On Mon, 16 Jan 2017 17:50:15 +0100 intrigeri <intrig...@debian.org> wrote: > santiag...@riseup.net: > > I am not expert on writing systemd units, and I am unable to play with > > this soon. So it would be great if you could propose a patch :-) > > Sure. I might do it once I start using paxrat on systems without > live-config (but paxrat is less needed on those systems, so perhaps > I'll go with one of the other options instead).
Hi, Something like the attached would do the trick? It should run paxrat in watcher mode at early boot. It works on my machine. Although, paxrat seems to run twice: … paxrat[570]: 2017/12/12 13:56:13 Setting 'E' PaX flags via xattr on /usr/sbin/grub-bios-setup paxrat[570]: 2017/12/12 13:56:13 Starting paxrat watcher paxrat[570]: 2017/12/12 13:56:13 Setting 'E' PaX flags via xattr on /usr/sbin/grub-bios-setup paxrat[570]: 2017/12/12 13:56:13 Starting paxrat watcher … I wonder if this also be useful to solve #883170. paxrat in watcher mode should set the flags once /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java has been installed. Emmanuel, could you give it a try? Cheers, -- Santiago
[Unit] Description=Paxrat watcher mode After=local-fs.target DefaultDependencies=no AssertPathExists=/sbin/paxrat Documentation=man:paxrat(8) [Service] Type=simple ExecStart=/sbin/paxrat -w RemainAfterExit=yes [Install] WantedBy=sysinit.target
