511070 – games-strategy/0ad-0.0.16_alpha-r1 does not work in hardened system until MPROTECT is disabled

Bug 511070 - games-strategy/0ad-0.0.16_alpha-r1 does not work in hardened system until MPROTECT is disabled

Summary: games-strategy/0ad-0.0.16_alpha-r1 does not work in hardened system until MPR...

Status:	RESOLVED OBSOLETE

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Games (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Julian Ospald

URL:
Whiteboard:
Keywords:

Depends on:	510982
Blocks:
	Show dependency tree

Reported:	2014-05-22 21:35 UTC by Nikoli
Modified:	2014-05-27 09:49 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nikoli 2014-05-22 21:35:38 UTC

In my hardened desktop system 0ad fails to start with this errors in dmesg:
grsec: denied RWX mmap of <anonymous mapping> by /usr/games/bin/pyrogenesis

After '/usr/sbin/paxctl-ng -l -m /usr/games/bin/pyrogenesis' game works fine.


Most likely the problem is in library from dev-lang/spidermonkey-24.2.0-r1: even with USE jit disabled it causes test failures with 'grsec: denied RWX mmap of <anonymous mapping>' errors in dmesg, so until bug #510982 is fixed 0ad ebuild should do this:
pax-mark m /usr/games/bin/pyrogenesis

P.S. Other 3d apps do not need pax marking in my desktops because foss drivers are used.

Comment 1 Julian Ospald 2014-05-22 21:43:51 UTC

Can hardened@ confirm that this approach is ok?

Comment 2 Nikoli 2014-05-24 04:19:29 UTC

After updating to dev-lang/spidermonkey-24.2.0-r2 no pax marking is required anymore.