On Sunday 25 November 2012 18:57:12 Matthew Thode wrote: > pax_kernel is used by 21 packages. The description would generally be > 'make changes to the package so it works under a pax enabled kernel'. > Currently it is used to either patch or (inclusive) to pax mark. > > What think you?
`paxctl` should be run if it exists, and a hardened profile should list that in its @system imo. that cuts out quite a number of users. as for patches applied to the source, i can't say w/out reading the actual patches if there's a better way (keying off defines, or runtime detection based on errno which we've done in glibc). -mike
signature.asc
Description: This is a digitally signed message part.