Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 511070

Summary: games-strategy/0ad-0.0.16_alpha-r1 does not work in hardened system until MPROTECT is disabled
Product: Gentoo Linux Reporter: Nikoli <nikoli>
Component: [OLD] GamesAssignee: Julian Ospald <hasufell>
Status: RESOLVED OBSOLETE    
Severity: normal CC: games, hardened
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 510982    
Bug Blocks:    

Description Nikoli 2014-05-22 21:35:38 UTC 
In my hardened desktop system 0ad fails to start with this errors in dmesg:
grsec: denied RWX mmap of <anonymous mapping> by /usr/games/bin/pyrogenesis

After '/usr/sbin/paxctl-ng -l -m /usr/games/bin/pyrogenesis' game works fine.


Most likely the problem is in library from dev-lang/spidermonkey-24.2.0-r1: even with USE jit disabled it causes test failures with 'grsec: denied RWX mmap of <anonymous mapping>' errors in dmesg, so until bug #510982 is fixed 0ad ebuild should do this:
pax-mark m /usr/games/bin/pyrogenesis

P.S. Other 3d apps do not need pax marking in my desktops because foss drivers are used.
Comment 1 Julian Ospald 2014-05-22 21:43:51 UTC 
Can hardened@ confirm that this approach is ok?
Comment 2 Nikoli 2014-05-24 04:19:29 UTC 
After updating to dev-lang/spidermonkey-24.2.0-r2 no pax marking is required anymore.