diff options
Diffstat (limited to 'sys-apps/chpax/files/pax-conf.d')
-rw-r--r-- | sys-apps/chpax/files/pax-conf.d | 53 |
1 files changed, 34 insertions, 19 deletions
diff --git a/sys-apps/chpax/files/pax-conf.d b/sys-apps/chpax/files/pax-conf.d index 0a9527b02328..48c0e9196e34 100644 --- a/sys-apps/chpax/files/pax-conf.d +++ b/sys-apps/chpax/files/pax-conf.d @@ -1,5 +1,5 @@ #################################################################### -# Copyright 1999-2004 Gentoo Technologies, Inc. # +# Copyright 1999-2003 Gentoo Technologies, Inc. # # Distributed under the terms of the GNU General Public License v2 # #################################################################### # chpax prefix description @@ -10,33 +10,48 @@ # s SE do not enforce segmentation based non-executable pages # x XE do not randomize ET_EXEC base [ELF only] -CHPAX=/sbin/chpax -#CHPAX=/sbin/paxctl +# NOTE: PS_EXEC_EXEMPT is {PAGE,SEGM}_EXEC_EXEMPT. For executables +# with BOTH, you should use this, as it enables -e and -m, to make +# sure that pax doesn't cry about odd flag settings in softmode -PE_wine=/usr/lib/wine/bin/{wine{,build,clipsrv,dump,gcc,server,wrap,-{k,p}thread},w{mc,rc,idl}} -PE_blkdwn_java=/opt/blackdown-{jdk-*/{,jre/},jre-*/}bin/{java{_vm},keytool,kinit,klist,ktab,orbd,policytool,rmi{d,registry},servertool,tnameserv} -PE_openoffice=/opt/OpenOffice.org*/program/soffice.bin +# "blkdwn_java" would be blackdown-jdk or blackdown-jre -PE_misc="/usr/X11R6/bin/XFree86 /usr/bin/xmms /usr/bin/mplayer /usr/bin/blender \ - /usr/bin/gxine /usr/bin/xine /usr/bin/totem /usr/bin/acme \ - /usr/bin/xfce4-panel /usr/bin/gnome-sound-recorder /usr/games/bin/bzflag" +# chpax command. If using multiple tools, can separate by spaces. +# This one hits BOTH chpax and paxctl +CHPAX="/sbin/chpax /sbin/paxctl" +#CHPAX="/sbin/paxctl" +#CHPAX="/sbin/chpax" + +# yes to be annoyed +VERBOSE="no" + +PSE_wine=/usr/lib/wine/bin/{wine{,build,clipsrv,dump,gcc,server,wrap,-{k,p}thread},w{mc,rc,idl}} +PSE_blkdwn_java=/opt/blackdown-{jdk-*/{,jre/},jre-*/}bin/{java{,_vm,c},keytool,kinit,klist,ktab,orbd,policytool,rmi{d,registry},servertool,tnameserv} +PSE_openoffice=/opt/OpenOffice.org*/program/soffice.bin +PSE_misc="/usr/X11R6/bin/XFree86 /usr/bin/xmms /usr/bin/{,g}mplayer \ + /usr/bin/blender /usr/bin/gxine /usr/bin/xine /usr/bin/totem /usr/bin/acme \ + /usr/bin/gnome-sound-recorder /usr/games/bin/bzflag /usr/bin/xfce4-panel" + +RE_blkdwn_java="${SPE_blkdwn_java} /usr/X11R6/bin/XFree86" + +ME_blkdwn_java="${PSE_blkdwn_java}" +# or plug-ins don't work +ME_misc=/usr/lib/MozillaFirefox/firefox{,-bin} + +XE_blkdwn_java="${PSE_blkdwn_java} /usr/X11R6/bin/XFree86" -RE_blkdwn_java="${PE_blkdwn_java}" -RE_wine="${PE_wine}" -ME_blkdwn_java="${PE_blkdwn_java}" -XE_blkdwn_java="${PE_blkdwn_java}" -XE_wine="${RE_wine}" #################################### # Settings are really applied here # #################################### -PAGEEXEC_EXEMPT="${PE_misc} ${PE_wine} ${PE_blkdwn_java} ${PE_gnome} ${PE_openoffice}" +PS_EXEC_EXEMPT="${PSE_misc} ${PSE_wine} ${PSE_blkdwn_java} ${PSE_openoffice}" +PAGEEXEC_EXEMPT="" TRAMPOLINE_EXEMPT="" -MPROTECT_EXEMPT="${ME_blkdwn_java}" -RANDMMAP_EXEMPT="${RE_wine}" +MPROTECT_EXEMPT="${ME_blkdwn_java} ${ME_misc}" +RANDMMAP_EXEMPT="${RE_blkdwn_java}" SEGMEXEC_EXEMPT="${PAGEEXEC_EXEMPT}" -RANDEXEC_EXEMPT="${XE_blkdwn_java} ${XE_wine}" +RANDEXEC_EXEMPT="${XE_blkdwn_java}" # when zero flag mask is set to "yes" it will remove all pax flags from all files on reboot/stop -ZERO_FLAG_MASK=no +ZERO_FLAG_MASK="yes" |