Re: [Axiom-mail] Compile error

[root]

>> echo 0 >/proc/sys/kernel/exec-shield
>> echo 0 >/proc/sys/kernel/randomize_va_space
>>
>> (type fgrep echo faq to find the lines)
>
>So... the idea is that newer security models (I recently installed a
>SELinux enabled kernel, which might explain why I've just started
>seeing this) make life hard for some types of virus by making a clear
>distinction between executable memory and data memory, and by putting
>the executable memory in an unpredictable place.  But for some reason,
>this makes life hard for Axiom (or the underlying lisp) too; have I
>understood correctly?  The two echo commands disable these aspects of
>security models for all processes, whereas the setarch method given as
>an alternative in the FAQ disables them for one process only, right?
>
>In any case, I've now compiled successfully with the setarch method -
>although I have to use setarch -R to run Axiom as well.

Yes, you've understood the problem and the solution correctly.

The SELinux folks seem unable to understand that someone might want
to actually execute code out of the heap or stack memory. Or that
saving and restoring a process might be useful. Both have been
available in lisp implementations since the early days. I can only
conclude that the SELinux developers lack a good computer science
background. I've complained thru several channels without results.
It is yet another case of "better to be safe than useful" from the
security team. Then again, maybe they view lisp as a virus that
needs to be eradicated. Whatever the rational is, I'm sure it is
"classified" beyond my need to know.

An Annoyed Lisper,
Tim