public inbox for gentoo-hardened@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Javier J. Martínez Cabezón" <tazok.id0@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] Which hardened kernel feature disables wine?
Date: Tue, 13 Jan 2009 21:16:16 +0100	[thread overview]
Message-ID: <897813410901131216r3096e801w2c8fd1c1d22b8da0@mail.gmail.com> (raw)
In-Reply-To: <1231877371.14355.33.camel@hangover>

I would remove first mprotect and segmexec and test.

2009/1/13 Ned Ludd <solar@gentoo.org>:
> On Tue, 2009-01-13 at 11:00 -0800, Grant wrote:
>> I'm using the grsecurity "Gentoo (workstation)" setting in my hardened
>> kernel, but trying to use wine I get this:
>>
>> err:heap:HEAP_GetPtr Invalid heap (nil)!
>> err:heap:HEAP_GetPtr Invalid heap (nil)!
>> err:module:attach_process_dlls "KERNEL32.dll" failed to initialize, aborting
>> err:module:LdrInitializeThunk Main exe initialization for
>> L"C:\\windows\\system32\\wineboot.exe" failed, status c0000005
>>
>> If I remove grsecurity from the kernel, wine works fine.  Does anyone
>> know how to fix this or which grsecurity option I can disable to
>> enable wine?
>
>
> You don't want to go into the kernel and start disabling features as
> that would be the wrong fix. No reason to downgrade system wide security
> for one app. You want to use paxctl -flags /path/to/wine-loader
>
> Personally I'm lazy and would just do.
> paxctl -permsx $(qlist -oe wine)
>
>
>
> --
> Ned Ludd <solar@gentoo.org>
> Gentoo Linux
>
>
>



  reply	other threads:[~2009-01-13 20:16 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-01-13 19:00 [gentoo-hardened] Which hardened kernel feature disables wine? Grant
2009-01-13 19:42 ` Javier J. Martínez Cabezón
2009-01-13 20:09 ` Ned Ludd
2009-01-13 20:16   ` Javier J. Martínez Cabezón [this message]
2009-01-13 20:27   ` Thomas Sachau
2009-01-13 21:06     ` Grant
2009-01-13 21:30       ` Ned Ludd
2009-01-14  3:19         ` Grant
2009-01-14  3:55           ` Ned Ludd
2009-01-14 17:49             ` Grant
2009-01-14 17:07               ` pageexec
2009-01-15 16:13                 ` Grant

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=897813410901131216r3096e801w2c8fd1c1d22b8da0@mail.gmail.com \
    --to=tazok.id0@gmail.com \
    --cc=gentoo-hardened@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox