< prev index next >
src/os/linux/vm/os_linux.cpp
Print this page
@ rev 12744 : [mq]: paxcheck.01
|
o rev 12743 : [mq]: paxcheck
|
*** 4751,4761 ****
vm_exit_out_of_memory(size, OOM_MMAP_ERROR, "failed to allocate memory for PaX check.");
}
int res = ::mprotect(p, size, PROT_WRITE|PROT_EXEC);
if (res == -1) {
! vm_exit_during_initialization("failed to mark memory page as executable",
"Please check if grsecurity/PaX is enabled in your kernel.\n"
"\n"
"For example, you can do this by running (note: you may need root privileges):\n"
"\n"
" sysctl kernel.pax.softmode\n"
--- 4751,4761 ----
vm_exit_out_of_memory(size, OOM_MMAP_ERROR, "failed to allocate memory for PaX check.");
}
int res = ::mprotect(p, size, PROT_WRITE|PROT_EXEC);
if (res == -1) {
! vm_exit_during_initialization("Failed to mark memory page as executable",
"Please check if grsecurity/PaX is enabled in your kernel.\n"
"\n"
"For example, you can do this by running (note: you may need root privileges):\n"
"\n"
" sysctl kernel.pax.softmode\n"
*** 4768,4778 ****
"\n"
"PaX includes security functionality which interferes with the dynamic code\n"
"generation the JVM relies on. Specifically, the MPROTECT functionality as\n"
"described on https://pax.grsecurity.net/docs/mprotect.txt is not compatible\n"
"with the JVM. If you want to allow the JVM to run you will have to disable PaX.\n"
! "You can do this on a per-executable basis using the paxctl tool.\n");
}
::munmap(p, size);
#endif
--- 4768,4785 ----
"\n"
"PaX includes security functionality which interferes with the dynamic code\n"
"generation the JVM relies on. Specifically, the MPROTECT functionality as\n"
"described on https://pax.grsecurity.net/docs/mprotect.txt is not compatible\n"
"with the JVM. If you want to allow the JVM to run you will have to disable PaX.\n"
! "You can do this on a per-executable basis using the paxctl tool, for example:\n"
! "\n"
! " paxctl -cm bin/java\n"
! "\n"
! "Please note that this modifies the executable binary in-place, so may want\n"
! "to make a backup of it first. Also note that you have to repeat this for other\n"
! "executables like javac, jar, jcmd, etc.\n"
! );
}
::munmap(p, size);
#endif
< prev index next >