I previously reported a mysterious problem with saved images on fedora
core 4 (and some of the more recent FC 3 kernels with SWSUSP available
here (which are very useful):
http://mhensler.de/swsusp/download_en.php
The problem was that running saved images did not work: e.g. the pop11
command, which is equivalent to
basepop11 +startup
worked only randomly.
Later when I tried a machine running FC4, I thought the problem had been
solved, but when a colleague installed FC4 he reported the same problem
with saved images, though he could run basepop11 and compile the code
for the saved images, losing a little time whenever he started. Chris
Dollin also reported the problem.
Last June John Duncan wrote
> Have you seen this,
>
> http://dag.wieers.com/howto/compatibility/
>
> Seems like many of the security enhancements in Fedora Core
> might well interfere with Poplog. You could try turning them off one
> by one using these instructions and see what happens.
Today I finally tried using the information there, but was not
able to fix the problem until I made a lucky guess that worked.
That file states:
> Exec-shield randomizes VM mappings, this may confuse programs that do
> not expect this behaviour (and for that reason alone are considered
> broken).
>
> To disable it permanently system-wide, add the following to
> /etc/sysctl.conf:
> kernel.exec-shield-randomize = 0
> And make it effective by running:
> sysctl -w kernel.exec-shield-randomize=0
However when I tried that I got
kernel.exec-shield-randomize' is an unknown key
After searching for other things, I had the idea of reading the
man file for sysctl, where I found that '-a' shows the available
values. So I did
sysctl -a | grep rand
and got this as one of the outputs:
kernel.randomize_va_space = 1
So I tried (nervously)
sysctl -w kernel.randomize_va_space=0
and after that the saved images started every time!
So I have inserted the following in /etc/sysctl.conf
# Prevent problems starting saved images
kernel.randomize_va_space=0
I also later found this online discussion of the issue:
http://www.ussg.iu.edu/hypermail/linux/kernel/0504.3/1451.html
which is part of quite a long inconclusive thread about how to do
this on a per program basis instead of globally.
It seems that the randomize_va_space mechanism is designed to thwart
some viruses. My understanding is that other linux distributions do not
use it. It does not seem to be a good security mechanism for a general
linux installation if it can break random programs and there is no
easy way to turn it off for programs known to be 'safe'. (People
reported trying to use 'setarch' without success.)
Anyhow, this information should help users of FC4 or Redhat systems who
wish to use poplog and are willing to turn off a security measure that
is not included in other linux distributions.
I still have not found time to make the changes required to allow poplog
to be rebuilt or relinked in systems using gcc 4, but pre-built systems
seem to work. I am considering solving the problem temporarily by adding
three versions of basepop11 to the tar file, one linked without X,
one linked with X+motif and one linked with X but not motif.
But I don't know when I'll have time.
Aaron
|