Skip to content

Commit

Permalink
Allow running on PaX kernels
Browse files Browse the repository at this point in the history
`ruby` needs the PaX MPROTECT flag disabled to run on PaX-enabled systems because of JIT. Mark it as such.
  • Loading branch information
xen0n committed Dec 30, 2017
1 parent 5201f76 commit 29fc2f5
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions assets/build/install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,11 @@ cd -
rm -rf /tmp/re2
DEBIAN_FRONTEND=noninteractive apt-get purge -y --auto-remove checkinstall

# PaX-mark ruby
# Applying the mark late here does make the build usable on PaX kernels, but
# still the build itself must be executed on a non-PaX kernel. It's done here
# only for simplicity.
paxctl -Cm `which ruby${RUBY_VERSION}`
# https://en.wikibooks.org/wiki/Grsecurity/Application-specific_Settings#Node.js
paxctl -Cm `which nodejs`

Expand Down

0 comments on commit 29fc2f5

Please sign in to comment.