1 |
Mike Edenfield wrote: |
2 |
|
3 |
> I've never been able to get mono to build with the hardened kernel |
4 |
> extensions active. The problem, as you might have already deduced, is |
5 |
> that mono violates some of hardened's protection bits -- specifically, |
6 |
> the mono runtime tries to execute data as code. Once mono's installed |
7 |
> you can flag the binary to permit this. But during the build, a new |
8 |
> mono binary is built then run against some IL code, and it fails. |
9 |
> |
10 |
> I have always had success in building mono by keeping a separate |
11 |
> kernel around without and of the GRSEC stuff compiled it. It's a pain |
12 |
> in the ass but works. I suspect the only real 'solution' would be to |
13 |
> somehow hack up the ebuild to detect GRSEC and set the proper flags on |
14 |
> the new binary mid-build. |
15 |
|
16 |
Thank you for your reply. This makes sense. I guess the problem is that |
17 |
I need to run .net as a service on an internet visible server. I do not |
18 |
however want to remove hardened just for the sake of .net support! |
19 |
Do you think it is possible to create an entirely seperate chroot |
20 |
environment on said server, from which to run apache on a non-standard |
21 |
port, which is non-hardened and has mono support? |
22 |
|
23 |
Cheers, |
24 |
-c |
25 |
|
26 |
> |
27 |
> --Mike |
28 |
|
29 |
-- |
30 |
gentoo-hardened@g.o mailing list |