New submission from Nils Breunese :
When I try to run iotop [0] on CentOS 5.6 on a kernel with grsecurity [1] then
iotop won't start because grsecurity is blocking Python because of its use of
the mprotect() system call.
Please see
http://www.atomicorp.com/wiki/index.php/ASL_FAQ#
Nils Breunese added the comment:
I got this error message in /var/log/messages when trying to start iotop:
Apr 13 08:49:37 hostname kernel: grsec: From xxx.xxx.xxx.xxx: denied RWX
mprotect of /lib64/ld-2.5.so by /usr/bin/iotop[iotop:9836] uid/euid:0/0
gid/egid:0/0, parent /bin/bash[bash
Nils Breunese added the comment:
I haven't had any problems with other Python applications like this, Python
seems fine otherwise.
I just noticed that iotop has a dependency on python-ctypes, which sounds like
it could be iotop doing the mprotect() calls via ctypes. Does that make
Nils Breunese added the comment:
I contacted the author of iotop and he told me iotop does not use mprotect (but
it does use dlopen).
Guess I'll have to do some more digging to find what is exactly doing the call
to mprotect.
--
___
P
