| 1 |
On Mon, Jun 9, 2014 at 7:43 PM, Michael Orlitzky <mjo@g.o> wrote: |
| 2 |
> |
| 3 |
> On 06/07/2014 08:55 PM, Anthony G. Basile wrote: |
| 4 |
> > |
| 5 |
> > When running with a pax kernel, you must enable EMUTRAMP in your Kconfig |
| 6 |
> > and you must paxmark your python exe's with E. Note: EMUTRAMP is on by |
| 7 |
> > default and the ebuild automatically does the markings for you, so leave |
| 8 |
> > the defaults alone. |
| 9 |
> > |
| 10 |
> |
| 11 |
> Can linux-info.eclass be used to spit out a warning during a python emerge? |
| 12 |
> |
| 13 |
> This, |
| 14 |
> |
| 15 |
> use hardened && CONFIG_CHECK+=" ~CONFIG_PAX_EMUTRAMP" |
| 16 |
> |
| 17 |
> seems like a common pattern. With a little more ingenuity we can |
| 18 |
> probably have it check the running/installed kernel and not the USE flag. |
| 19 |
> |
| 20 |
|
| 21 |
Where did the "Gentoo Linux" option in the kernel config disappear? |
| 22 |
the one that had the |
| 23 |
openrc / systemd options among other things. |
| 24 |
|
| 25 |
Could we just add an option in there that will force EMUTRAMP for the |
| 26 |
hardened-sources? |
| 27 |
|
| 28 |
-- Jason |
Archives