Hi, I just turned on mprotect for amd64. The following sysctls have been set to 1
security.pax.mprotect.enable=1
security.pax.mprotect.global=1
If you want to see what processes hit this you can:
security.pax.mprotect.debug=1
This breaks programs that need to map segments both writable and executable,
for example java. To fix them you can:
paxctl +m /path/to/bin/java
Enjoy,
christos
