libGL.so
Posted: Fri Aug 14, 2015 8:44 amHi, I'm new to Grsecurity so this may seem dumb. My distro is Arch Linux and I've installed linux-grsec and installed paxd to enable PaX but I'm continually needing to add em exceptions to pax.conf to deal with breakages due to executable that link to /usr/lib/mesa/libGL.so.1.2.0 . The grsecurity log messages are in the form of:
Adding an exception to pax.conf of the form "em <path to executable>" fixes the problem for just that executable but there always
seems to be another breakage that involves another executable. At this rate I'll need to create "em" exceptions for
all graphical programs installed or disable MPROTECT, which in my mind kinda negates much of the use of PaX. Is there a better way of going about this .
Is there any way to create an exception for libGL.so.1.2.0?
Thanks
- Code: Select all
grsec: denied RWX mmap of /usr/lib/mesa/libGL.so.1.2.0 by /usr/lib/xfce4/notifyd/xfce4-notifyd[xfce4-notifyd:644] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/dbus-daemon[dbus-daemon:643] uid/euid:1000/1000 gid/egid:1000/1000
Adding an exception to pax.conf of the form "em <path to executable>" fixes the problem for just that executable but there always
seems to be another breakage that involves another executable. At this rate I'll need to create "em" exceptions for
all graphical programs installed or disable MPROTECT, which in my mind kinda negates much of the use of PaX. Is there a better way of going about this .
Is there any way to create an exception for libGL.so.1.2.0?
Thanks