at my home server I used the arch linux-grsec kernel. Without any problems so far. Today there was the first problem:
I want to use the plex media server on my home server but not directly installed. I want use the plex docker container from "linuxserver.io". The start up of the container failed:
- Code: Select all
Aug 20 20:08:17 kernel: grsec: denied marking stack executable as requested by PT_GNU_STACK marking in /usr/lib/plexmediaserver/libgnsdk_dsp.so.3.07.7 by /usr/lib/plexmediaserver/Plex Media Server[Plex Media Serv:4586] uid/euid:1000/1000 gid/egid:995/995, parent /usr/sbin/start_pms[start_pms:4566] uid/euid:1000/1000 gid/egid:995/995
Aug 20 20:08:17 kernel: grsec: denied RWX mprotect of <stack> by /usr/lib/plexmediaserver/Plex Media Server[Plex Media Serv:4586] uid/euid:1000/1000 gid/egid:995/995, parent /usr/sbin/start_pms[start_pms:4566] uid/euid:1000/1000 gid/egid:995/995
I'm not so fit with grsecurity, so I started a search with google. Perhaps the best solution would be PaX exceptions but the problematic file is not accessible for setfattr:
- Code: Select all
# setfattr -n user.pax.flags -v "emr" /usr/lib/plexmediaserver/libgnsdk_dsp.so.3.07.7
setfattr: /usr/lib/plexmediaserver/libgnsdk_dsp.so.3.07.7: No such file or directory
It should be clear, because the file exists only in the container.
Currently I'm without any ideas and I hope you can give me a little hint. That would be nice
