Please add "paxmark m /usr/sbin/get-edid" into ebuild for hardened. # get-edid get-edid: get-edid version 2.0.0 mmap /dev/zero: Operation not permitted get-edid: error initialising realmode interface get-edid: do you have full superuser (root) permissions? kern.alert: grsec: denied RWX mmap of /dev/zero by /usr/sbin/get-edid[get-edid:15561] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:8060] uid/euid:0/0 gid/egid:0/0
This should be assigned to desktop-misc since its their package. First, can we get the dmesg error that suggests that get-edid needs MPROTECT off? Second, once we see that it really needs this marking then, desktop-misc can just add `pax-mark m /usr/sbin/get-edid` to src_install(), something like this src_install() { default pax-mark m /usr/sbin/get-edid }
(In reply to Anthony Basile from comment #1) > First, can we get the dmesg error that suggests that get-edid needs MPROTECT > off? home ~ # paxctl-ng -v /usr/sbin/get-edid /usr/sbin/get-edid: PT_PAX : -e--- XATTR_PAX : -e--- home ~ # get-edid get-edid: get-edid version 2.0.0 mmap /dev/zero: Operation not permitted get-edid: error initialising realmode interface get-edid: do you have full superuser (root) permissions? 2014-10-17_18:58:09.21534 kern.alert: grsec: denied RWX mmap of /dev/zero by /usr/sbin/get-edid[get-edid:30884] uid/euid:0/0 gid/egid:0/0, parent /bin/bash#new[bash:3035] uid/euid:0/0 gid/egid:0/0 home ~ # paxctl-ng -m /usr/sbin/get-edid home ~ # get-edid get-edid: get-edid version 2.0.0 Performing real mode VBE call Interrupt 0x10 ax=0x4f00 bx=0x0 cx=0x0 Function supported Call successful ...
Likely not needed in I2C mode, and in any case Gentoo has since dropped PaX/Grsecurity support owing to the fact said patches are no longer Open Source.
