Skype currently does not work on hardened gentoo because of MPROTECT and EMUTRMAP. To get it to work I first created a flag on the binary via 'paxctl -C `which skype`' then 'paxctl -me `which skype`'. The steps can probably be combined. I can confrim that this works on net-im/skype-2.1.0.81 on amd64. Reproducible: Always Steps to Reproduce: 1. unmask skype 2. emerge skype 3. run skype 4. watch skype fail 5. paxmark skype 6. run skype 7. watch skype run 8. run skype run
Not sure what and how you tested, but this has already been reported unworking... *** This bug has been marked as a duplicate of bug 302589 ***
Samuli, I don't think it is a duplicate although they are heavily related, looks like skype removed the integrity checking code somehow as it works well now. I think we should keep this one for the discussion regarding adding the pax marking on the ebuild.
Assigning to the proper people I can also confirm this bug.
I have used paxctl -Cm /opt/skype/skype for over 2 months and it works for me.
I use skype for over a year now on my hardened/SELinux/PaX-enabled system without problems. My skype.postinst contains "paxctl -Cme /opt/skype/skype", I'll test without the "-e" later.
`paxctl -Cm /opt/skype/skype` works fine for me too on net-im/skype-2.2.0.35-r1, no needs in EMUTRAMP. ARCH x86. Any chance this paxmarking will be added into ebuild, to let me drop /etc/portage/bashrc.d/net-im/skype.postinst hack? Current ebuild actually inherit pax-utils but doesn't use it.
I'll see about working on this (was off my radar since it was opened before devship).
it is net-im/skype-2.2.0.35-r1 in the tree, please test