Created attachment 380218 [details] ghc-7.6.3-r1:20140705-100525.log.xz On my hardened ~amd64 machine with gcc-4.9.0 I see the following error. HC [stage 2] utils/ghctags/dist-install/build/Main.o ghc-stage2: failed to create OS thread: Operation not permitted utils/ghctags/ghc.mk:17: recipe for target 'utils/ghctags/dist-install/build/Main.o' failed make[1]: *** [utils/ghctags/dist-install/build/Main.o] Error 1 This is accompanied by the following message in the system logs: Jul 5 12:26:13 localhost kernel: [51209.358592] grsec: denied RWX mmap of <anonymous mapping> by /var/tmp/portage/dev-lang/ghc-7.6.3-r1/work/ghc-7.6.3/inplace/lib/ghc-stage2[ghc-stage2:9768] uid/euid:250/250 gid/egid:250/250, parent /bin/bash[sh:9767] uid/euid:250/250 gid/egid:250/250 Thus it seems, that there is some pax-marking necessary.
Created attachment 380220 [details] emerge --info
Yeah, we pax-mark it before bootstrap and after. ghc did not need pax marking to build itself before. Looks like now it does. ghc-7.8 might be not affected by this (ghc-7.8.2 in ::gentoo-haskell overlay). I'll try to look if it can be easily worked around by not using TH in stage2, or by plugging pax-mark in the middle of a build. Both should be trivial. Thanks for the report!
(In reply to Sergei Trofimovich from comment #2) > Looks like now it does. ghc-7.8 might be not affected by this (ghc-7.8.2 in > ::gentoo-haskell overlay). I tried a quick stab at 7.8.2 and it too was interrupted. This time it got a bit further and the log messages were: Jul 5 17:19:21 localhost kernel: [68805.568486] PAX: execution attempt in: (null), 00000000-00000000 00000000 Jul 5 17:19:21 localhost kernel: [68805.568489] PAX: terminating task: /var/tmp/portage/dev-lang/ghc-7.8.2/work/ghc-7.8.2/inplace/lib/bin/ghc-stage2(ghc-stage2):20477, uid/euid: 250/250, PC: 00000000000053d6, SP: 00007c1282a5c148 Jul 5 17:19:21 localhost kernel: [68805.568491] PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? Jul 5 17:19:21 localhost kernel: [68805.568502] PAX: bytes at SP-8: 00007c1282a5c280 00003b09abbb5b8c 00007c1282a5c280 00003b09a205b570 f825054b84600000 00003b09a8e90000 00007c1282a5c1f0 00007c1282a5c1f8 00007c1282a5c208 00007c1282a5c250 0000000000000000 Jul 5 17:19:21 localhost kernel: [68805.568514] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /var/tmp/portage/dev-lang/ghc-7.8.2/work/ghc-7.8.2/inplace/lib/bin/ghc-stage2[ghc-stage2:20477] uid/euid:250/250 gid/egid:250/250, parent /usr/bin/gmake[make:4460] uid/euid:250/250 gid/egid:250/250
Pushed early marking variant as: > 05 Jul 2014; Sergei Trofimovich <slyfox@gentoo.org> ghc-7.6.3-r1.ebuild: > pax-mark ghc-stage2 before it's used first time. Fixes bootstrap failure on > hardened (bug #516430 by Markus Oehme). Please, reopen with a new log if it still fails. Thanks!
