--- /usr/portage/sys-apps/chpax/files/pax-conf.d	2004-01-20 06:36:52.000000000 -0500
+++ /etc/conf.d/chpax	2004-02-21 23:34:44.087112289 -0500
@@ -1,28 +1,56 @@
 ####################################################################
-#         Copyright 1999-2004 Gentoo Technologies, Inc.            #
+#         Copyright 1999-2003 Gentoo Technologies, Inc.            #
 # Distributed under the terms of the GNU General Public License v2 #
 ####################################################################
-#
-# p	do not enforce paging based non-executable pages
-# e	do not emulate trampolines
-# r	do not randomize mmap() base [ELF only]
-# m	do not restrict mprotect()
-# s	do not enforce segmentation based non-executable pages
-# x	do not randomize ET_EXEC base [ELF only]
-# z	zero flag mask
-
-JAVA=/opt/blackdown-jdk-*/jre/{java,java_vm,keytool,kinit,klist,ktab,orbd,policytool,rmid,rmiregistry,servertool,tnameserv}
-WINE=/usr/lib/wine/bin/wine/{wine,winebuild,wineclipsrv,winedump,winegcc,wineserver,winewrap}
-
-# most things that need pageexec need segmexec and or vice versa so we set both.
-PAGEEXEC_EXEMPT="/usr/X11R6/bin/XFree86 /usr/bin/xmms /usr/bin/mplayer /opt/OpenOffice*/program/soffice.bin \
- /usr/bin/blender /usr/bin/gxine /usr/bin/totem /usr/bin/acme $JAVA $WINE"
+# chpax	prefix	description
+# p	PE	do not enforce paging based non-executable pages
+# E	ET	emulate trampolines
+# r	RE	do not randomize mmap() base [ELF only]
+# m	ME	do not restrict mprotect()
+# s	SE	do not enforce segmentation based non-executable pages
+# x	XE	do not randomize ET_EXEC base [ELF only]
 
+# I've taken to the convention of using one of the above prefixes with
+# _[package] to name the variables here, i.e. PE_wine would be like
+# `chpax -p` against the affected wine binaries.  As far as I know,
+# there's no setting in here for `chpax -x`
+
+# "blackdown_java" would be blackdown-jdk or blackdown-jre
+
+#chpax
+CHPAX=/sbin/paxctl
+
+# packages that need Page Exempt
+PE_wine=/usr/lib/wine/bin/{wine{,build,clipsrv,dump,gcc,server,wrap,-{k,p}thread},w{mc,rc,idl}}
+PE_blackdown_java=/opt/blackdown-{jdk-*/{,jre/},jre-*/}bin/{java{_vm},keytool,kinit,klist,ktab,orbd,policytool,rmi{d,registry},servertool,tnameserv}
+PE_openoffice=/opt/OpenOffice.org*/program/soffice.bin
+PE_xfce4=/usr/bin/xfce4-panel
+PE_gnome=/usr/bin/gnome-sound-recorder
+PE_bzflag=/usr/games/bin/bzflag
+# misc PE: xfree, xmms, mplayer, blender, gxine, totem, acme
+PEMISC="/usr/X11R6/bin/XFree86 /usr/bin/xmms /usr/bin/mplayer \
+ /usr/bin/blender /usr/bin/gxine /usr/bin/xine /usr/bin/totem /usr/bin/acme"
+
+# packages that need Rand Exempt
+# Note that at least blackdown-jre-1.4.1/bin/javac needs this, or it segs.
+#RE_blackdown_java="${PE_blackdown_java}"
+RE_wine="${PE_wine}"
+
+# packages that need MProtect Exempt
+ME_blackdown_java="${PE_blackdown_java}"
+
+# RandExec
+XE_blackdown_java="${PE_blackdown_java}"
+XE_wine="${RE_wine}"
+
+# All are applied here
+PAGEEXEC_EXEMPT="${PEMISC} ${PE_wine} ${PE_blackdown_java} ${PE_gnome} \
+      ${PE_openoffice} ${PE_xfce4} ${PE_gnome} ${PE_bzflag}"
 TRAMPOLINE_EXEMPT=""
-MPROTECT_EXEMPT=""
-RANDMMAP_EXEMPT=""
+MPROTECT_EXEMPT="${ME_blackdown_java}"
+RANDMMAP_EXEMPT="${RE_wine}"
 SEGMEXEC_EXEMPT="${PAGEEXEC_EXEMPT}"
-RANDEXEC_EXEMPT="${JAVA}"
+RANDEXEC_EXEMPT="${XE_blackdown_java} ${XE_wine}"
 
 # when zero flag mask is set to "yes" it will remove all pax flags from all files on reboot/stop
 ZERO_FLAG_MASK=yes