Arch Linux x86_64 Kernel: 3.6.4-2-grsec No problems when booting with normal -ARCH kernel No problems with full PaX settings on polkit-0.105 Setting paxctl -cPEmRXS /usr/lib/polkit-1/polkitd Dose NOT solve the problem, Only fixes the RWX line I really, really do not want to lessen security of polkit. Errors like this... [code] grsec: denied RWX mmap of <anonymous mapping> by /usr/lib/polkit-1/polkitd[polkitd:1588] uid/euid:102/102 gid/egid:102/102, parent /usr/lib/systemd/systemd[systemd:1] grsec: Segmentation fault occurred at 0000000000000010 in /usr/lib/polkit-1/polkitd[polkitd:1588] grsec: bruteforce prevention initiated against uid 102, banning for 15 minutes systemd[1]: Failed to start Authorization Manager. dbus-daemon[406]: dbus[406]: [system] Failed to activate service 'org.freedesktop.ConsoleKit': timed out dbus[406]: [system] Failed to activate service 'org.freedesktop.ConsoleKit': timed out dbus-daemon[406]: dbus[406]: [system] Failed to activate service 'org.freedesktop.PolicyKit1': timed out dbus[406]: [system] Failed to activate service 'org.freedesktop.PolicyKit1': timed out [/code]
Awe, you know paxctl -cPEmRXS /usr/lib/polkit-1/polkitd dose seem to fix the polkit problems. Then the rest of my problems are caused by systemd and D-Bus. However I stand by my clame that needing to disable MPROTECT on polkitd is a Bug.
Correction both MPROTECT & RANDMMAP off for polkitd This is a problem. Policy Kit needs to have high security.
There is no support for pax in upstream polkit. Seems like an Arch problem to me, suggest to file it there.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.