[Haskell-cafe] GHC 6.6.1 and SELinux issues
Alexander Vodomerov
alexander.vodomerov at gmail.com
Wed Aug 29 14:40:41 EDT 2007
On Wed, Aug 29, 2007 at 08:41:12AM -0700, Bryan O'Sullivan wrote:
> The underlying problem is harder to fix: the default SELinux policy doesn't
> allow PROT_EXEC pages to be mapped with PROT_WRITE, for obvious reasons.
> The solution is expensive in terms of address space and TLB entries: map
> the same pages twice, once only with PROT_EXEC, and once only with
> PROT_WRITE.
Just for experiment I've removed PROT_EXEC from my_mmap function in
rts/MBlock.c and recompiled GHC. The resulting GHC was able to compile
itself and my code. Binaries, produced by it worked fine with SELinux.
However, another problem related to GHCi ocurred. More details are
available at the 738 ticket you mentioned.
So it is not clear if GHC does really need this PROT_EXEC. Can someone
familiar with GHC internals answer why PROT_EXEC is used in getMBlocks?
> There's already a Trac ticket filed against this problem, but Simon Marlow
> marked it as closed because he couldn't test the code he wrote to try to
> fix it, and nobody stepped in to help out at the time:
> http://hackage.haskell.org/trac/ghc/ticket/738
Yes, I reopened the bug some days ago. I can also provide a shell access
to Simon Marlow (or someone else willing to help) on a machine to
experiment with. Both x86 and x86_64 boxes are available.
With best regards,
Alexander.
More information about the Haskell-Cafe
mailing list