X Tutup
The Wayback Machine - https://web.archive.org/web/20200917211434/https://github.com/nodejs/docker-node/pull/845
Skip to content

/ docker-node

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Workaround "Segmentation fault" when run node on alpine linux #845

Open
wants to merge 3 commits into
base: master
from
Open

Workaround "Segmentation fault" when run node on alpine linux #845

wants to merge 3 commits into from
+4 −0

Conversation

@netaskd
Copy link

netaskd commented Aug 14, 2018

It's caused by gresec, it use jit for js, need exec for mmap, by default, this is not allowed, need add a pax header to disable MPROTECT.
original idea @wener:
https://jira.mongodb.org/browse/SERVER-31834?focusedCommentId=1720016&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-1720016
@netaskd
Fix "Segmentation fault" when run node on alpine linux
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
7257465 
It's caused by gresec, mongo use jit for js, need exec for mmap, by default, this is not allowed, need add a pax header to disable MPROTECT.
original idea @wener: 
https://jira.mongodb.org/browse/SERVER-31834?focusedCommentId=1720016&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-1720016
@nschonni
Copy link
Member

nschonni commented Aug 14, 2018

Should probably change in https://github.com/nodejs/docker-node/blob/master/Dockerfile-alpine.template and then use the update.sh to run the template on the images
@netaskd
Fix "Segmentation fault" when run node on alpine linux
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
79521fc 
It's caused by gresec, it use jit for js, need exec for mmap, by default, this is not allowed, need add a pax header to disable MPROTECT.
original idea @wener: 
https://jira.mongodb.org/browse/SERVER-31834?focusedCommentId=1720016&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-1720016
@netaskd
Copy link
Author

netaskd commented Aug 15, 2018

Hi @nschonni,
I've added it to the template.
@SimenB
Copy link
Member

SimenB commented Aug 15, 2018

If you run the update script it should update node 6 and 10 as well 🙂
@SimenB SimenB requested review from chorrell and LaurentGoderre Aug 15, 2018
@yosifkit
Copy link

yosifkit commented Aug 15, 2018

Not sure if this is 100% relevant, but this change could have consequences for non-hardened users too:

converting a GNU_STACK program header, which is not used by the PaX kernel, might later cause problems under other kernels if the object is exported

- https://wiki.gentoo.org/wiki/Hardened/PaX_Quickstart#Marking_for_PaX
@PeterDaveHello
PeterDaveHello requested changes Aug 23, 2018
View changes
Copy link
Member

PeterDaveHello left a comment

I wonder how would this process "fix" the problem, and the fix should be applied to the templates at repository root.
@LaurentGoderre
Copy link
Contributor

LaurentGoderre commented Dec 6, 2018

I feel uneasy disabling a protection put on Alpine. What causes this segfault?
@netaskd netaskd changed the title Fix "Segmentation fault" when run node on alpine linux Workaround "Segmentation fault" when run node on alpine linux Mar 17, 2019
@netaskd
Merge branch 'master' into master
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
597d8a2
@LaurentGoderre
Copy link
Contributor

LaurentGoderre commented Mar 17, 2019

The more I think about this, the more I think this should be applied to downstream images because it's not a change that is universally needed.
@paolobrasolin paolobrasolin mentioned this pull request May 1, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PeterDaveHello PeterDaveHello

@chorrell chorrell

@LaurentGoderre LaurentGoderre

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

6 participants
@netaskd @nschonni @SimenB @yosifkit @LaurentGoderre @PeterDaveHello
You can’t perform that action at this time.
X Tutup