Is it possible to run any BOINC project on system with PaX? I have rebuilt my gentoo to hardened and now I can't computing rosetta jobs.
Thanks

---

It looks like you saw some download errors when the servers were having network problems. But you are now running normally??

---

Rosetta Moderator: Mod.Sense

My hardened gentoo machine runs normal (with good connection to net).

Rosseta: When I have downloaded a job PaX kill the process such this:
(/var/log/pax.log)
PAX: execution attempt in: <anonymous mapping>, 00ff3000-00ff4000 00ff3000
PAX: terminating task: /var/lib/boinc/projects/boinc.bakerlab.org_rosetta/minirosetta_1.47_x86_64-pc-linux-gnu(minirosetta_1.4):24643, uid/euid: 101/101, PC: 0000000000ff3000, SP: 00000000fbcd4740
PAX: bytes at PC: 53 29 c9 ba 78 02 00 00 89 e6 89 e7 29 db e8 b5 00 00 00 8d
PAX: bytes at SP-8:

Jobs in boinc client stay at 0% in run status.

When I use command for trying utilize PaX protection:
# paxctl -C /var/lib/boinc/projects/boinc.bakerlab.org_rosetta/minirosetta_1.47_x86_64-pc-linux-gnu
job gets 100% and Error status and waiting for upload.

Other Projects: On the computer Im joinned in SIMAP and Malariacontrol too but from these projects I never dowlnoad jobs at the this time. I dont know why. It seems that problem is not at my side.

---

Other Projects: On the computer Im joinned in SIMAP and Malariacontrol too but from these projects I never dowlnoad jobs at the this time. I dont know why. It seems that problem is not at my side.

SIMAP has work for only a few days at the begining of each month. The rest of the month they usually have no work. Malariacontrol recently announced they are no longer able to supply steady work.

You may have your own special reasons for hardening your Debian system, perhaps it is a server, for example. However, if the only reason for hardening is to protect your system from BOINC then remember that installing BOINC from Debian repositories makes BOINC run under its own account which is more secure than the old method of installing BOINC on Linux. The old method runs BOINC under your own account which gives BOINC and the science applications read and write access to your personal files which is not very secure.

---

BOINC FAQ Service
Official BOINC wiki
Installing BOINC on Linux

I use Gentoo, not Debian. I'm using BOINC client from portage. It runs as daemon under its own account.
Yes I prepare computer for server, not just for BOINC protection. But I want run BOINC on it.

---

I've got this problem too... tasks get downloaded and are "finished" just seconds after it.

I think the main problem here is that the minirosetta binaries (minirosetta_2.17_x86_64-pc-linux-gnu and minirosetta_graphics_1.92_x86_64-pc-linux-gnu) don't have a PT_PAX_FLAGS program header.

Running the minirosetta binary as boinc user produces:
boinc@host ~/projects/boinc.bakerlab.org_rosetta $ ./minirosetta_2.17_x86_64-pc-linux-gnu
PROT_EXEC|PROT_WRITE failed.

The use of chpax or paxctl doesn't help much since boinc is checking the file size and the signature of the binaries (so works as designed ;) ).

I guess the easiest way to resolve this problem is either to add the PAX-header to the default binaries or to add them to a different tree special for hardened kernel users.

Sorry for my bad english btw. :(

Hello Everybody!


I've got similar problem like lacio and bananajoe.

I've got a server running Gentoo Hardened, but it's running on KVM machine (some info on the bottom).
Boinc starts, it's able to connect, download data, but...

Running it as usual via /etc/init.d/boinc start doesn't work it stops on "waiting net". It doesn't matterr running it no screen via command lne works great.

But each task ends with "computation error" I've no idea why. Pax/grsec doesn't kill te task (i can see nothing about it in logs) but i can't end computation.

Maybe the problem is in virtual cpu ?

processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 2
model name      : QEMU Virtual CPU version 0.13.0
stepping        : 3
cpu MHz         : 2806.420
cache size      : 4096 KB
fpu             : yes
fpu_exception   : yes
cpuid level     : 4
wp              : yes
flags           : fpu de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good pni cx16 popcnt hypervisor lahf_lm
bogomips        : 5614.16
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual

processor       : 1
vendor_id       : GenuineIntel
cpu family      : 6
model           : 2
model name      : QEMU Virtual CPU version 0.13.0
stepping        : 3
cpu MHz         : 2806.420
cache size      : 4096 KB
fpu             : yes
fpu_exception   : yes
cpuid level     : 4
wp              : yes
flags           : fpu de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good pni cx16 popcnt hypervisor lahf_lm
bogomips        : 5614.16
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual

Do You have any ideas how to made boinc to compute?


Thank's a lot for You help.

Best wishes from Poland :)