1 |
Hello! |
2 |
|
3 |
I'm using a Hardened Kernel and set "Disallow ELF text relocations" |
4 |
(CONFIG_PAX_NOELFRELOCS=y). Because of that, I'm unable to run |
5 |
nxagent from nxserver-freenx package. It fails with the following |
6 |
error message: |
7 |
|
8 |
/usr/NX/bin/nxagent: error while loading shared libraries: |
9 |
/usr/NX/lib/libXcompext.so.1: cannot make segment writable for relocation: |
10 |
Permission denied |
11 |
|
12 |
According to the Gentoo Hardened FAQ at |
13 |
<http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#paxnoelf>, |
14 |
that's okay - ie. the kernel setting causes the error message. |
15 |
|
16 |
Now, how do I allow text relocations for just ONE binary, while |
17 |
keeping it disallowed for every other executable (the ones which |
18 |
already exist and the ones, which are to come in the future)? |
19 |
|
20 |
I now would like to disable this error and allow my program to |
21 |
be run. How do I do that? The FAQ states, that there's a |
22 |
PaX feature called MPROTECT which is to be used and that |
23 |
MPROTECT must be disallowed on the executable which fails to |
24 |
get executed. |
25 |
|
26 |
How do I do that? |
27 |
|
28 |
I thought that I could do this with "chpax -m $binary" (replacing |
29 |
$binary by the path to the executable, of course. In this case, |
30 |
/usr/NX/bin/nxagent). But, I did this, and I still get the error |
31 |
message. |
32 |
|
33 |
How do I disallow MPROTECT on just one binary? What is "chpax |
34 |
-m" doing? |
35 |
|
36 |
Thanks, |
37 |
|
38 |
Alexander Skwar |
39 |
-- |
40 |
printk(KERN_DEBUG "%s: BUG... transmitter died. Kicking it.\n",...) |
41 |
linux-2.6.6/drivers/net/acenic.c |
42 |
-- |
43 |
gentoo-user@g.o mailing list |