1 |
On Sunday 25 November 2012 18:57:12 Matthew Thode wrote: |
2 |
> pax_kernel is used by 21 packages. The description would generally be |
3 |
> 'make changes to the package so it works under a pax enabled kernel'. |
4 |
> Currently it is used to either patch or (inclusive) to pax mark. |
5 |
> |
6 |
> What think you? |
7 |
|
8 |
`paxctl` should be run if it exists, and a hardened profile should list that in |
9 |
its @system imo. that cuts out quite a number of users. |
10 |
|
11 |
as for patches applied to the source, i can't say w/out reading the actual |
12 |
patches if there's a better way (keying off defines, or runtime detection based |
13 |
on errno which we've done in glibc). |
14 |
-mike |