From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: root Newsgroups: gmane.comp.mathematics.axiom.devel,gmane.lisp.gcl.devel,gmane.emacs.devel Subject: [camm@enhanced.com: Re: [Gcl-devel] Re: unexec and fedora core 4] Date: Fri, 9 Dec 2005 17:49:50 -0500 Message-ID: <200512092249.jB9Mnoq03577@localhost.localdomain> Reply-To: daly@axiom-developer.org NNTP-Posting-Host: main.gmane.org X-Trace: sea.gmane.org 1134165787 18471 80.91.229.2 (9 Dec 2005 22:03:07 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Fri, 9 Dec 2005 22:03:07 +0000 (UTC) Cc: gcl-devel@gnu.org, emacs-devel@gnu.org, Matt Kaufmann , axiom-developer@nongnu.org, Sandip Ray Original-X-From: axiom-developer-bounces+gcmad-axiom-developer=gmane.org@nongnu.org Fri Dec 09 23:03:04 2005 Return-path: Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1EkqJK-00035N-VB for gcmad-axiom-developer@gmane.org; Fri, 09 Dec 2005 23:01:52 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1EkqJg-0005yE-7t for gcmad-axiom-developer@gmane.org; Fri, 09 Dec 2005 17:02:12 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1EkqIm-0005kX-DN for axiom-developer@nongnu.org; Fri, 09 Dec 2005 17:01:17 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1EkqIQ-0005d3-20 for axiom-developer@nongnu.org; Fri, 09 Dec 2005 17:01:14 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1EkqIN-0005bw-A6; Fri, 09 Dec 2005 17:00:51 -0500 Original-Received: from [24.154.1.24] (helo=mx-5.zoominternet.net) by monty-python.gnu.org with esmtp (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.34) id 1EkqJc-0003at-0H; Fri, 09 Dec 2005 17:02:08 -0500 Original-Received: from mua-1.zoominternet.net (mua-1.zoominternet.net [24.154.1.44]) by mx-5.zoominternet.net (8.12.11/8.12.11) with ESMTP id jB9LxqYC000707; Fri, 9 Dec 2005 16:59:53 -0500 Original-Received: from localhost.localdomain (acs-72-23-16-126.zoominternet.net [72.23.16.126]) by mua-1.zoominternet.net (Postfix) with ESMTP id 69DD57F411; Fri, 9 Dec 2005 16:59:52 -0500 (EST) Original-Received: (from root@localhost) by localhost.localdomain (8.11.6/8.11.6) id jB9Mnoq03577; Fri, 9 Dec 2005 17:49:50 -0500 Original-To: Emil Volcheck X-Spam-Score: 0.70 () [Tag at 15.00] FORGED_RCVD_HELO,J_CHICKENPOX_41 X-CanItPRO-Stream: outgoing X-Scanned-By: CanIt (www . roaringpenguin . com) on 24.154.1.24 X-BeenThere: axiom-developer@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Axiom Developers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: axiom-developer-bounces+gcmad-axiom-developer=gmane.org@nongnu.org Errors-To: axiom-developer-bounces+gcmad-axiom-developer=gmane.org@nongnu.org Xref: news.gmane.org gmane.comp.mathematics.axiom.devel:7628 gmane.lisp.gcl.devel:6053 gmane.emacs.devel:47353 Archived-At: Emil, If you can find the SELinux people please tell them to start using GCL as a test case for their ideas. Apparently they seem to believe that there is no reason for self-modifying code, executable heap objects, stack execution, dynamic load/store/link, etc. We in the lisp community are finding SELinux to be less than useful and, as you can see, the general solution is to "turn it off". While I agree with SELinux in principle it seems that every new release adds yet another mindless breakage. The least they could do is issue an advisory bulletin on how to make lisp work with their new restrictions each month. It would save us a lot of debugging. A frustrated maintainer, Tim ------- Start of forwarded message ------- To: Juho Snellman Cc: Matt Kaufmann , Sandip Ray , gcl-devel@gnu.org, emacs-devel@gnu.org, root , axiom-developer@nongnu.org Subject: Re: [Gcl-devel] Re: unexec and fedora core 4 From: Camm Maguire Date: 09 Dec 2005 16:43:44 -0500 In-Reply-To: <54wtiee1up.fsf@intech19.enhanced.com> User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 Content-Type: text/plain; charset=us-ascii Greetings! OK, here is what I believe now to be the case -- the SELinux option allow_execmem, which is 'active' on the bad box, is causing the problem. All is well if one takes the drastic action of sudo /bin/sh -c "/usr/sbin/setenforce 0" but will probably allso work if one changes /etc/selinux/strict/src/policy/domains/user.te:bool allow_execmem false; to /etc/selinux/strict/src/policy/domains/user.te:bool allow_execmem true; and sudo /bin/sh -c "cd /etc/selinux/strict/src/policy && make load" though I have not confirmed this not wanting to hose the machine in question. The security people appear to persist in their (IMHO quite erroneous) assumption that there is no legitimate need for an executable heap. Tim Daly likely has further thoughts on this, but I saw the comment again here: http://copilotconsulting.com/mail-archives/selinux.2005/msg02006.html Take care, Camm Maguire writes: > Juho Snellman writes: > > > wrote: > > > Greetings! I am a developer of GCL, which shares unexec with emacs. > > > I have noticed on certain recent Fedora Core 4 machines, binaries > > > produced with unexec cannot mprotect memory (allocated with brk) > > > PROT_EXEC (returning EACCESS, i.e. permission denied), whereas > > > binaries output by ld can do so just fine. This does not vary with > > > exec-shield or randomize_va_space settings, and appears quite machine > > > specific. The same binary which functions perfectly normally on one > > > fc4 machine shows this failure only on another machine. I have as yet > > > been unable to correlate this with dynamic library placement, or other > > > settings in /proc/sys. > > > > Just a guess, but this might be related to SELinux. Do the machines > > have differences in /etc/selinux/config? > > > > Bingo! (I think) The config files are identical, but the problem > machine has a 'strict' subdirectory with a host of files and options. > Any idea of what I should look for herein, and what this could have to > do with unexec vs ld? > > Thank you so much! > > > -- > > Juho Snellman > > > > > > > > _______________________________________________ > > Gcl-devel mailing list > > Gcl-devel@gnu.org > > http://lists.gnu.org/mailman/listinfo/gcl-devel > > > > > > > > -- > Camm Maguire camm@enhanced.com > ========================================================================== > "The earth is but one country, and mankind its citizens." -- Baha'u'llah > > > _______________________________________________ > Gcl-devel mailing list > Gcl-devel@gnu.org > http://lists.gnu.org/mailman/listinfo/gcl-devel > > > - -- Camm Maguire camm@enhanced.com ========================================================================== "The earth is but one country, and mankind its citizens." -- Baha'u'llah ------- End of forwarded message -------