The 'hardened' use flag refers to the hardened tool chain and not to a pax hardened kernel. However, all aufs2 ebuilds use the flag as if referring to a hardened kernel. This can be corrected by removing the 'hardened' useflag and unconditionally applying the pax.patch. Reproducible: Always
I don't have any experience nor real knowledge about those things. I really need to rely on your suggestions. Are you really sure applying the pax.patch in all cases is fine?
(In reply to comment #1) > I don't have any experience nor real knowledge about those things. I really > need to rely on your suggestions. Are you really sure applying the pax.patch in > all cases is fine? The other option is to introduce a local use flag like "pax_kernel" instead of "hardened". Reading the patch, I see the author does have some concerns about future possible problems and we don't want to pollute mainline gentoo with hardened issues. The reason for concern is that "hardened" means toolchain hardening and not the kernel hardening, which is what pax is. A user can have a vanilla toolchain (ie USE="-hardened") and still have a pax kernel. We would then be in a situation where aufs2 would need the patch, but not get it. The worse case scenario is a user who keeps switching back and forth between pax and non-pax kernels. You could say in the description of the use flag to set it if the user anticipates *ever* running under a pax kernel.
+ 15 Aug 2011; Justin Lecher <jlec@gentoo.org> aufs2-0_p20110627.ebuild, + aufs2-2.2_p20110815.ebuild, metadata.xml: + Changed USE hardened to pax_kernel, #375811 +