> On 2016/09/21 09:49, Jack J. Woehr wrote: > > As noted on the ports mailing list, after 6.0 upgrade/cvs source/build = > kernel/build world/pkg_add -u I am experiencing > > wx violations on a single whole-disk label mounted as / wxallowed. > > I see no changes between 6.0 and 6.0-stable in this area. > > > > Sol=E8ne Rapenne <sol...@perso.pw> posted: > >=20 > > > On -current binaries now needs both wxallowed on their mountpoint AND= > have to be compiled with -wxneeded flag. > > >=20 > > > Maybe this has been backported to 6.0-stable ? I don't know where to > > > look to check that. Maybe someone have a clue ? > >=20 > > Any tips? > >=20 > > Example errors from dmesg: > >=20 > > seamonkey(89184): mmap W^X violation > > java(79321): mprotect W^X violation > > In 6.0 the packages for these did not have WXNEEDED annotations so > they would trigger the log, however the kernel did not enforce it on > wxallowed fs. So it expected to see this in dmesg but it is not expected > for them to die for this reason. > > In -current after 6.0 the kernel enforced it strictly for non-WXNEEDED > executables for a while and killed the process if it made any W|X map > requests. > > In ports-land after this, many ports gained WXNEEDED annotations so > they would run normally and not print a message. > > After that (and still present) this changed to failing W|X map > requests and logging, but not killing the process. In some cases they > will accept the failure and handle it gracefully; in most cases they > won't. Again those executables with WXNEEDED annotations work > normally if they are on a "wxallowed" filesystem.. > > > > Output of mount command: > >=20 > > /dev/sd1a on / type ffs (local, wxallowed) > >=20 > > Output of dmesg command: > >=20 > > OpenBSD 6.0-stable (GENERIC.MP) #0: Sun Sep 18 20:37:21 MDT 2016 > > jax@varian.jaxrcfb:/usr/src/sys/arch/amd64/compile/GENERIC.MP
In other words, it is pretty simple -- reinstall, and prove reproducibility. And frankly, doing your entire system as /, should almost be an unsupported option. It is a ridiculous configuration for about 20 reasons.
