Gentoo Archives: gentoo-hardened

From: Alex Efros <powerman@××××××××.name>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] nvidia.ko with Grsecurity & PaX kernel
Date: Wed, 11 Sep 2013 21:25:05
Message-Id: 20130911212459.GE1862@home.power
In Reply to: Re: [gentoo-hardened] nvidia.ko with Grsecurity & PaX kernel by Balint Szente
1 Hi!
2
3 On Wed, Sep 11, 2013 at 11:44:07PM +0300, Balint Szente wrote:
4 > So I disabled CONFIG_PAX_MPROTECT for the moment.
5
6 It's much better to `paxctl-ng -m /usr/bin/Xorg` instead. And probably few
7 other applications (mplayer, glxgears, etc.).
8
9
10 Also, you can install latest stable nvidia-drivers by simple removing this
11 line from ebuild (bug already reported):
12
13 epatch "${FILESDIR}"/nvidia-drivers-pax-const.patch
14
15
16 Main issue with nvidia-drivers on hardened is what sometimes some race
17 condition happens and system just freezes. This may happens when starting
18 mplayer with hardware acceleration:
19 mplayer -vf-clr -vo vdpau -vc ffh264vdpau,ffmpeg12vdpau, …
20 or just in the middle of viewing video using flash in browser.
21
22 Not sure about flash, but when this happens with mplayer I've tried to
23 analyse what's going on: system is working, but incredible slow, it took
24 about 10 minutes to switch to another virtual desktop, run top, found
25 mplayer process using 100% CPU, try to kill it (don't remember is it was
26 successful or not), but it won't fix anything - system still was too slow.
27 In all cases I've to press RESET because trying to do normal shutdown
28 procedure may took hours.
29
30 --
31 WBR, Alex.

Replies

Subject Author
Re: [gentoo-hardened] nvidia.ko with Grsecurity & PaX kernel Balint Szente <balint@×××××××××.ro>