Summary: | >=net-libs/webkit-gtk-1.6.1-r301 with USE=introspection fails to build on a hardened system | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | A. Person <tesoro302> |
Component: | [OLD] GNOME | Assignee: | Gentoo Linux Gnome Desktop Team <gnome> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hardened, mk, pageexec |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | build log |
Description
A. Person
2012-02-17 01:40:28 UTC
I would attach the build log but it's not letting me. Nothing happens when I click the Submit button. Here's a pastebin: http://pastebin.com/zZGivGX9 (In reply to comment #1) > I would attach the build log but it's not letting me. Nothing happens when I > click the Submit button. > > Here's a pastebin: > > http://pastebin.com/zZGivGX9 It was likely too big to be attached uncompressed. Command '['/var/tmp/portage/net-libs/webkit-gtk-1.6.1-r301/work/webkit-1.6.1/tmp-introspect81sMbD/WebKit-3.0', '--introspect-dump=/var/tmp/portage/net-libs/webkit-gtk-1.6.1-r301/work/webkit-1.6.1/tmp-introspect81sMbD/functions.txt,/var/tmp/portage/net-libs/webkit-gtk-1.6.1-r301/work/webkit-1.6.1/tmp-introspect81sMbD/dump.xml']' returned non-zero exit status -11 A segfault is quite inconclusive. Is there anything I can do? I'd really like to give midori a try. Please attach the entire build log to this bug report. It builds fine if I enable softmode. I also noticed midori will only run if softmode is enabled. Otherwise it segfaults. What should be my next step here? Would the build log still be helpful? yes, it's still helpful ;) Created attachment 302271 [details]
build log
My user didn't have permission to read the build log in /var/log/portage. Out of firefox, midori, and chromium, chromium was the only browser that told me I didn't have permission to read the file. The other two didn't even error, they just did weird quirky things. Can you try with 1.6.3-r300? I get the same from 1.6.3-r300: Command '['/var/tmp/portage/net-libs/webkit-gtk-1.6.3-r300/work/webkit-1.6.3/tmp-introspectYkZ7BN/WebKit-3.0', '--introspect-dump=/var/tmp/portage/net-libs/webkit-gtk-1.6.3-r300/work/webkit-1.6.3/tmp-introspectYkZ7BN/functions.txt,/var/tmp/portage/net-libs/webkit-gtk-1.6.3-r300/work/webkit-1.6.3/tmp-introspectYkZ7BN/dump.xml']' returned non-zero exit status -11 It still builds fine for me :-/, maybe because I am not running on hardened? I'm sure it's a hardened issue since it builds fine if I enable softmode. It's my understanding that something can be done in the ebuild to fix this though. (In reply to comment #12) > I'm sure it's a hardened issue since it builds fine if I enable softmode. It's > my understanding that something can be done in the ebuild to fix this though. As far as I know, nobody on the gnome team uses a hardened setup, so we can't really help you. Adding hardened team to the CC list, perhaps they have some advice. It would be nice if we could get an extract of the dmesg output with auditing enabled, you know to know if there are attempts at RWX mappings and so. Try to build it without jit enable Magnus, disabling jit did allow it to compile. Fixed in cvs; thanks for reporting and helping to pinpoint the cause of the problem.
> 04 Mar 2012; Alexandre Rostovtsev <tetromino@gentoo.org>
> webkit-gtk-1.6.3-r200.ebuild, webkit-gtk-1.6.3-r300.ebuild,
> +files/webkit-gtk-1.6.3-paxctl-introspection.patch,
> +files/gir-paxctl-lt-wrapper:
> Fix build problems on PaX with USE="introspection jit" (bug #404215, thanks
> to Grant and Magnus Granberg) by having g-ir-scanner call a libtool wrapper
> that disables secure memory protection on generated gir dumper binaries.
Hi, > 05 Mar 2012; Alexandre Rostovtsev <tetromino@gentoo.org> > webkit-gtk-1.6.3-r200.ebuild, webkit-gtk-1.6.3-r300.ebuild: > Also pax-mark jsc-1 and jsc-3 to prevent crashes on PaX systems. Why is this done unconditionally? PaX marking is unnecessary with -jit. See bug #338213. (In reply to comment #18) You are right; fixed in cvs. |