Gentoo Archives: gentoo-hardened

From:	Pavel Labushev <pavel.labushev@××××××.no>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] Denied RWX mmap while build gimp in chroot
Date:	Mon, 01 Oct 2012 18:04:09
Message-Id:	`20121001180409.1E83C21C01D@pigeon.gentoo.org`
In Reply to:	[gentoo-hardened] Denied RWX mmap while build gimp in chroot by "Alexander Y. Tiurin"

1	On Mon, 01 Oct 2012 20:42:11 +0400
2	"Alexander Y. Tiurin" <alexanderyt@×××××.com> wrote:
3
4	> And grsec log on host:
5	> 2012-10-01T20:11:33.198786+04:00 miniatx kernel: grsec: From
6	> 172.21.21.20: denied RWX mmap of
7	> /var/local/gentoo_chroots/g32s/usr/lib/opengl/xorg-x11/lib/libGL.so.1.2
8	> by
9	> /var/local/gentoo_chroots/g32s/var/tmp/portage/media-gfx/gimp-2.6.12-r5/work/gimp-2.6.12/conftest[conftest:30201]
10	> uid/euid:0/0 gid/egid:0/0, parent
11	> /var/local/gentoo_chroots/g32s/var/tmp/portage/media-gfx/gimp-2.6.12-r5/work/gimp-2.6.12/configure[configure:30200]
12	> uid/euid:0/0 gid/egid:0/0
13	>
14	> Please suggest any solution.
15
16	The following quick hack should work.
17
18	# paxctl -m /var/local/gentoo_chroots/g32s/var/tmp/portage/media-gfx/gimp-2.6.12-r5/work/gimp-2.6.12/conftest
19	And then:
20	# chroot /var/local/gentoo_chroots/g32s ebuild /usr/portage/media-gfx/gimp/gimp-2.6.12-r5.ebuild merge