1 |
On 30 May 2005 at 15:13, Chris S wrote: |
2 |
|
3 |
[...] |
4 |
> Thank you for your reply. This makes sense. I guess the problem is that |
5 |
> I need to run .net as a service on an internet visible server. I do not |
6 |
> however want to remove hardened just for the sake of .net support! |
7 |
> Do you think it is possible to create an entirely seperate chroot |
8 |
> environment on said server, from which to run apache on a non-standard |
9 |
> port, which is non-hardened and has mono support? |
10 |
|
11 |
what matters for letting mono run under PaX is that you have to exempt |
12 |
it for runtime code generation. i don't know how apache/mono interact, |
13 |
but you'll see it from the PaX kill logs and you'll have to paxctl -m |
14 |
the affected process. |
15 |
|
16 |
if it's apache itself (e.g., it uses mono as some module vs. running |
17 |
mono as a separate process) then you're best off by having two apache |
18 |
binaries, one you should use for serving normal web content and run |
19 |
it with full PaX protections, and the other for serving mono stuff |
20 |
and have it exempted. in any case, you'll have to exempt the mono |
21 |
executable itself since it generates code at runtime. |
22 |
|
23 |
-- |
24 |
gentoo-hardened@g.o mailing list |