Bug 366167

vmware-workstation, vmware-player, and dev-util/android-sdk-update-manager fails to run if CONFIG_PAX_MPROTECT_COMPAT is not enable. Here is the error message:

Apr 30 12:24:40 [kernel] Program vmware-vmx tried to access /dev/mem between 0->100000.                                                                      
Apr 30 12:24:41 [kernel] grsec: denied RWX mmap of <anonymous mapping> by /opt/vmware/lib/vmware/bin/vmware-vmx[vmware-vmx:1844] uid/euid:1000/1000 gid/egid:
Apr 30 12:24:41 [kernel] grsec: Abort occurred at 000003e80000075a in /opt/vmware/lib/vmware/bin/vmware-vmx[vmware-vmx:1882] uid/euid:1000/1000 gid/egid:100/
Apr 30 12:24:41 [kernel] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /opt/vmware/lib/vmware/bin/vmware-vmx[vmware-

May 05 17:01:06 [kernel] grsec: denied RWX mmap of <anonymous mapping> by /opt/android-sdk-update-manager/tools/emulator[emulator:10530] uid/euid:1000/1000 g

So I suggest to enable that option in the virtualization profile.

emerge --info
Portage 2.1.9.42 (hardened/linux/amd64, gcc-4.4.5, libc-0-r0, 2.6.37-hardened-r7 x86_64)
=================================================================
System uname: Linux-2.6.37-hardened-r7-x86_64-Intel-R-_Core-TM-_i5_CPU_M_520_@_2.40GHz-with-gentoo-2.0.2
Timestamp of tree: Wed, 04 May 2011 12:00:01 +0000
app-shells/bash:     4.1_p9
dev-java/java-config: 2.1.11-r3
dev-lang/python:     2.7.1-r1, 3.1.3-r1
dev-util/cmake:      2.8.4-r1
sys-apps/baselayout: 2.0.2
sys-apps/openrc:     0.8.2-r1::pentoo
sys-apps/sandbox:    2.4
sys-devel/autoconf:  2.13, 2.65-r1
sys-devel/automake:  1.9.6-r3, 1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.4.5
sys-devel/gcc-config: 1.4.1-r1
sys-devel/libtool:   2.2.10
sys-devel/make:      3.81-r2
sys-kernel/linux-headers: 2.6.36.1
sys-libs/glibc:      2.11.3
virtual/os-headers:  0
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA PUEL AdobeFlash-10.1"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=core2 -mtune=generic -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=core2 -mtune=generic -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests binpkg-logs distlocks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
FFLAGS=""
GENTOO_MIRRORS="http://gentoo.channelx.biz/"
INSTALL_MASK=" /usr/lib/lib[0-9]*.la /usr/lib/lib[a-k]*.la /usr/lib/lib[m-z]*.la /usr/lib/libl[0-9]*.la /usr/lib/libl[a-s]*.la /usr/lib/libl[u-z]*.la /usr/lib/liblt[0-9]*.la /usr/lib/liblt[a-c]*.la /usr/lib/liblt[e-z]*.la /usr/lib/libltd[0-9]*.la /usr/lib/libltd[a-k]*.la /usr/lib/libltd[m-z]*.la /usr/lib/libltdl[0-9]*.la /usr/lib/libltdl[a-z]*.la "
LANG="C"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en ru"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/var/lib/layman/vmware /var/lib/layman/ikelos /usr/local/portage /pentoo"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X acl alsa amd64 avahi bash-completion berkdb branding bzip2 cli consolekit cracklib crypt cxx dbus dri exif flac gdbm gnome gnome-keyring gstreamer gtk hardened iconv java jpeg justify libnotify mmx modules mp3 mudflap multilib ncurses networkmanager nls nptl nptlonly opengl openmp oss pam pcre perl policykit pppd python qt4 readline samba session sse sse2 ssl sysfs syslog tcpd udev unicode urandom vaapi x264 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en ru" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="vesa intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS