You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have wrestled for a couple days with a deployment, and thought I would document my struggles for posterity, and others who may encounter a similar issue.
I have been trying to deploy an app to an Alpine Linux instance, using a grsecurity kernel. Every time i would do
require 'argon2
I would get an error (it was unreadable, but that's another issue)
RuntimeError: �M���
from ~/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/ffi-1.9.14/lib/ffi/library.rb:277:in `attach'
After much searching and tearing of hair by the roots (even creating a python wrapper for argon2 and attempting to invoke it from within the app,) I finally stumbled across a partial answer - the code was forbidden by the grsecurity-hardened kernel, specifically the 'mprotect' flag.
I was able to get the code to run by doing the following:
sudo paxctl -c ~/.rbenv/versions/2.3.1/bin/ruby # Convert the binary to using PT_PAX_FLAGS
sudo paxctl -m ~/.rbenv/versions/2.3.1/bin/ruby # disable MPROTECT
I am not sure of the implications of this change, or whether it can be resolved in a different way, but I thought I would put it here so that others could have their say.
On further research, the ffi README references this issue, here, although it was a pain linking this particular error to grsec.
The text was updated successfully, but these errors were encountered:
I have wrestled for a couple days with a deployment, and thought I would document my struggles for posterity, and others who may encounter a similar issue.
I have been trying to deploy an app to an Alpine Linux instance, using a grsecurity kernel. Every time i would do
require 'argon2
I would get an error (it was unreadable, but that's another issue)
After much searching and tearing of hair by the roots (even creating a python wrapper for argon2 and attempting to invoke it from within the app,) I finally stumbled across a partial answer - the code was forbidden by the grsecurity-hardened kernel, specifically the 'mprotect' flag.
I was able to get the code to run by doing the following:
I am not sure of the implications of this change, or whether it can be resolved in a different way, but I thought I would put it here so that others could have their say.
On further research, the ffi README references this issue, here, although it was a pain linking this particular error to grsec.
The text was updated successfully, but these errors were encountered: