Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Trouble emerging gcc (FEATURES=-sandbox doesn't work)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo on AMD64
View previous topic :: View next topic  
Author Message
makk
n00b
n00b


Joined: 15 Jul 2005
Posts: 8

PostPosted: Thu Aug 04, 2005 4:15 am    Post subject: Trouble emerging gcc (FEATURES=-sandbox doesn't work) Reply with quote

Every time I try to upgrade gcc, I get the error below. As recommended all over these forums, I tried: FEATURES=-sandbox USE=multilib emerge gcc ... but it fails with the same error.

I've managed to install everything else successfully, including the latest glibc, sandbox, portage, and emul-linux-x86-glibc. GCC still eludes me. I've read a lot on these forums about a script that upgrades from 2004 to 2005.0, only I never remember doing this...and I see that I'm currently at 2005.1. This might be part of the problem. When I do emerge -upv system, it doesn't find any packages that it needs to install. I even resorted to untarring a prepackaged gcc tarball from this site in an attempt to set everything back to "default", but all remains the same.

Here's the error I get when emerging gcc (typically fixed by FEATURES=-sandbox, too bad it doesn't work for me).

checking whether make sets $(MAKE)... yes
checking for x86_64-pc-linux-gnu-gcc... /var/tmp/portage/gcc-3.4.3-r1/work/build/gcc/xgcc -B/var/tmp/portage/gcc-3.4.3-r1/work/build/gcc/ -B/usr/x86_64-pc-linux-gnu/bin/ -B/usr/x86_64-pc-linux-gnu/lib/ -isystem /usr/x86_64-pc-linux-gnu/include -isystem /usr/x86_64-pc-linux-gnu/sys-include -m32
checking for C compiler default output file name... a.out
checking whether the C compiler works... configure: error: cannot run C compiled programs.
If you meant to cross compile, use `--host'.
See `config.log' for more details.
make[1]: *** [configure-target-libstdc++-v3] Error 1
make[1]: Leaving directory `/var/tmp/portage/gcc-3.4.3-r1/work/build'
make: *** [profiledbootstrap] Error 2


And in the file /var/tmp/portage/gcc-3.4.3-r1/work/build/x86_64-pc-linux-gnu/32/libstdc++-v3/config.log, I see:
configure:2442: result: a.out
configure:2447: checking whether the C compiler works
configure:2453: ./a.out
./a.out: error while loading shared libraries: /lib32/libc.so.6: cannot apply additional memory protection after relocation: Permission denied
configure:2456: $? = 127
configure:2465: error: cannot run C compiled programs.
If you meant to cross compile, use `--host'.

So it would appear my problem has something to do with hardened gentoo with libstdc++-v3.


Here's my emerge --info:

Portage 2.0.51.22-r2 (default-linux/amd64/2004.3, gcc-3.4.3, glibc-2.3.5-r0, 2.6.11-hardened-r15 x86_64)
=================================================================
System uname: 2.6.11-hardened-r15 x86_64 AMD Opteron(tm) Processor 246
Gentoo Base System version 1.6.13
ccache version 2.3 [disabled]
dev-lang/python: 2.3.5
sys-apps/sandbox: 1.2.11
sys-devel/autoconf: 2.13, 2.59-r6
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5
sys-devel/binutils: 2.15.92.0.2-r10
sys-devel/libtool: 1.5.18-r1
virtual/os-headers: 2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -fforce-addr -fomit-frame-pointer"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr//lib/mozilla/defaults/pref /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/alias /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -pipe -fforce-addr -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox sfperms strict"
GENTOO_MIRRORS="ftp://ftp.gtlib.cc.gatech.edu/pub/gentoo http://mirror.datapipe.net/gentoo http://csociety-ftp.ecn.purdue.edu/pub/gentoo/"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="amd64 X apache2 berkdb crypt cups foomaticdb gif gpm hardened hardenedphp jpeg kde multilib mysql mysqli ncurses pam pcre perl pic pie png ppds python qt readline ssl tcpd tiff truetype zlib userland_GNU kernel_linux elibc_glibc"
Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, PORTDIR_OVERLAY


Any help would be greatly appreciated.
Back to top
View user's profile Send private message
crazycat
l33t
l33t


Joined: 26 Aug 2003
Posts: 838
Location: Hamburg, Germany

PostPosted: Thu Aug 04, 2005 4:27 am    Post subject: Reply with quote

It looks like you are still on 2004.3 profile and missed something in the upgrade process.
Check here: http://www.gentoo.org/doc/en/gentoo-upgrading.xml Also do "gcc -v" and check if has "--enable-multilib" in it. Also check config.log.
Back to top
View user's profile Send private message
makk
n00b
n00b


Joined: 15 Jul 2005
Posts: 8

PostPosted: Thu Aug 04, 2005 4:33 am    Post subject: Reply with quote

crazycat wrote:
It looks like you are still on 2004.3 profile and missed something in the upgrade process.
Check here: http://www.gentoo.org/doc/en/gentoo-upgrading.xml Also do "gcc -v" and check if has "--enable-multilib" in it. Also check config.log.


It says --disable-multilib. But that's why I'm trying to re-emerge gcc :\

# gcc -v
Reading specs from /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.3/specs
Configured with: /var/tmp/portage/gcc-3.4.3-r1/work/gcc-3.4.3/configure --enable-version-specific-runtime-libs --prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/3.4.3 --includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.3/include --datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/3.4.3 --mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/3.4.3/man --infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/3.4.3/info --with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.3/include/g++-v3 --host=x86_64-pc-linux-gnu --disable-altivec --enable-nls --without-included-gettext --enable-__cxa_atexit --enable-clocale=gnu --with-system-zlib --disable-checking --disable-werror --disable-libunwind-exceptions --enable-shared --enable-threads=posix --disable-multilib --disable-libgcj --enable-languages=c,c++
Thread model: posix
gcc version 3.4.3 20041125 (Gentoo Linux 3.4.3-r1, ssp-3.4.3-0, pie-8.7.7)


The thing is, I already see a 2005.1 directory, so it's like I skipped a step a long time ago. So i'm afraid to apply a 2004 update to 2005.0 when I'm possibly already under a 2005.1 profile. What would be the proper procedure here? What can I do to take everything back down to 2004 and then re-emerge everything (aside from a complete reinstall)...which itself seems kind of like overkill considering everything else seems to be working properly.

I suppose I'll just take a leap of faith and apply that update script from 2004.3 to 2005.0 as described on the update profile instructions, and hope it doesn't break anything too badly :\
Back to top
View user's profile Send private message
makk
n00b
n00b


Joined: 15 Jul 2005
Posts: 8

PostPosted: Thu Aug 04, 2005 4:58 am    Post subject: Reply with quote

when i tried to execute the script 2004.3-2005.0upgrade.sh, it said permission denied because it didn't have +x. i dunno if that is intentional, and some other process sets it +x after some step. But anyway, after giving it +x and running it, i get this:

* Your compiler does not have multilib support. Pleasse switch to a multilib
* enabled compiler with gcc-config. If you don't have one on your system, you can
* emerga a multilib gcc by executing the following line:
* FEATURES=-sandbox USE=multilib emerge gcc

I don't know how to use gcc-config to do that, and the latter...well, that of course I already tried and is my problem. Re-emerging libstdc++-v3 also doesn't help.

Here's what gcc-config -l shows:

# gcc-config -l
[1] x86_64-pc-linux-gnu-3.4.3 *
[2] x86_64-pc-linux-gnu-3.4.3-hardened
[3] x86_64-pc-linux-gnu-3.4.3-hardenednopie
[4] x86_64-pc-linux-gnu-3.4.3-hardenednopiessp
[5] x86_64-pc-linux-gnu-3.4.3-hardenednossp
[6] x86_64-pc-linux-gnu-3.4.3-vanilla
Back to top
View user's profile Send private message
Albert_Alligator
Apprentice
Apprentice


Joined: 12 May 2004
Posts: 193
Location: Okefenokee Swamp

PostPosted: Thu Aug 04, 2005 6:09 am    Post subject: Reply with quote

ok, I don't know if this will solve your issue, but having multilib in your USE in make.conf, remove all of the gcc and glibc packages from distfiles in portage and re-emerge them. It worked for me and I now have multilib support. I however now have to follow the upgrade script precisely and hope (cross my fingers) that it works this time.

Hope that helps,

Cheers,

Al
_________________
As Socrates once said "I drank what?"
Back to top
View user's profile Send private message
makk
n00b
n00b


Joined: 15 Jul 2005
Posts: 8

PostPosted: Thu Aug 04, 2005 4:03 pm    Post subject: Reply with quote

Albert_Alligator wrote:
ok, I don't know if this will solve your issue, but having multilib in your USE in make.conf, remove all of the gcc and glibc packages from distfiles in portage and re-emerge them. It worked for me and I now have multilib support.


I really don't see how this will make any difference, but I'll give it a whirl.

So I guess you're suggesting I do:

rm -f /usr/portage/distfiles/gcc* /usr/portage/distfiles/*glibc*
emerge emul-linux-x86-glibc
emerge glibc
FEATURES=-sandbox emerge gcc

(my /etc/make.conf already has multilib in the USE flags)

Is that the correct order? Or should I emerge glibc first?
Back to top
View user's profile Send private message
crazycat
l33t
l33t


Joined: 26 Aug 2003
Posts: 838
Location: Hamburg, Germany

PostPosted: Thu Aug 04, 2005 4:21 pm    Post subject: Reply with quote

http://forums.gentoo.org/viewtopic-t-365941.html
The last post of it is what you have to do. The only other option is to migrate to 2005 no multilib profile. You cant compile multilib gcc from no-multilib one.
Back to top
View user's profile Send private message
OldTango
Guru
Guru


Joined: 21 Feb 2004
Posts: 496

PostPosted: Thu Aug 04, 2005 6:01 pm    Post subject: Reply with quote

makk wrote:
Quote:
clip:Portage 2.0.51.22-r2 (default-linux/amd64/2004.3, gcc-3.4.3, glibc-2.3.5-r0, 2.6.11-hardened-r15 x86_64)
clip:USE="amd64 X apache2 berkdb crypt cups foomaticdb gif gpm hardened hardenedphp jpeg kde multilib mysql mysqli ncurses pam pcre perl pic pie png ppds python qt readline ssl tcpd tiff truetype zlib userland_GNU kernel_linux elibc_glibc"
You are still using the 2004.3 profile according to the info you included and also using multilib so if your emerge info still says you are using the 2004.3 profile just do a
Code:
 USE="mulitlib" emerge gcc
this should build a multilib gcc. Then you can proceed to move to 2005.0 profile, either using the script or the manual method. Pay particular attention to the common problems section of the how to. If emerge info says you are using the 2005.0 profile you will need to go back to the 2004.3 and rebuild gcc with multilib.

To switch to another gcc compiler you would
Code:
gcc-config ?
#  ?= the number gcc-config -l lists
I would do a env-update after the switch. The * shows the compiler you are currently using.

I have no experience with the hardened sources, but I hope this helps.
Back to top
View user's profile Send private message
crazycat
l33t
l33t


Joined: 26 Aug 2003
Posts: 838
Location: Hamburg, Germany

PostPosted: Thu Aug 04, 2005 6:58 pm    Post subject: Reply with quote

@OldTango
from my experience on using and moving from 2004.3 things are not that simple and I think you are wrong. Also as makk sais he cant upgrade gcc so i think your suggestion wont work.
Quote:

USE="mulitlib" emerge gcc
Back to top
View user's profile Send private message
OldTango
Guru
Guru


Joined: 21 Feb 2004
Posts: 496

PostPosted: Thu Aug 04, 2005 9:29 pm    Post subject: Reply with quote

crazycat wrote:
Quote:
from my experience on using and moving from 2004.3 things are not that simple and I think you are wrong. Also as makk sais he cant upgrade gcc so i think your suggestion wont work.


crazycat: Now that I read makk's post again, I belive you are correct.

The specific error he is reporting suggests to me that his emul-linux-x86 libs are not upto date, but I could be wrong here. It may be worth doing a
Code:
emerge -pvu emul-linux-x86
to see what packages would be updated if any. If so update them and then rebuild gcc and maybe glibc as well, with multilib support.

makk: what is the output of
Code:
 qpkg -I -v | grep emul-linux-x86


Also worth reading the amd64 technotes. I noticed you didn't set a -march in your $CFLAGS which is required I belive for any version of gcc=>3.4.x
Back to top
View user's profile Send private message
makk
n00b
n00b


Joined: 15 Jul 2005
Posts: 8

PostPosted: Fri Aug 05, 2005 4:38 am    Post subject: Reply with quote

welp, i tried the steps in that link you pasted, crazycat, but unfortunately i still have the same problem. i even attempted to rename /emul (which is pointed to by /lib32 symlink) and then re-emerged emul-linux-x86-glibc, which first proceeded to re-emerge glibc. after that, i re-emerged gcc...same problem.

so then, i found a stage3 amd64 hardened tarball, so i followed the same steps in that link you pasted only with the stage3 tarball (typically i do stage1)...and hoped that it would replace my libc.so.6 with something that wouldn't yield that error i'm having: ./a.out: error while loading shared libraries: /lib32/libc.so.6: cannot apply additional memory protection after relocation: Permission denied

unfortunately, same error occurred. i have a bunch of 2.3.4 and 2.3.5 shared objects mixed in my /lib32 directory (which i assume is bad)...all the symlinks are pointing to the 2.3.5 files. out of desperation, i even attempted to make /lib32/libc.so.6 point to the 2.3.4 object. but again, same problem (and somehow the symlink was restored during the emerge gcc process).

so at this point i've pretty much exhausted all options short of a complete system reinstall. i wish someone could tell me a nice, simple way of building a clean gcc with multilib support from scratch (precompiled or otherwise), the same way that link describes to do it for glibc. would the steps be identical except replace glibc with gcc?

Pretty much the exact problem I'm having is the same as the one posted here: http://forums.gentoo.org/viewtopic-t-351086-highlight-.html. Unfortunately, that guy's so-called "solution" was to reinstall.

Before i do that, i will attempt an upgrade to the 2005.0 no-multilib profile. see if that gives me any more options.

OldTango, all my installed packages are the latest ones available...except for gcc (which i'm attempting to upgrade). all of them emerge without any problems. i added the -march=opteron flag to my cflags too...thanks for pointing that out (although unrelated to my problem).
Back to top
View user's profile Send private message
crazycat
l33t
l33t


Joined: 26 Aug 2003
Posts: 838
Location: Hamburg, Germany

PostPosted: Fri Aug 05, 2005 5:48 am    Post subject: Reply with quote

how about you make new partition or some loop device and make some filesystem on it.
Then bootstrap gentoo on it from stage 1. And then just use that quickpkg method or just copy the files over (Looks like reinstall anyway)
Is there any particular reason you dont want to reinstall?
Back to top
View user's profile Send private message
OldTango
Guru
Guru


Joined: 21 Feb 2004
Posts: 496

PostPosted: Fri Aug 05, 2005 7:51 am    Post subject: Reply with quote

makk wrote:
Quote:
OldTango, all my installed packages are the latest ones available...except for gcc (which i'm attempting to upgrade).
If you don't mind me asking to what version are you trying to upgrade gcc to. According to the info you have already posted you are using
Quote:
# gcc-config -l
[1] x86_64-pc-linux-gnu-3.4.3 *
[2] x86_64-pc-linux-gnu-3.4.3-hardened
[3] x86_64-pc-linux-gnu-3.4.3-hardenednopie
[4] x86_64-pc-linux-gnu-3.4.3-hardenednopiessp
[5] x86_64-pc-linux-gnu-3.4.3-hardenednossp
[6] x86_64-pc-linux-gnu-3.4.3-vanilla
Which is the latest stable gcc version in portage as far as I know, so I quess you lost me here...........................:?

FYI:
Quote:
unfortunately, same error occurred. i have a bunch of 2.3.4 and 2.3.5 shared objects mixed in my /lib32 directory (which i assume is bad)...all the symlinks are pointing to the 2.3.5 files. out of desperation, i even attempted to make /lib32/libc.so.6 point to the 2.3.4 object. but again, same problem (and somehow the symlink was restored during the emerge gcc process).
The 2.3.4 and 2.3.5 are versions of glibc.
You are currenly using
Quote:
glibc-2.3.5-r0
which I assume you have upgraded to recently. Why you have the 2.3.4 stuff still there I have no clue. Gcc multilib uses these libs to build and if there broke or incompatible it will fail.

I'm sorry I can't be of more help.................................:(
Back to top
View user's profile Send private message
Shapemaker
n00b
n00b


Joined: 22 Aug 2004
Posts: 64
Location: Finland

PostPosted: Mon Aug 08, 2005 12:19 am    Post subject: Reply with quote

First, emerge chpax and paxctl if they're not installed already.

Then, see what
Code:
paxctl -v /lib32/libc.so.6

says. If it is something like this:
Code:
- PaX flags: -----m-x-e-- [/lib32/libc.so.6]
        MPROTECT is disabled
        RANDEXEC is disabled
        EMUTRAMP is disabled

you're ok. If not, run
Code:
paxctl -mxe /lib32/libc.so.6

I suppose you're running to the problem of PaX terminating your 32-bit processes with no reason. When you get the error about "cannot apply additional memory protection...", are there any PaX entries in the system log (dmesg). Just out of curiosity, what does the following command show:
Code:
grep PAX /usr/src/linux/.config | grep -v "#"

Also, you could just boot with a non PaX-enabled kernel to compile gcc, and then boot again with PaX...

And BTW, you're definitely on 2004.3 if your /usr/lib32 is a symlink to /emul/...
Under 2005.0 /lib32 and /usr/lib32 are directories, not symlinks.
_________________
"Intellectual Property" should be an affront to anyone capable of independent thought.
Back to top
View user's profile Send private message
eradicator
Retired Dev
Retired Dev


Joined: 01 Apr 2003
Posts: 144
Location: Berkeley, CA

PostPosted: Tue Aug 09, 2005 2:03 am    Post subject: Reply with quote

hardened multilib is not supported in the kernel, so if you want to use a hardened kernel, your 32bit applications (including parts of gcc) might not function right.
_________________
Gentoo Developer: amd64, sparc, sound, toolchain, accessibility
Back to top
View user's profile Send private message
Shapemaker
n00b
n00b


Joined: 22 Aug 2004
Posts: 64
Location: Finland

PostPosted: Tue Aug 09, 2005 9:36 pm    Post subject: Reply with quote

eradicator wrote:
hardened multilib is not supported in the kernel, so if you want to use a hardened kernel, your 32bit applications (including parts of gcc) might not function right.

And NOW you decline to tell us that. I've been having miscellaneous 32-bit problems with PAX on my AMD64 multilib system, and I haven't been able to pinpoint exactly why some problems occur (VMware, Wine, Cedega woes). This is the first time that I see a dev mention that multilib is not compatible with hardened kernel. Why did it take so long? I haven't seen that info anywhere else yet.

So, what problems exactly and how to fix them?

I must really say that the hardened Gentoo documentation needs a serious overhaul. I still have several unsolved problems, which relate directly to 2005.0 multilib, and no-one seems to know what to do about them.
_________________
"Intellectual Property" should be an affront to anyone capable of independent thought.
Back to top
View user's profile Send private message
makk
n00b
n00b


Joined: 15 Jul 2005
Posts: 8

PostPosted: Tue Aug 09, 2005 9:39 pm    Post subject: Reply with quote

Code:

# grep PAX /usr/src/linux/.config | grep -v "#"
CONFIG_PAX=y
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
CONFIG_PAX_NO_ACL_FLAGS=y
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_MPROTECT=y
CONFIG_PAX_NOELFRELOCS=y
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y


Code:

# paxctl -v /lib32/libc.so.6
PaX control v0.2
Copyright 2004 PaX Team <pageexec@freemail.hu>

- PaX flags: -----m-x---- [/lib32/libc.so.6]
        MPROTECT is disabled
        RANDEXEC is disabled


EMUTRAMP was enabled I guess, so I did as you suggested with paxctl -mxe /lib32/libc.so.6 and got the correct flags.

Code:

# paxctl -v /lib32/libc.so.6
PaX control v0.2
Copyright 2004 PaX Team <pageexec@freemail.hu>

- PaX flags: -----m-x-e-- [/lib32/libc.so.6]
        MPROTECT is disabled
        RANDEXEC is disabled
        EMUTRAMP is disabled


Then I tried to re-emerge gcc again but I still got the same error with libstdc++-v3:

configure:2453: ./a.out
./a.out: error while loading shared libraries: /lib32/libc.so.6: cannot apply additional memory protection after relocation: Permission denied

Maybe the lack of hardened multilib support in the kernel like eradicator said makes this problem unresolvable. I see that I'm still under the 2004.3 profile, but I can't upgrade to 2005 until I can emerge a gcc with multilib support :/

I could attempt to boot into a non-hardened kernel like you suggested to emerge gcc, but I'm not sure if that is recommended. It's looking more and more like I have to choose between a hardened 2005 no-multilib profile, the status-quo, or a non-hardened 2005 multilib profile. I think I'll go with hardened no-multilib 2005. I have no real use for multilib anyway. Although I can't seem to upgrade grub either now, as it seems to require a gcc with multilib support :(
Back to top
View user's profile Send private message
Shapemaker
n00b
n00b


Joined: 22 Aug 2004
Posts: 64
Location: Finland

PostPosted: Tue Aug 09, 2005 9:54 pm    Post subject: Reply with quote

makk wrote:
[...]
Then I tried to re-emerge gcc again but I still got the same error with libstdc++-v3:

configure:2453: ./a.out
./a.out: error while loading shared libraries: /lib32/libc.so.6: cannot apply additional memory protection after relocation: Permission denied

Maybe the lack of hardened multilib support in the kernel like eradicator said makes this problem unresolvable. I see that I'm still under the 2004.3 profile, but I can't upgrade to 2005 until I can emerge a gcc with multilib support :/

I could attempt to boot into a non-hardened kernel like you suggested to emerge gcc, but I'm not sure if that is recommended. It's looking more and more like I have to choose between a hardened 2005 no-multilib profile, the status-quo, or a non-hardened 2005 multilib profile. I think I'll go with hardened no-multilib 2005. I have no real use for multilib anyway. Although I can't seem to upgrade grub either now, as it seems to require a gcc with multilib support :(

Well, so there's something more which requires the PaX flag -m (disable MPROTECT) to work. It really is that simple. What happens is that PaX kills the process, which should not happen (an oversimplification, I know...). You can safely compile another kernel, which does not have PaX, boot it and compile multilib gcc under it. Then just boot back with your normal hardened kernel. Should Work(TM).

---

On second thought, now that I compared my and your kernel PaX configurations more carefully, I noticed I have MPROTECT disabled in my hardened kernel, while you have it on.

Do this: build another (hardened) kernel with MPROTECT disabled, install and boot it. I would recommend giving it a distinctive extra version string to differentiate it from your normal kernel. Or then you could just do away with MPROTECT altogether. This Definitely Should Work(TM). A little loss, but the rest of the system works (mostly).

Here's my kernel PaX configuration for reference:
Code:
CONFIG_PAX=y
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
CONFIG_PAX_NO_ACL_FLAGS=y
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y

_________________
"Intellectual Property" should be an affront to anyone capable of independent thought.
Back to top
View user's profile Send private message
eradicator
Retired Dev
Retired Dev


Joined: 01 Apr 2003
Posts: 144
Location: Berkeley, CA

PostPosted: Tue Aug 09, 2005 10:35 pm    Post subject: Reply with quote

Shapemaker wrote:

I must really say that the hardened Gentoo documentation needs a serious overhaul. I still have several unsolved problems, which relate directly to 2005.0 multilib, and no-one seems to know what to do about them.


What are your problems? Are they all on a hardened system? Check out hardened.gentoo.org. It says in the documentation that multilib hardened is not supported. The problem is that the kernel doesn't support it. If you're a developer and want to help with this endeavour, talk with the pax team. There's nothing we can do on a distribution level.
_________________
Gentoo Developer: amd64, sparc, sound, toolchain, accessibility
Back to top
View user's profile Send private message
eradicator
Retired Dev
Retired Dev


Joined: 01 Apr 2003
Posts: 144
Location: Berkeley, CA

PostPosted: Tue Aug 09, 2005 10:36 pm    Post subject: Reply with quote

makk wrote:
I could attempt to boot into a non-hardened kernel like you suggested to emerge gcc, but I'm not sure if that is recommended. It's looking more and more like I have to choose between a hardened 2005 no-multilib profile, the status-quo, or a non-hardened 2005 multilib profile. I think I'll go with hardened no-multilib 2005. I have no real use for multilib anyway. Although I can't seem to upgrade grub either now, as it seems to require a gcc with multilib support :(


If you're using hardened, you should be using the hardened amd64 profiles rather than the default-linux/amd64 ones.
_________________
Gentoo Developer: amd64, sparc, sound, toolchain, accessibility
Back to top
View user's profile Send private message
Shapemaker
n00b
n00b


Joined: 22 Aug 2004
Posts: 64
Location: Finland

PostPosted: Wed Aug 10, 2005 12:13 am    Post subject: Reply with quote

eradicator wrote:
What are your problems? Are they all on a hardened system? Check out hardened.gentoo.org. It says in the documentation that multilib hardened is not supported. The problem is that the kernel doesn't support it. If you're a developer and want to help with this endeavour, talk with the pax team. There's nothing we can do on a distribution level.

My problems are mostly incompatibilities with currently installed glibc and emul-* libraries. Also, I had to fight the problem which is the current topic, some time ago. Now glibc-2.3.5-r1 refuses to compile under itself (bombs out with long double error), but compiles fine under glibc-2.3.5. glibc-2.3.5-r1 also seems to be more buggy with 32-bit emulation as far as I can tell. VMware and Mathematica both refuse to work with it.

32-bit support seems to be a bit problematic right now. VMware and Mathematica are especially picky about which options in kernel PaX configuration are enabled. Fortunately trying out the combination gdb/strace/paxctl/chpax usually helps. Still, it would have been very helpful to know that multilib is not supported on hardened kernel.

Which brings me to the second point: there is NO mention of multilib being incompatible with hardened kernel at hardened.gentoo.org that I was able to find. I specifically went through all the docs there, and also searched with browser's search function (I crisscrossed with hardened and multilib). No hits. Also amd64 documentation makes no mention about hardened/multilib incompatibilities. So there. If I am mistaken, please point it out so that I can go back to my corner to sulk :(
_________________
"Intellectual Property" should be an affront to anyone capable of independent thought.
Back to top
View user's profile Send private message
KranZ
n00b
n00b


Joined: 10 Aug 2005
Posts: 1

PostPosted: Wed Aug 10, 2005 7:47 pm    Post subject: Reply with quote

makk, are you running dual opterons?
Back to top
View user's profile Send private message
acc.johnson
n00b
n00b


Joined: 21 Mar 2005
Posts: 57

PostPosted: Sat Aug 13, 2005 7:17 am    Post subject: switching from 2004.3 to 2005.1 profile Reply with quote

Did you ever manage to upgrade to multilib gcc and from 2004.3 to 2005.1?
I had a similar problem with grub not updating (it apparently doesn't compile in a pure 64-bit
architecture) so I tried emerging it using multilib but got error about "unable to execute a.out"
So I recompile gcc but still no luck. Then googling for "multilib gcc sandbox" I came across your post.
After reading your post I realized I too had 2004.3 profile (I installed gentoo just this past March
and followed the amd64 installation guide to the letter but apparently nothing was said about choosing
between profiles). Since March I've been doing weekly `emerge sync` && `emerge world`
with not too many problems (other than tediously updating with etc-update) So I thought my system
was OK and up-to-date until today's problem with grub.
So I tried running the conversion script but it failed on glibc complaining about
"if I meant to crosscompile I should use --host. So I then tried the manual directions but I was missing
/emul/linux/x86/usr/lib32/libc.so and /emul/linux/x86/usr/lib32/libpthread.so. So I then emerged
glibc, gcc and emul-linux and then both glibc and gcc failed to compile and I was now very upset.
So I googled some more and found the following method on how to repair the gentoo toolchain and
upgrade from 2004.3 to 2005.:
http://www.gentoo.org/proj/en/base/amd64/howtos/index.xml?part=1&chap=1#doc_chap1
Following 'Code Listing 10: How to fix unresolved symbols during 'emerge glibc''
I was finally able to upgrade to 2005.1 profile.
Back to top
View user's profile Send private message
crazycat
l33t
l33t


Joined: 26 Aug 2003
Posts: 838
Location: Hamburg, Germany

PostPosted: Sat Aug 13, 2005 1:24 pm    Post subject: Reply with quote

Just emerge grub-static.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo on AMD64 All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum