R1Soft CDP 3.0 with Atomic Secured Linux and PAX
If you want to run R1Soft CDP 3.0 on a system protected by Atomic Secured Linux and the ASL enhanced kernel with PaX/grsecurity then you need to disable memory protection for the CDP 3.0 binary. You do this by using paxctl to set the NOMPROTECT flag for the CDP 3.0 binary.
/sbin/paxctl -m /usr/sbin/r1soft/bin/2-6/cdp-2-6
Unfortunately the CDP 3.0 binary lacks the PT_PAX_FLAGS header, so you will receive an error message along the lines of:
file /usr/sbin/r1soft/bin/2-6/cdp-2-6 does not have a PT_PAX_FLAGS program header, try conversion
The solution to this is to first use paxctl to run a conversion on the CDP 3.0 binary which should change the PT_GNU_STACK header to PT_PAX_FLAGS
/sbin/paxctl -c /usr/sbin/r1soft/bin/2-6/cdp-2-6
If this has worked then you should see a message along the lines of
file /usr/sbin/r1soft/bin/2-6/cdp-2-6 had a PT_GNU_STACK program header, converted
Now you should be able to use paxctl to set the NOMPROTECT flag on the CDP 3.0 binary without any errors. Now restart the R1Soft CDP 3.0 agent service and have fun backing up all your previous data 🙂