Error with grsec kernel

[fleadope]

I have wrestled for a couple days with a deployment, and thought I would document my struggles for posterity, and others who may encounter a similar issue.

I have been trying to deploy an app to an Alpine Linux instance, using a grsecurity kernel. Every time i would do

require 'argon2

I would get an error (it was unreadable, but that's another issue)

RuntimeError: �M���
from ~/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/ffi-1.9.14/lib/ffi/library.rb:277:in `attach'

After much searching and tearing of hair by the roots (even creating a python wrapper for argon2 and attempting to invoke it from within the app,) I finally stumbled across a partial answer - the code was forbidden by the grsecurity-hardened kernel, specifically the 'mprotect' flag.

I was able to get the code to run by doing the following:

sudo paxctl -c ~/.rbenv/versions/2.3.1/bin/ruby # Convert the binary to using PT_PAX_FLAGS
sudo paxctl -m ~/.rbenv/versions/2.3.1/bin/ruby # disable MPROTECT

I am not sure of the implications of this change, or whether it can be resolved in a different way, but I thought I would put it here so that others could have their say.

On further research, the ffi README references this issue, here, although it was a pain linking this particular error to grsec.

[technion]

Thanks for bringing this to my attention.

I've looked this over and can't really see a "fix" beyond documenting the one you found. I've updated the README accordingly.

[fleadope]

Thanks - I will keep my ears open, and advise if I hear anything...