| 1 |
On Sat, 28 Jun 2014 07:47:26 -0400 |
| 2 |
"Anthony G. Basile" <basile@××××××××××××××.edu> wrote: |
| 3 |
|
| 4 |
> There are two advantages to paxctl over paxctl-ng from elfix: 1) It |
| 5 |
> doesn't depend on elfutils to do its manipulation of elf phdr's. 2) |
| 6 |
> It does try to convert or create a PT_PAX_FLAGS phdr by either |
| 7 |
> creating (-C) or converting (-c) a PT_GNU_STACK phdr. |
| 8 |
> |
| 9 |
> The advantage of paxctl-ng over paxctl is 1) it is designed to do |
| 10 |
> both PT_PAX and/or XATTR_PAX markings, 2) it is consciously designed |
| 11 |
> to not try to create/convert ELF phdr's. |
| 12 |
> |
| 13 |
> If we ever drop the PT_PAX_FLAGS patch from binutils then paxctl |
| 14 |
> would no longer be needed and paxctl-ng can be reduced to just doing |
| 15 |
> XATTR_PAX markings. |
| 16 |
> |
| 17 |
> One step at a time ;) |
| 18 |
|
| 19 |
Okay, that sounds reasonable. And as paxctl is a small program, it |
| 20 |
doesn't hurt to have it around on XATTR_PAX-only systems even though |
| 21 |
it's not needed. |
| 22 |
|
| 23 |
But there's still an issue. According to [1], 15 packages still depend |
| 24 |
on or invoke paxctl directly. One example is dev-lisp/sbcl, which needs |
| 25 |
pax markings at one point right in the middle of the build process and |
| 26 |
therefore can't use the pax eclass, at least not in a simple way. This |
| 27 |
doesn't work on systems like mine which don't respect PT_PAX flags. |
| 28 |
|
| 29 |
I'm currently working on a patch for sbcl (there are selinux-related |
| 30 |
issues as well), but please have a look at the other ebuilds. |
| 31 |
|
| 32 |
[1] $ echo /usr/portage/*/*/*.ebuild|xargs -n1000 grep -P 'paxctl(?!-ng)'|cut -d: -f1 |
| 33 |
|
| 34 |
|
| 35 |
Regards, |
| 36 |
Luis Ressel |
Archives