Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=808350
--- Comment #14 from Jerry James loganjerry@gmail.com --- The configure script src/racket/configure.ac does this:
if test "${check_for_mprotect}" = "yes" ; then [ msg="for mmap and mprotect" ] AC_MSG_CHECKING($msg) AC_TRY_RUN( [ #include <sys/mman.h> ] [ #include <fcntl.h> ] int main() { void *p; p = mmap(0, 2 << 16, PROT_READ | PROT_WRITE, MAP_PRIVATE, open("/dev/zero", O_RDWR), 0); mprotect(p, 2 << 16, PROT_READ | PROT_WRITE | PROT_EXEC); return 0; }, use_mprotect=yes, use_mprotect=no, use_mprotect=no) AC_MSG_RESULT($use_mprotect) if test "${use_mprotect}" = "yes" ; then AC_DEFINE(HAVE_MMAP_MPROTECT,1,[Have mmap and mprotect]) fi fi
That mprotect() call is what brings down the wrath of SELinux. Perhaps upstream could check for mmap() that accepts PROT_EXEC first, and only if that fails check for mprotect(). If you've got the former, you don't need the latter, and SELinux-enabled systems won't let you have the latter anyway.