Hi, When the dev-java/sun-jdk ebuild was migrated to the pax-utils eclass, it suddenly started to paxctl -m the binaries instead of -pemrs. It's still the case with sun-jdk-1.4.2.13 if you have chpax installed but chpax is deprecated. I noticed that something was wrong with java when I tried to build eclipse on a fresh hardened system. The jvm was immediately killed by PaX. I used paxctl -pmrs /opt/sun-jdk-1.4.2.13/{,jre}/bin/* and then I was able to build eclipse successfully. Considering java needs these permissions by design, it would help if the "pmrs" permissions were granted directly by the ebuild. Should the -m flag alone be enough? Thank you in advance
Yeah it was changed in a patch by our hardened folks when switching to an eclass to mark the files: https://bugs.gentoo.org/attachment.cgi?id=103184
Hardened folks are saying that -m is only good for >=1.5 to to changing 1.4 back to -srpm leaving newer versions alone. Thanks for reporting and please reopen if you still have issues with -r2.