On Mon, 12 Dec 2011 02:05:04 +0200 Alex Efros <power...@powerman.name> wrote:
> Hi! > > I've just updated to opera-11.60.1185 and firefox-bin-8.0. > Opera work just fine, Interesting and thanks, I have the same build but as I should have stated earlier just a GrSec+Pax kernel on arch linux and 11.52 works fine but 11.60 fails with ptrace denied by grsec. Do you have the following line set to y in your kernel config? "CONFIG_GRKERNSEC_HARDEN_PTRACE=y" > but firefox fail to start (hangs using 100% CPU) > because paxmarking -m isn't enough. To fix firefox paxmarking -r needed too: > paxctl -r /opt/firefox/firefox > > I'm using only GrSec+PaX, so there are may be also SELinux/RBAC related > issues. Yeah it's been like that for a while. I think gentoo-hardened automatically sets those pax flags. See this link. "http://hardenedgentoo.blogspot.com/2011/06/firefox-5-with-mprotect-onof-course.html"; -- Kc
