1 |
On 09/10/2013 09:08 AM, Sven Vermeulen wrote: |
2 |
> On Sep 10, 2013 3:03 PM, "Michael Orlitzky" <michael@××××××××.com> wrote: |
3 |
>> |
4 |
>> On 09/10/2013 07:44 AM, Anthony G. Basile wrote: |
5 |
>>> On 09/09/2013 07:45 PM, Michael Orlitzky wrote: |
6 |
>>>> On 09/09/2013 05:26 PM, Anthony G. Basile wrote: |
7 |
>>>>> |
8 |
>>>>> You can use XT_PAX provided you're not running something like a |
9 |
>>>>> tinderbox, ie doing massive amounts of ebuilds. The problem is that |
10 |
>>>>> install is being wrapped by install.py. As a result every instance of |
11 |
>>>>> install mean invoking the python interpreter. With lots and lots of |
12 |
>>>>> installs, this adds up to being very slow. |
13 |
>>>>> |
14 |
>>>> |
15 |
>>>> Ok, thanks. These are all servers and installing anything is out of the |
16 |
>>>> ordinary. Should I add a note about PAX_MARKINGS to the wiki, or is |
17 |
>>>> there a plan to make that unnecessary (again)? |
18 |
>>>> |
19 |
>>> |
20 |
>>> Feel free to add any documentation you guys think is lacking. |
21 |
>>> |
22 |
>> |
23 |
>> Whoops, I don't have rights to edit the page. I wrote the blurb, though: |
24 |
>> |
25 |
>> 5. Update make.conf. |
26 |
>> |
27 |
>> To prevent warnings for non-hardened users, portage defaults to PT_PAX |
28 |
>> markings when installing packages. If the migration was successful and |
29 |
>> your kernel is respecting the new XATTR_PAX markings, you can tell |
30 |
>> portage to use them in the future. Simply set, |
31 |
>> |
32 |
>> {{File|/etc/portage/make.conf||<pre> |
33 |
>> PAX_MARKINGS="XT" |
34 |
>> </pre>}} |
35 |
>> |
36 |
>> in your make.conf. |
37 |
>> |
38 |
>> |
39 |
> |
40 |
> Yes, everything under Project: namespace is only writable for developers. |
41 |
> |
42 |
> If the project developers don't mind end user changes the documents can be |
43 |
> moved to the general location (like we did with many SELinux related |
44 |
> documents). |
45 |
> |
46 |
> You can always put edits in your personal space and have a developer review |
47 |
> and integrate if needed, but my preference is to move those documents to |
48 |
> the main namespace. |
49 |
> |
50 |
> Wkr, |
51 |
> Sven |
52 |
> |
53 |
|
54 |
Sven go ahead and make them like the SELinux docs. Is there any way to |
55 |
monitor the changes, eg by having emails sent the way the torproject |
56 |
wiki does? |
57 |
|
58 |
-- |
59 |
Anthony G. Basile, Ph. D. |
60 |
Chair of Information Technology |
61 |
D'Youville College |
62 |
Buffalo, NY 14201 |
63 |
(716) 829-8197 |