I run a Gentoo (hardened/amd64) and after some modifications to my system (updates, new kernel, new softwares) I decided to reboot it. After the reboot, X.org did not start, neither did Amarok. After some investigations, I found that the X server could run with the nv driver but not with the nvidia driver, and Amarok crashed within a function in /usr/lib64/opengl/nvidia/lib/... A strace gave me : open("/dev/zero", O_RDWR) = 3 mmap(NULL, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|0x40, 3, 0) = -1 EPERM (Operation not permitted) mmap(NULL, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE, 3, 0) = -1 EPERM (Operation not permitted) close(3) = 0 --- SIGSEGV (Segmentation fault) @ 0 (0) --- With google, I found : http://mail-index.netbsd.org/tech-security/2004/06/24/0010.html > Now that we have noexec permissions on pages (for some architectures), > make the mapping of vnode backed pages with PROT_EXEC only be allowed > on filesystems that were not mounted with noexec. Otherwise, > mmap/uvm_map/mprotect will return EPERM for the mapping operation. So, I watched my /etc/fstab and found : udev /dev tmpfs nosuid,noexec,size=16M 0 0 After I removed the noexec flag, all worked perfectly. As said here : http://ou800doc.caldera.com/en/man/html.2/mmap.2.html nvidia should use : ptr = mmap(0, desired_size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, 0, 0); because MAP_ANONYMOUS causes mmap to ignore the file descriptor argument and act as if it had been given one referring to /dev/zero. Note : I tried several versions of xorg (included the 7.0), several versions of the nvidia-driver, two versions of the kernel (2.6.13 and 2.6.14), and two versions of amaroK with the same result. emerge info : Portage 2.1_pre3-r1 (hardened/amd64, gcc-3.4.5, glibc-2.3.6-r2, 2.6.14-hardened-r3-poubi64-1 x86_64) ================================================================= System uname: 2.6.14-hardened-r3-poubi64-1 x86_64 AMD Athlon(tm) 64 Processor 3000+ Gentoo Base System version 1.12.0_pre14 dev-lang/python: 2.3.5, 2.4.2 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1-r1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r3 ACCEPT_KEYWORDS="amd64 ~amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=athlon64 -O2 -pipe -fforce-addr" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/kde/3/share/config /usr/share/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/texmf/web2c /etc/env.d" CXXFLAGS="-march=athlon64 -O2 -pipe -fforce-addr" DISTDIR="/home/portage/distfiles" FEATURES="autoaddcvs autoconfig buildpkg ccache collision-protect distlocks nostrip sandbox sfperms strict userpriv usersandbox" GENTOO_MIRRORS="http://trumpetti.atm.tut.fi/gentoo http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" LANG="en_US.UTF-8" MAKEOPTS="-j2" PKGDIR="/home/portage/packages" PORTAGE_TMPDIR="/tmp" PORTDIR="/var/portage" PORTDIR_OVERLAY="/home/portage/overlay" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="amd64 X acl alsa berkdb caps crypt hardened ipv6 jpeg kde nls nptl nptlonly pam pic png readline ssl tcpd tiff unicode userlocales xinerama zlib elibc_glibc kernel_linux userland_GNU" Unset: ASFLAGS, CTARGET, LC_ALL, LDFLAGS, LINGUAS
(In reply to comment #0) > So, I watched my /etc/fstab and found : > udev /dev tmpfs nosuid,noexec,size=16M 0 0 > > After I removed the noexec flag, all worked perfectly. You are not supposed to have noexec for udev, it doesn't work on multiple occasions.