src/os/linux/vm/os_linux.cpp

@  rev 12744 : [mq]: paxcheck.01
|
o  rev 12743 : [mq]: paxcheck
|

*** 4751,4761 ****
      vm_exit_out_of_memory(size, OOM_MMAP_ERROR, "failed to allocate memory for PaX check.");
    }
  
    int res = ::mprotect(p, size, PROT_WRITE|PROT_EXEC);
    if (res == -1) {
!     vm_exit_during_initialization("failed to mark memory page as executable",
                                    "Please check if grsecurity/PaX is enabled in your kernel.\n"
                                    "\n"
                                    "For example, you can do this by running (note: you may need root privileges):\n"
                                    "\n"
                                    "    sysctl kernel.pax.softmode\n"
--- 4751,4761 ----
      vm_exit_out_of_memory(size, OOM_MMAP_ERROR, "failed to allocate memory for PaX check.");
    }
  
    int res = ::mprotect(p, size, PROT_WRITE|PROT_EXEC);
    if (res == -1) {
!     vm_exit_during_initialization("Failed to mark memory page as executable",
                                    "Please check if grsecurity/PaX is enabled in your kernel.\n"
                                    "\n"
                                    "For example, you can do this by running (note: you may need root privileges):\n"
                                    "\n"
                                    "    sysctl kernel.pax.softmode\n"
*** 4768,4778 ****
                                    "\n"
                                    "PaX includes security functionality which interferes with the dynamic code\n"
                                    "generation the JVM relies on. Specifically, the MPROTECT functionality as\n"
                                    "described on https://pax.grsecurity.net/docs/mprotect.txt is not compatible\n"
                                    "with the JVM. If you want to allow the JVM to run you will have to disable PaX.\n"
!                                   "You can do this on a per-executable basis using the paxctl tool.\n");
  
    }
  
    ::munmap(p, size);
  #endif
--- 4768,4785 ----
                                    "\n"
                                    "PaX includes security functionality which interferes with the dynamic code\n"
                                    "generation the JVM relies on. Specifically, the MPROTECT functionality as\n"
                                    "described on https://pax.grsecurity.net/docs/mprotect.txt is not compatible\n"
                                    "with the JVM. If you want to allow the JVM to run you will have to disable PaX.\n"
!                                   "You can do this on a per-executable basis using the paxctl tool, for example:\n"
!                                   "\n"
!                                   "    paxctl -cm bin/java\n"
!                                   "\n"
!                                   "Please note that this modifies the executable binary in-place, so may want\n"
!                                   "to make a backup of it first. Also note that you have to repeat this for other\n"
!                                   "executables like javac, jar, jcmd, etc.\n"
!                                   );
  
    }
  
    ::munmap(p, size);
  #endif