Mike Gilbert schrieb: >> After recent changes in dev-lang/v8 and related ebuilds, the pax-mark call no >> longer has a || die. This means that the resulting binaries may have PT_PAX, >> XATTR_PAX, both or neither markings depending on kernel configuration, >> filesystem and mount options. >> >> I'd say that is not a good thing. If you agree with me, what could be done >> here? Have pax-mark die in the eclass or mandate || die in ebuilds? This >> would probably require pax-mark calls to be conditional on pax_kernel USE >> flag or similar. >> > Most ebuilds do not call pax-mark || die. Most people do not run PaX > systems, so a failure here is not a major issue.
I agree that not having the pax-mark is not a significant problem currently. It could become one when PaX becomes more widespread, but that is not likely in the near term. What I think is bad is the automagic aspect of enabling pax-mark. Best regards, Chí-Thanh Christopher Nguyễn
