PaX headers (alpine as docker host)

[dodedodo]

Hey!

I couldn't get the thelounge/thelounge:3.0.1-alpine working on my docker host because the node executable was missing PaX headers. This resulted in the following error:

Attaching to thelounge
thelounge    |
thelounge    |
thelounge    | #
thelounge    | # Fatal error in , line 0
thelounge    | # Check failed: SetPermissions(protect_start, protect_size, PageAllocator::kReadExecute).
thelounge    | #
thelounge    | #
thelounge    | #
thelounge    | #FailureMessage Object: 0x7d036384dc60t

The important thing to note here is that my docker host is running alpine linux, which employs its own fork of grsec. That's most likely the reason thelounge wouldn't work with my setup.

To circumvent this issue I've build the container using this dockerfile;

FROM thelounge/thelounge:3.0.1-alpine
RUN apk add --no-cache paxctl && paxctl -cm `which node`

paxctl

I don't fully understand the implications of adding these headers, so I wouldn't want to recommend this to other users. Could someone with a better understanding of PaX comment on this?

Thanks for reading!

---

Alpine linux V3.8.4
Kernel 4.9.65-1-hardened
Docker version 18.06.1-ce, build d72f525745