####################################################################
#         Copyright 1999-2003 Gentoo Technologies, Inc.            #
# Distributed under the terms of the GNU General Public License v2 #
####################################################################
# chpax	prefix	description
# p	PE	do not enforce paging based non-executable pages
# E	ET	emulate trampolines
# r	RE	do not randomize mmap() base [ELF only]
# m	MP	do not restrict mprotect()
# s	SE	do not enforce segmentation based non-executable pages
# x	XE	do not randomize ET_EXEC base [ELF only]

# I've taken to the convention of using one of the above prefixes with
# _[package] to name the variables here, i.e. PE_wine would be like
# `chpax -p` against the affected wine binaries.  As far as I know,
# there's no setting in here for `chpax -x`

# "blackdown_java" would be blackdown-jdk or blackdown-jre

# packages that need Page Exempt
PE_wine=/usr/lib/wine/bin/{wine,winebuild,wineclipsrv,winedump,winegcc,wineserver,winewrap}
PE_blackdown_java=/opt/blackdown-{jdk-*/jre/,jre-*/}{java,java_vm,keytool,kinit,klist,ktab,orbd,policytool,rmid,rmiregistry,servertool,tnameserv}
PE_openoffice=/opt/OpenOffice.org*/program/soffice.bin
PE_xfce4=/usr/bin/xfce4-panel
PE_gnome=/usr/bin/gnome-sound-recorder
# misc PE: xfree, xmms, mplayer, blender, gxine, totem, acme
PEMISC="/usr/X11R6/bin/XFree86 /usr/bin/xmms /usr/bin/mplayer \
 /usr/bin/blender /usr/bin/gxine /usr/bin/totem /usr/bin/acme"

# packages that need Rand Exempt
RE_blackdown_java="${PE_blackdown_java}"

# packages that need MProtect Exempt
ME_blackdown_java="${PE_blackdown_java}"

# All are applied here
PAGEEXEC_EXEMPT="${PEMISC} ${PE_wine} ${PE_blackdown_java} \
      ${PE_openoffice} ${PE_xfce4} {PE_gnome}"
TRAMPOLINE_EXEMPT=""
MPROTECT_EXEMPT="${ME_blackdown_java}"
RANDMMAP_EXEMPT=""
SEGMEXEC_EXEMPT="${PAGEEXEC_EXEMPT}"
RANDEXEC_EXEMPT="${RE_blackdown_java}"

# when zero flag mask is set to "yes" it will remove all pax flags from all files on reboot/stop
ZERO_FLAG_MASK=yes