blog/How To Get Cabal Working with PaX

Unfortunately, modern haskell seems to generate code which needs special exceptions granted to it to by the PaX patch to the kernel using paxctl. Since cabal compilation often involves building temporary executables and then running them immediately, this is impossible to achieve when running paxctl by hand. So, I came up with the following solution.

First, I created a shim script which will take the place of the normal linker (gcc):

gcc "$@"
while [[ $# -gt 0 ]]
        if [[ "$1" == "-o" ]]
        then    paxctl -cm "$2"

This script simply runs the linker as normal by passing all of the options that it was given to the linker. Then it finds -o options that indicate the output files of the linker and runs paxctl on them. Finally, when running cabal install we can give it the following option to instruct it to instruct ghc to call our shim instead of the usual linker:

--ghc-options="-pgml linkpax"