dev-lang/orc is JIT, all bins that use it work only after 'paxctl-ng -m bin'. Best solution is too 'pax-mark m /usr/bin/orc-bugreport /usr/bin/orcc /usr/lib64/liborc*.so*' in ebuild and suggest running revdep-pax in pkg_postinst. See also bug #421579 You can use ati-drivers-13.4.ebuild as example. How to reproduce problem, now avconv is not able to encode until pax marked: $ avconv -i t.mkv -codec:v dirac -codec:a aac t1.mkv avconv version 9.6, Copyright (c) 2000-2013 the Libav developers built on May 21 2013 02:48:54 with gcc 4.6.3 (Gentoo Hardened 4.6.3 p1.13, pie-0.5.2) ... ORC: ERROR: orccodemem.c(285): orc_code_region_allocate_codemem(): Failed to create write and exec mmap regions. This is probably because SELinux execmem check is enabled (good) and $TMPDIR and $HOME are mounted noexec (bad). ORC: ERROR: orccodemem.c(148): orc_code_region_get_free_chunk(): assertion failed: 0 Аварийный останов After 'paxctl-ng -m /usr/bin/avconv' encoding works fine. Same with avplay: $ avplay t1.mkv avplay version 9.6, Copyright (c) 2003-2013 the Libav developers built on May 21 2013 02:48:54 with gcc 4.6.3 (Gentoo Hardened 4.6.3 p1.13, pie-0.5.2) ORC: ERROR: orccodemem.c(285): orc_code_region_allocate_codemem(): Failed to create write and exec mmap regions. This is probably because SELinux execmem check is enabled (good) and $TMPDIR and $HOME are mounted noexec (bad). ORC: ERROR: orccodemem.c(148): orc_code_region_get_free_chunk(): assertion failed: 0 Аварийный останов
Also profiles/hardened/linux/make.defaults should have -schroedinger in USE.
(In reply to Nikoli from comment #0) > dev-lang/orc is JIT, all bins that use it work only after 'paxctl-ng -m > bin'. Best solution is too 'pax-mark m /usr/bin/orc-bugreport /usr/bin/orcc > /usr/lib64/liborc*.so*' in ebuild and suggest running revdep-pax in > pkg_postinst. See also bug #421579 > You can use ati-drivers-13.4.ebuild as example. > Its easy enough to add the pax markings. Just add src_install something like the following: src_install() { default pax-mark m usr/bin/orc-bugreport pax-mark m usr/bin/orcc pax-mark m usr/$(get_libdir)/liborc*.so* } Then in pkg_postinst just do an if hardened to suggest running revdep-pax from the elfix package. dev-lang/orc belongs to gstreamer so we'll see what they have to say.
+*orc-0.4.24 (05 Jul 2015) + + 05 Jul 2015; Pacho Ramos <pacho@gentoo.org> +orc-0.4.24.ebuild, + -orc-0.4.19.ebuild, metadata.xml: + Version bump, pax marking is needed (#470842 by Nikoli and Anthony Basile), + drop old +