Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 417191

Summary: app-emulation/emul-linux-x86-gtklibs-20120520 needs pax marking - gtk-query-immodules-2.0-32: error while loading shared libraries: libGL.so.1: failed to map segment from shared object: Operation not permitted
Product: Gentoo Linux Reporter: Alex Efros <powerman-asdf>
Component: New packagesAssignee: AMD64 Project <amd64>
Status: RESOLVED TEST-REQUEST    
Severity: normal CC: gnome, hardened
Priority: Normal    
Version: unspecified   
Hardware: AMD64   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Alex Efros 2012-05-23 04:09:22 UTC 
On hardened system with nvidia-drivers:

 * Generating pango modules listing...
 * Generating gtk+ immodules/gdk-pixbuf loaders listing...
gtk-query-immodules-2.0-32: error while loading shared libraries: libGL.so.1: failed to map segment from shared object: Operation not permitted
 * Cannot update gtk.immodules, file generation failed
>>> app-emulation/emul-linux-x86-gtklibs-20120520 merged.

kernel log:

kern.alert: grsec: denied RWX mmap of /usr/lib32/opengl/nvidia/lib/libGL.so.295.49 by /usr/bin/gtk-query-immodules-2.0-32[gtk-query-immod:31693] uid/euid:0/0 gid/egid:0/0, parent /usr/lib64/portage/bin/ebuild.sh[ebuild.sh:31673] uid/euid:0/0 gid/egid:0/0

paxctl -m /usr/bin/gtk-query-immodules-2.0-32 will fix this issue, but looks like this should be done in ebuild, to avoid this error while merging package.
Comment 1 Pacho Ramos gentoo-dev 2012-05-23 19:31:58 UTC 
It's really surprising to me you need pax marking here but not in x11-libs/gtk+ :/
Comment 2 Alexandre Rostovtsev (RETIRED) gentoo-dev 2012-05-23 19:45:09 UTC 
(In reply to comment #1)
> It's really surprising to me you need pax marking here but not in
> x11-libs/gtk+ :/

PaX marking is done on executables, not libraries.
Comment 3 Alexandre Rostovtsev (RETIRED) gentoo-dev 2012-05-23 19:48:13 UTC 
(In reply to comment #2)

Ignore what I wrote, I misread comment #1 :/
Comment 4 Pacho Ramos gentoo-dev 2012-10-28 11:31:14 UTC 
Also try with latest emul set -> 20121028
Comment 5 Alex Efros 2012-12-12 08:18:33 UTC 
(In reply to comment #4)
> Also try with latest emul set -> 20121028

Same error.
Comment 6 Pacho Ramos gentoo-dev 2013-02-25 18:54:04 UTC 
Still valid with 20130224?
Comment 7 Pacho Ramos gentoo-dev 2013-07-21 17:56:23 UTC 
(In reply to Pacho Ramos from comment #6)
> Still valid with 20130224?
Comment 8 Alex Efros 2013-08-04 15:32:52 UTC 
(In reply to Pacho Ramos from comment #7)
> > Still valid with 20130224?
> Resolution: --- → TEST-REQUEST

 * Generating pango modules listing...
 * Generating gtk+ immodules/gdk-pixbuf loaders listing...
gtk-query-immodules-2.0-32: error while loading shared libraries: libGL.so.1: failed to map segment from shared object: Operation not permitted
 * Cannot update gtk.immodules, file generation failed
>>> app-emulation/emul-linux-x86-gtklibs-20130224 merged.

# paxctl-ng -v /usr/bin/gtk-query-immodules-2.0-32
/usr/bin/gtk-query-immodules-2.0-32:
	PT_PAX    : -e---
	XATTR_PAX : not found

# /usr/bin/gtk-query-immodules-2.0-32
/usr/bin/gtk-query-immodules-2.0-32: error while loading shared libraries: libGL.so.1: failed to map segment from shared object: Operation not permitted


For me it looks like nothing was changed, so it isn't fixed.