GrapheneOS hardened_malloc — packaged for system-wide preloading on Linux.
Builds both variants from source, plus a libfake_rlimit.so shim for GTK4/glycin compatibility.
| File | Purpose |
|---|---|
/usr/lib/libhardened_malloc.so |
Default variant — full hardening, for per-app use via bwrap LD_PRELOAD |
/usr/lib/libhardened_malloc-light.so |
Light variant — balanced, loaded system-wide via /etc/ld.so.preload |
/usr/lib/libfake_rlimit.so |
Intercepts prlimit64/setrlimit RLIMIT_AS calls to prevent crashes |
/etc/ld.so.preload |
Preloads libfake_rlimit.so + libhardened_malloc-light.so globally |
/etc/sysctl.d/20-hardened-malloc.conf |
vm.max_map_count = 1048576 for guard slabs |
GTK4 uses glycin for image loading, which sets RLIMIT_AS on its sandboxed loader processes. This is incompatible with hardened_malloc's large virtual memory reservation (~240 GB PROT_NONE guard regions). The shim intercepts prlimit64(RLIMIT_AS) and setrlimit(RLIMIT_AS) calls, returning success without applying the limit. All other resource limits are passed through unchanged.
The light variant provides zero-on-free, slab canaries, and guard slabs. The default variant adds slot randomization, write-after-free checks, and slab quarantines.
Applications with custom allocators (Chromium/PartitionAlloc, Firefox/mozjemalloc) are incompatible and must have hardened_malloc disabled in their bwrap wrappers via --ro-bind /dev/null /etc/ld.so.preload. See dotfiles for per-app configuration.
To use the default (stricter) variant system-wide instead of light, edit /etc/ld.so.preload:
/usr/lib/libfake_rlimit.so
/usr/lib/libhardened_malloc.so
gitpkg install hardened_mallocSee gitpkg for details.
make build
sudo make installgitpkg remove hardened_mallocsudo make uninstall# Check latest tags
make check-upstream
# Update TAG in Makefile, commit, then:
gitpkg update hardened_malloc
# or manually:
make clean && make build && sudo make installbase-devel(gcc,make)git
AGPL-3.0-or-later