Hello! I'm using a Hardened Kernel and set "Disallow ELF text relocations" (CONFIG_PAX_NOELFRELOCS=y). Because of that, I'm unable to run nxagent from nxserver-freenx package. It fails with the following error message:
/usr/NX/bin/nxagent: error while loading shared libraries: /usr/NX/lib/libXcompext.so.1: cannot make segment writable for relocation: Permission denied According to the Gentoo Hardened FAQ at <http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#paxnoelf>, that's okay - ie. the kernel setting causes the error message. Now, how do I allow text relocations for just ONE binary, while keeping it disallowed for every other executable (the ones which already exist and the ones, which are to come in the future)? I now would like to disable this error and allow my program to be run. How do I do that? The FAQ states, that there's a PaX feature called MPROTECT which is to be used and that MPROTECT must be disallowed on the executable which fails to get executed. How do I do that? I thought that I could do this with "chpax -m $binary" (replacing $binary by the path to the executable, of course. In this case, /usr/NX/bin/nxagent). But, I did this, and I still get the error message. How do I disallow MPROTECT on just one binary? What is "chpax -m" doing? Thanks, Alexander Skwar -- printk(KERN_DEBUG "%s: BUG... transmitter died. Kicking it.\n",...) linux-2.6.6/drivers/net/acenic.c -- gentoo-user@gentoo.org mailing list
