Gentoo Archives: gentoo-hardened

From: Michael Orlitzky <michael@××××××××.com>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] XATTR_PAX migration
Date: Tue, 10 Sep 2013 13:03:31
Message-Id: 522F1899.7050700@orlitzky.com
In Reply to: Re: [gentoo-hardened] XATTR_PAX migration by "Anthony G. Basile"
1 On 09/10/2013 07:44 AM, Anthony G. Basile wrote:
2 > On 09/09/2013 07:45 PM, Michael Orlitzky wrote:
3 >> On 09/09/2013 05:26 PM, Anthony G. Basile wrote:
4 >>>
5 >>> You can use XT_PAX provided you're not running something like a
6 >>> tinderbox, ie doing massive amounts of ebuilds. The problem is that
7 >>> install is being wrapped by install.py. As a result every instance of
8 >>> install mean invoking the python interpreter. With lots and lots of
9 >>> installs, this adds up to being very slow.
10 >>>
11 >>
12 >> Ok, thanks. These are all servers and installing anything is out of the
13 >> ordinary. Should I add a note about PAX_MARKINGS to the wiki, or is
14 >> there a plan to make that unnecessary (again)?
15 >>
16 >
17 > Feel free to add any documentation you guys think is lacking.
18 >
19
20 Whoops, I don't have rights to edit the page. I wrote the blurb, though:
21
22 5. Update make.conf.
23
24 To prevent warnings for non-hardened users, portage defaults to PT_PAX
25 markings when installing packages. If the migration was successful and
26 your kernel is respecting the new XATTR_PAX markings, you can tell
27 portage to use them in the future. Simply set,
28
29 {{File|/etc/portage/make.conf||<pre>
30 PAX_MARKINGS="XT"
31 </pre>}}
32
33 in your make.conf.

Replies

Subject Author
Re: [gentoo-hardened] XATTR_PAX migration Sven Vermeulen <sven.vermeulen@××××××.be>