Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#39983 - [linux-grsec] kernel.pax.softmode should be disabled by default
Attached to Project:
Community Packages
Opened by Daniel Micay (thestinger) - Monday, 21 April 2014, 02:16 GMT
Last edited by Daniel Micay (thestinger) - Thursday, 22 May 2014, 09:15 GMT
Opened by Daniel Micay (thestinger) - Monday, 21 April 2014, 02:16 GMT
Last edited by Daniel Micay (thestinger) - Thursday, 22 May 2014, 09:15 GMT
|
DetailsThis will require setting PaX exceptions for binaries broken by the restrictions. This can be done via extended attributes, but there's no sane way to do it from the package itself. Another solution is to set these via an RBAC policy, but that comes with other issues.
|
This task depends upon
Closed by Daniel Micay (thestinger)
Thursday, 22 May 2014, 09:15 GMT
Reason for closing: Implemented
Additional comments about closing: installing the paxd package enables PaX and handles setting exceptions after Pacman transactions
Thursday, 22 May 2014, 09:15 GMT
Reason for closing: Implemented
Additional comments about closing: installing the paxd package enables PaX and handles setting exceptions after Pacman transactions
Comment by Daniel Micay (thestinger) -
Thursday, 22 May 2014, 09:15 GMT
I wrote a tiny daemon to work around this: https://github.com/thestinger/paxd