorry, it is not duplicate, seen your messages here. Sadly there is no button to remove comment :/
*** Bug 483610 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of bug 483610 ***
Bug 483610 only happens on X86 and this bug is on both arches and nvidia. If nvidia is in VIDEO_CARDS is that okay if we pax mark as what we do with jit?
(In reply to Magnus Granberg from comment #5) > Bug 483610 only happens on X86 and this bug is on both arches and nvidia. > If nvidia is in VIDEO_CARDS is that okay if we pax mark as what we do with > jit? thanks for clarifying.
Please try with 2.4.4 (it fixed the jit enabling/disabling that was causing lots of problems on hardened)
I'm sorry, but I've switched to nouveau and don't want to reboot in next 4 weeks (my system hang/reboot every 3-10 days and I suspect this happens because of nvidia-drivers, so I wanna check is these hang/reboot will happens with nouveau). So, I'll be able to test this after I'll finish that experiment with nouveau.
net-libs/webkit-gtk-2.4.4-r200 merged on hardened host in a non-hardened chroot with -jit successfully. I think we can safely assume that it's going to work with jit but i'll confirm that on both amd64 and x86 tomorrow.
net-libs/webkit-gtk compiled on x86 with either -jit or jit USE.
