Summary: | xt_pax need to be exactly same as pt_pax | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Amadeusz Sławiński <amade> |
Component: | Hardened | Assignee: | The Gentoo Linux Hardened Team <hardened> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 431092 |
Description
Amadeusz Sławiński
2012-12-13 19:38:24 UTC
This should be fixed soon. I have to update the pax-utils.eclass. In the mean time you can help test! Use the eclass at http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=blob;f=eclass/pax-utils.eclass;h=e860d04b32bb301f447e385d3cb35129cff4e394;hb=38ad3d21b9fd281e326eff20ceb6de1ccb0ee1ef and let me know if that fixes it for you. Yes I forgot to mention that, that's the one I use. I uninstalled paxctl-ng (because it's broken) so it uses setfattr, which seems to work ok, except for not setting 'e' flag which is in pt_pax. (In reply to comment #2) > Yes I forgot to mention that, that's the one I use. > I uninstalled paxctl-ng (because it's broken) so it uses setfattr, which > seems to work ok, except for not setting 'e' flag which is in pt_pax. paxctl-ng is work in progress. Please let me what version you were using and how it was broken. setfattr will not set the default flags for you, like e. Hence the need for a tool like paxctl-ng. (In reply to comment #3) > (In reply to comment #2) > > Yes I forgot to mention that, that's the one I use. > > I uninstalled paxctl-ng (because it's broken) so it uses setfattr, which > > seems to work ok, except for not setting 'e' flag which is in pt_pax. > > paxctl-ng is work in progress. Please let me what version you were using > and how it was broken. version 0.6.0 It was already reported in bug 446518 (it puts '-' in flags) > setfattr will not set the default flags for you, like e. Hence the need for > a tool like paxctl-ng. Won't it cause binaries not working when they are marked on systems without paxctl-ng? Maybe it can copy pt_pax flags if present? (In reply to comment #4) > (In reply to comment #3) > > (In reply to comment #2) > > > Yes I forgot to mention that, that's the one I use. > > > I uninstalled paxctl-ng (because it's broken) so it uses setfattr, which > > > seems to work ok, except for not setting 'e' flag which is in pt_pax. > > > > paxctl-ng is work in progress. Please let me what version you were using > > and how it was broken. > > version 0.6.0 > It was already reported in bug 446518 (it puts '-' in flags) > > > setfattr will not set the default flags for you, like e. Hence the need for > > a tool like paxctl-ng. > > Won't it cause binaries not working when they are marked on systems without > paxctl-ng? Maybe it can copy pt_pax flags if present? The eclass now takes care of that. Its okay to allow the utility to have more flexibility than you want. We'll the portage take care of making sure we correctly set the flags we need when installing. I believe this is fixed in the latest version of the eclass. Yes, it's fixed, thanks. Thanks! |