riak-erlang segfault

Tomas Charvat tc at excello.cz
Wed Oct 17 17:28:13 EDT 2012


Hi jared, im not quite sure right now. I think it touch /proc due to file desriptor check. Since grsecutity prevent non root aps touching proc it cant run under riak user. Im sorry i cant provide more informations now. Problem is strictly related to kernels with grsecurity patch. There is also problem with mprotect  on beam.smp. It has to off. It can be done via paxctl -m /path/beam.smp

cheers
tomad


Jared Morrow <jared at basho.com> napsal(a):

>Tomas,
>
>Maybe I'm not following, but what in Riak is trying to access files in
>`/sys`?  Although we don't test on Gentoo, I'd like to enable you to
>install it without having to modify your kernel settings.
>
>Thanks,
>Jared
>
>On Tue, Oct 9, 2012 at 9:46 AM, Tomas Charvat <tc at excello.cz> wrote:
>
>>  We have manage to fix mentioned segfault byt disabling sysfs
>restriction
>> in hardened Gentoo kernel.
>> It has fixed segfault issues.
>> Sysfs/debugfs restriction
>>
>> *Configuration option: CONFIG_GRKERNSEC_SYSFS_RESTRICT*
>> If you say Y here, sysfs (the pseudo-filesystem mounted at /sys) and
>any
>> filesystem normally mounted under it (e.g. debugfs) will only be
>accessible
>> by root. These filesystems generally provide access to hardware and
>debug
>> information that isn't appropriate for unprivileged users of the
>system.
>> Sysfs and debugfs have also become a large source of new
>vulnerabilities,
>> ranging from infoleaks to local compromise.
>>
>> There has been very little oversight with an eye toward security
>involved
>> in adding new exporters of information to these filesystems, so their
>use
>> is discouraged.
>>
>> This option is equivalent to a chmod 0700 of the mount paths.
>> cheers
>> Tomas
>>
>>
>> On 10/07/2012 08:50 PM, Evan Vigil-McClanahan wrote:
>>
>> The first thing that strikes me is that you have HIPE enabled on your
>> erlang, and the version isn't the one we build with.  This isn't
>> something riak is usually happy with.
>>
>> If you're doing 1.2, try rebuilding riak with R15B01 compiled with
>> --diable-hipe.
>>
>> The config file is usually called app.config, as well, but that might
>> have been a typo on your part.
>>
>> On Sun, Oct 7, 2012 at 3:28 AM, Tomas Charvat <tc at excello.cz>
><tc at excello.cz> wrote:
>>
>>  Hallo, I have fresh system and Im getting segfaults with
>riak/erlang.
>> erl_crash.dump attached
>> Any tip what could be possible wrong ?
>> Bin /usr/lib64/riak/erts-5.9/bin/erlexec has same problem as
>> /usr/lib64/erlang/erts-5.9/bin/erlexec
>> Result is that riak cant find /etc/riak/app.conf
>> erl, erlc are working without any problem
>>
>> cheers
>> Tomas
>>
>> _______________________________________________
>> riak-users mailing
>listriak-users at lists.basho.comhttp://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>>
>>
>>
>> _______________________________________________
>> riak-users mailing list
>> riak-users at lists.basho.com
>> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20121017/b6271691/attachment.html>


More information about the riak-users mailing list