1 |
> I've never been able to get mono to build with the hardened |
2 |
> kernel extensions active. The problem, as you might have |
3 |
> already deduced, is that mono violates some of hardened's |
4 |
> protection bits -- specifically, the mono runtime tries to |
5 |
> execute data as code. Once mono's installed you can flag |
6 |
> the binary to permit this. But during the build, a new mono |
7 |
> binary is built then run against some IL code, and it fails. |
8 |
|
9 |
the best/proper solution is to patch the mono build process to |
10 |
mark the intermediary results as well. either by explicitly |
11 |
calling paxctl or passing -Wl,-z,execheap in CFLAGS when linking |
12 |
the mono binary itself. |
13 |
|
14 |
> I have always had success in building mono by keeping a |
15 |
> separate kernel around without and of the GRSEC stuff |
16 |
> compiled it. |
17 |
|
18 |
you can use softmode for this purpose as well. |
19 |
|
20 |
-- |
21 |
gentoo-hardened@g.o mailing list |