Summary: | sys-kernel/hardened-sources-2.6.28-r7: PaX, X.org server (glx module), doesn't work | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Andrey Aleksandrovich <andrey.aleksandrovich> |
Component: | Hardened | Assignee: | The Gentoo Linux Hardened Kernel Team (OBSOLETE) <hardened-kernel+disabled> |
Status: | RESOLVED INVALID | ||
Severity: | major | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Andrey Aleksandrovich
2009-04-01 14:46:54 UTC
Here is my "emerge --info" * Overlay eclasses override eclasses from PORTDIR: * * '/usr/portage/local/layman/dev-pva/eclass/fdo-mime.eclass' * '/usr/portage/local/layman/xake-toolchain/eclass/flag-o-matic.eclass' * '/usr/portage/local/layman/xake-toolchain/eclass/toolchain.eclass' * '/usr/portage/local/layman/xake-toolchain/eclass/toolchain-funcs.eclass' * * It is best to avoid overriding eclasses from PORTDIR because it will * trigger invalidation of cached ebuild metadata that is distributed with * the portage tree. If you must override eclasses from PORTDIR then you * are advised to add FEATURES="metadata-transfer" to /etc/make.conf and to * run `emerge --regen` after each time that you run `emerge --sync`. Set * PORTAGE_ECLASS_WARNING_ENABLE="0" in /etc/make.conf if you would like to * disable this warning. Portage 2.1.6.7 (selinux/2007.0/amd64/hardened, gcc-4.3.3, glibc-2.9_p20081201-r3, 2.6.28-hardened-r7 x86_64) ================================================================= System uname: Linux-2.6.28-hardened-r7-x86_64-AMD_Athlon-tm-_64_Processor_3000+-with-glibc2.4 Timestamp of tree: Tue, 31 Mar 2009 01:45:02 +0000 app-shells/bash: 3.2_p39 dev-java/java-config: 2.1.7 dev-lang/python: 2.4.4-r13, 2.5.2-r7 dev-python/pycrypto: 2.0.1-r6 dev-util/cmake: 2.6.2-r1 sys-apps/baselayout: 2.0.0 sys-apps/openrc: 0.4.3-r1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.5, 1.7.9-r1, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=k8 -O2 -pipe" DISTDIR="/mnt/distfiles/distfiles" FEATURES="buildsyspkg ccache collision-protect distlocks fixpackages loadpolicy metadata-transfer parallel-fetch protect-owned sandbox selinux sesandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://10.102.114.101/gentoo" LANG="ru_UA.UTF-8" LC_ALL="" LDFLAGS="" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/xake-toolchain /usr/portage/local/layman/arcon /usr/portage/local/layman/dev-pva" SYNC="rsync://10.102.114.101/gentoo-portage" USE="3dnow X aac acpi alsa amd64 berkdb branding cli cracklib crypt cups dri flac fortran gdbm gpm hal hardened iconv isdnlog kde logitech-mouse midi mmx mmxext mp3 mudflap ncurses nls nptl nptlonly nvidia ogg opengl openmp pam pcre perl pic png pppd python qt3 qt4 readline reflection selinux session spl sse sse2 ssl tcpd unicode utf8 vorbis x264 xorg xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="nv nvidia vesa" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS A guess based on your emerge --info output is your 'eselect opengl list' is set to nvidia. Let's look @ nvidia's libglx.so: readelf -l /usr/lib/opengl/nvidia/extensions/libglx.so My bet is it has a RWE segment and no GNU_STACK or GNU_RELRO program headers. Next test: scanelf -qt /usr/lib/opengl/nvidia/extensions/libglx.so TEXTREL too, nvidia really isn't winning here. During the 2.6.27 kernel cycle PaX Team added some relro enforcements. You'll need to paxctl -m /usr/bin/Xorg to be able to run X. Closing as invalid. nvidia drivers are masked/unsupported on hardened and not using in-tree hardened toolchain. > A guess based on your emerge --info output is your 'eselect opengl list'
> is set to nvidia.
This is right, I forgot to switch opengl to "xorg-x11" and I have this problem with any driver /nvidia/nv/vesa (nvidia was as example).
Now, it works fine with "nv" driver. Thank you.
|