Jan de Groot wrote: > On Mon, 2009-08-24 at 01:25 +0200, Thomas Bächler wrote: > >> Jan de Groot schrieb: >> >>> On Sun, 2009-08-23 at 19:06 -0300, Gerardo Exequiel Pozzi wrote: >>> >>>> Hi >>>> >>>> Please revert the last commit[#1], mounting /dev as NOEXEC is incorrect. >>>> This break nvidia GLX extension, vmware, mplayer and possible others >>>> programs that uses mmap() with execute privilege. >>>> >>>> PS: I guess that setting a size is "redundant" >>>> >> I already asked Gerardo in private: Can anyone provide any reference as >> to why noexec will prevent programs from working? >> > > Some applications like the ones mentioned in the original post will mmap > files in /dev/ with the PROT_EXEC flag. When the filesystem is mounted > as noexec, these mmap operations will fail. Even if the program doesn't > execute anything used in the mmap operation, the whole mmap operation > will just fail when this flag is set on a noexec filesystem. > > > Exactly Example of starting X with nvidia: (EE) NVIDIA(0): Unable to map device node /dev/zero with read, write, and (EE) NVIDIA(0): execute privileges. The GLX extension will be disabled on (EE) NVIDIA(0): this X screen. Please see Chapter 8: Common Problems in (EE) NVIDIA(0): the README for more information. (EE) Failed to initialize GLX extension (Compatible NVIDIA X driver not found) -- Gerardo Exequiel Pozzi ( djgera ) http://www.djgera.com.ar KeyID: 0x1B8C330D Key fingerprint = 0CAA D5D4 CD85 4434 A219 76ED 39AB 221B 1B8C 330D
