| 1 |
> I've never been able to get mono to build with the hardened |
| 2 |
> kernel extensions active. The problem, as you might have |
| 3 |
> already deduced, is that mono violates some of hardened's |
| 4 |
> protection bits -- specifically, the mono runtime tries to |
| 5 |
> execute data as code. Once mono's installed you can flag |
| 6 |
> the binary to permit this. But during the build, a new mono |
| 7 |
> binary is built then run against some IL code, and it fails. |
| 8 |
|
| 9 |
the best/proper solution is to patch the mono build process to |
| 10 |
mark the intermediary results as well. either by explicitly |
| 11 |
calling paxctl or passing -Wl,-z,execheap in CFLAGS when linking |
| 12 |
the mono binary itself. |
| 13 |
|
| 14 |
> I have always had success in building mono by keeping a |
| 15 |
> separate kernel around without and of the GRSEC stuff |
| 16 |
> compiled it. |
| 17 |
|
| 18 |
you can use softmode for this purpose as well. |
| 19 |
|
| 20 |
-- |
| 21 |
gentoo-hardened@g.o mailing list |
Archives