| 1 |
On Sunday 25 November 2012 18:57:12 Matthew Thode wrote: |
| 2 |
> pax_kernel is used by 21 packages. The description would generally be |
| 3 |
> 'make changes to the package so it works under a pax enabled kernel'. |
| 4 |
> Currently it is used to either patch or (inclusive) to pax mark. |
| 5 |
> |
| 6 |
> What think you? |
| 7 |
|
| 8 |
`paxctl` should be run if it exists, and a hardened profile should list that in |
| 9 |
its @system imo. that cuts out quite a number of users. |
| 10 |
|
| 11 |
as for patches applied to the source, i can't say w/out reading the actual |
| 12 |
patches if there's a better way (keying off defines, or runtime detection based |
| 13 |
on errno which we've done in glibc). |
| 14 |
-mike |
Archives