grsecurity forums

[Stephane]

Hi all,

[ 13.096695] grsec: denied RWX mmap of <anonymous mapping> by /usr/bin/neutron-ovs-cleanup[neutron-ovs-cle:1339] uid/euid:108/108 gid/egid:115/115, parent /bin/dash[sh:1331] uid/euid:0/0 gid/egid:0/0
[ 19.365730] grsec: denied RWX mmap of <anonymous mapping> by /usr/bin/neutron-openvswitch-agent[neutron-openvsw:1658] uid/euid:108/108 gid/egid:115/115, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Both neutron-openvswitch-agent and /usr/bin/neutron-ovs-cleanup are python scripts so no way to convert PT_GNU_STACK or create PT_PAX_FLAGS...
I made a pax -cm on parent /bin/dash but the denied RWX mmap is still here after rebooting for neutron-ovs-cleanup... regarding /sbin/init, the file is busy of course so what is the solution ?

Thanks for your help !

[Stephane]

Ok, I made both paxctl in the upstart scripts and it worked (I had to reboot of course).
Sorry, thx

[PaX Team]

for scripts you need to put the pax flags on the interpreter, the parent process doesn't matter as children don't inherit the pax flags.

[Stephane]

Ok thanks, that's obvious basically, paxctled my python and everything's works fine now.