| 1 |
On Fri, Mar 30, 2012 at 07:13:38PM +0200, Ђорђе Тодоровић wrote: |
| 2 |
> I am currently trying to run: net-im/skype on an amd64 non-multilib hardened |
| 3 |
> profile. I have grsec and pax enabled in kernel (.config in attachment), and I |
| 4 |
> am aware of this bug: [1], I am also aware that Skype is masked on hardened |
| 5 |
> profiles, but, while reading the bug report I saw mentions of some people |
| 6 |
> actually getting Skype to run on their machines. |
| 7 |
> |
| 8 |
> When I try to run Skype, it dies with the message: "Killed!" |
| 9 |
> dmesg says: |
| 10 |
> "[98725.282864] grsec: denied RWX mmap of /opt/skype/skype by /opt/skype/skype[skype:19989] uid/euid:1000/1000 gid/egid:100/100, parent /bin/bash[bash:19519] uid/euid:1000/1000 gid/egid:100/100" |
| 11 |
> |
| 12 |
> I tried using paxctl on $(which skype) but I get: |
| 13 |
> "file /usr/bin/skype is not a valid ELF executable" |
| 14 |
|
| 15 |
You can try to make it a valid ELF header first, and then paxmark it. |
| 16 |
|
| 17 |
I have the following for my Skype: |
| 18 |
paxctl -C /opt/skype/skype |
| 19 |
paxctl -me /opt/skype/skype |
| 20 |
|
| 21 |
Wkr, |
| 22 |
Sven Vermeulen |
Archives