Bugzilla – Bug 56628
polkit 0.107 Brakes PaX support
Last modified: 2013-01-09 19:56:59 UTC
Arch Linux x86_64
No problems when booting with normal -ARCH kernel
No problems with full PaX settings on polkit-0.105
Setting paxctl -cPEmRXS /usr/lib/polkit-1/polkitd
Dose NOT solve the problem, Only fixes the RWX line
I really, really do not want to lessen security of polkit.
Errors like this...
grsec: denied RWX mmap of <anonymous mapping> by /usr/lib/polkit-1/polkitd[polkitd:1588] uid/euid:102/102 gid/egid:102/102, parent /usr/lib/systemd/systemd[systemd:1]
grsec: Segmentation fault occurred at 0000000000000010 in /usr/lib/polkit-1/polkitd[polkitd:1588]
grsec: bruteforce prevention initiated against uid 102, banning for 15 minutes
systemd: Failed to start Authorization Manager.
dbus-daemon: dbus: [system] Failed to activate service 'org.freedesktop.ConsoleKit': timed out
dbus: [system] Failed to activate service 'org.freedesktop.ConsoleKit': timed out
dbus-daemon: dbus: [system] Failed to activate service 'org.freedesktop.PolicyKit1': timed out
dbus: [system] Failed to activate service 'org.freedesktop.PolicyKit1': timed out
Awe, you know paxctl -cPEmRXS /usr/lib/polkit-1/polkitd dose seem to fix the polkit problems. Then the rest of my problems are caused by systemd and D-Bus.
However I stand by my clame that needing to disable MPROTECT on polkitd is a Bug.
Correction both MPROTECT & RANDMMAP off for polkitd
This is a problem. Policy Kit needs to have high security.
There is no support for pax in upstream polkit. Seems like an Arch problem to me, suggest to file it there.