| 1 |
Mike Gilbert schrieb: |
| 2 |
>> After recent changes in dev-lang/v8 and related ebuilds, the pax-mark call no |
| 3 |
>> longer has a || die. This means that the resulting binaries may have PT_PAX, |
| 4 |
>> XATTR_PAX, both or neither markings depending on kernel configuration, |
| 5 |
>> filesystem and mount options. |
| 6 |
>> |
| 7 |
>> I'd say that is not a good thing. If you agree with me, what could be done |
| 8 |
>> here? Have pax-mark die in the eclass or mandate || die in ebuilds? This |
| 9 |
>> would probably require pax-mark calls to be conditional on pax_kernel USE |
| 10 |
>> flag or similar. |
| 11 |
>> |
| 12 |
> Most ebuilds do not call pax-mark || die. Most people do not run PaX |
| 13 |
> systems, so a failure here is not a major issue. |
| 14 |
|
| 15 |
I agree that not having the pax-mark is not a significant problem |
| 16 |
currently. It could become one when PaX becomes more widespread, but |
| 17 |
that is not likely in the near term. |
| 18 |
|
| 19 |
What I think is bad is the automagic aspect of enabling pax-mark. |
| 20 |
|
| 21 |
|
| 22 |
Best regards, |
| 23 |
Chí-Thanh Christopher Nguyễn |
Archives