Question: on the FFI github page, there is this warning:
On Linux systems running with PaX (Gentoo, Alpine, etc.), FFI may trigger mprotect errors. You may need to disable mprotect for ruby (paxctl -m [/path/to/ruby]) for the time being until a solution is found.
Would we need to worry about this at all on our supported platforms, if we start using FFI, LIBC, and getgrouplist? I don't know how PaX/mprotect works but it seems like even if a customer did have it installed we might be okay since we're only linking LIBC, and I'm sure that's already being used by Ruby. Figured it was worth asking the question though. |