On 2019/05/28 17:48, ops...@firemail.cc wrote: > So, following the new advancements in W^X from Theo, I was thinking about > this idea: ports maintainers cannot make every single package be W^X, this > is obvious. > But they could test each package without wxallowed and, if it is not > working, make > the package go to other specified filesystem with wxallowed. > For example: all packages I need can work without wxallowed on > /usr/local/bin, > except for some shitty python scripts that I unfortunately need. > So, in order to make it work, I need to put wxallowed in all this mount > point. > Wouldn't it be better to just create, lets say, /usr/local/wxallowedbin/ > on the installation procedure? Of course this would require some effors from > ports > maintainers, but should be doable. > > > > Regards. >
A binary doesn't *just* need to be on a wxallowed filesystem, it must also be marked with the wxneeded flag. So even if you mount /usr/local with wxallowed the vast majority of programs installed there are still denied W|X maps, there's no need for a separate filesystem to do that.