As per #3398

core/base/libs/socrate/socrate/system.py

@@ -58,6 +58,11 @@ class LogFilter(object):
         self.stream.flush()
 
 def _is_compatible_with_hardened_malloc():
+    with open('/proc/version', 'r') as f:
+        major, minor = f.readline().split()[2].split('.')[:2]
+        if int(major) < 6 or int(major) == 6 and int(minor) < 1:
+            return False
+
     with open('/proc/cpuinfo', 'r') as f:
         lines = f.readlines()
         for line in lines:
@@ -82,9 +87,13 @@ def set_env(required_secrets=[], log_filters=[]):
     log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", 'WARNING'))
     signal.signal(signal.SIGTERM, sigterm_handler)
 
-    if not 'LD_PRELOAD' in os.environ and _is_compatible_with_hardened_malloc():
-        log.warning('Your CPU has Advanced Vector Extensions available, we recommend you enable hardened-malloc earlier in the boot process by adding LD_PRELOAD=/usr/lib/libhardened_malloc.so to your mailu.env')
-        os.environ['LD_PRELOAD'] = '/usr/lib/libhardened_malloc.so'
+    if _is_compatible_with_hardened_malloc():
+        if not 'LD_PRELOAD' in os.environ and _is_compatible_with_hardened_malloc():
+            log.warning('Your CPU has Advanced Vector Extensions available, we recommend you enable hardened-malloc earlier in the boot process by adding LD_PRELOAD=/usr/lib/libhardened_malloc.so to your mailu.env')
+            os.environ['LD_PRELOAD'] = '/usr/lib/libhardened_malloc.so'
+        with open('/proc/sys/vm/max_map_count', 'r') as f:
+            if int(f.readline()) < 1048576:
+                log.warning('Please consider increasing vm.max_map_count to 1048576 as per https://github.com/GrapheneOS/hardened_malloc?tab=readme-ov-file#traditional-linux-based-operating-systems')
 
     """ This will set all the environment variables and retains only the secrets we need """
     if 'SECRET_KEY_FILE' in os.environ:

towncrier/newsfragments/3398.misc

@@ -0,0 +1 @@
+Disable HARDENED_MALLOC unless the requirements are met