|
|
|---|
#################################################################### | #################################################################### |
# Copyright 1999-2004 Gentoo Technologies, Inc. # |
# Copyright 1999-2003 Gentoo Technologies, Inc. # |
# Distributed under the terms of the GNU General Public License v2 # | # Distributed under the terms of the GNU General Public License v2 # |
#################################################################### | #################################################################### |
# |
# chpax prefix description |
# p do not enforce paging based non-executable pages |
# p PE do not enforce paging based non-executable pages |
# e do not emulate trampolines |
# E ET emulate trampolines |
# r do not randomize mmap() base [ELF only] |
# r RE do not randomize mmap() base [ELF only] |
# m do not restrict mprotect() |
# m ME do not restrict mprotect() |
# s do not enforce segmentation based non-executable pages |
# s SE do not enforce segmentation based non-executable pages |
# x do not randomize ET_EXEC base [ELF only] |
# x XE do not randomize ET_EXEC base [ELF only] |
# z zero flag mask |
|
|
|
JAVA=/opt/blackdown-jdk-*/jre/{java,java_vm,keytool,kinit,klist,ktab,orbd,policytool,rmid,rmiregistry,servertool,tnameserv} |
|
WINE=/usr/lib/wine/bin/wine/{wine,winebuild,wineclipsrv,winedump,winegcc,wineserver,winewrap} |
|
|
|
# most things that need pageexec need segmexec and or vice versa so we set both. |
|
PAGEEXEC_EXEMPT="/usr/X11R6/bin/XFree86 /usr/bin/xmms /usr/bin/mplayer /opt/OpenOffice*/program/soffice.bin \ |
|
/usr/bin/blender /usr/bin/gxine /usr/bin/totem /usr/bin/acme $JAVA $WINE" |
|
| |
|
# I've taken to the convention of using one of the above prefixes with |
|
# _[package] to name the variables here, i.e. PE_wine would be like |
|
# `chpax -p` against the affected wine binaries. As far as I know, |
|
# there's no setting in here for `chpax -x` |
|
|
|
# "blackdown_java" would be blackdown-jdk or blackdown-jre |
|
|
|
#chpax |
|
CHPAX=/sbin/paxctl |
|
|
|
# packages that need Page Exempt |
|
PE_wine=/usr/lib/wine/bin/{wine{,build,clipsrv,dump,gcc,server,wrap,-{k,p}thread},w{mc,rc,idl}} |
|
PE_blackdown_java=/opt/blackdown-{jdk-*/{,jre/},jre-*/}bin/{java{_vm},keytool,kinit,klist,ktab,orbd,policytool,rmi{d,registry},servertool,tnameserv} |
|
PE_openoffice=/opt/OpenOffice.org*/program/soffice.bin |
|
PE_xfce4=/usr/bin/xfce4-panel |
|
PE_gnome=/usr/bin/gnome-sound-recorder |
|
PE_bzflag=/usr/games/bin/bzflag |
|
# misc PE: xfree, xmms, mplayer, blender, gxine, totem, acme |
|
PEMISC="/usr/X11R6/bin/XFree86 /usr/bin/xmms /usr/bin/mplayer \ |
|
/usr/bin/blender /usr/bin/gxine /usr/bin/xine /usr/bin/totem /usr/bin/acme" |
|
|
|
# packages that need Rand Exempt |
|
# Note that at least blackdown-jre-1.4.1/bin/javac needs this, or it segs. |
|
#RE_blackdown_java="${PE_blackdown_java}" |
|
RE_wine="${PE_wine}" |
|
|
|
# packages that need MProtect Exempt |
|
ME_blackdown_java="${PE_blackdown_java}" |
|
|
|
# RandExec |
|
XE_blackdown_java="${PE_blackdown_java}" |
|
XE_wine="${RE_wine}" |
|
|
|
# All are applied here |
|
PAGEEXEC_EXEMPT="${PEMISC} ${PE_wine} ${PE_blackdown_java} ${PE_gnome} \ |
|
${PE_openoffice} ${PE_xfce4} ${PE_gnome} ${PE_bzflag}" |
TRAMPOLINE_EXEMPT="" | TRAMPOLINE_EXEMPT="" |
MPROTECT_EXEMPT="" |
MPROTECT_EXEMPT="${ME_blackdown_java}" |
RANDMMAP_EXEMPT="" |
RANDMMAP_EXEMPT="${RE_wine}" |
SEGMEXEC_EXEMPT="${PAGEEXEC_EXEMPT}" | SEGMEXEC_EXEMPT="${PAGEEXEC_EXEMPT}" |
RANDEXEC_EXEMPT="${JAVA}" |
RANDEXEC_EXEMPT="${XE_blackdown_java} ${XE_wine}" |
| |
# when zero flag mask is set to "yes" it will remove all pax flags from all files on reboot/stop | # when zero flag mask is set to "yes" it will remove all pax flags from all files on reboot/stop |
ZERO_FLAG_MASK=yes | ZERO_FLAG_MASK=yes |
