Attachment #26857 for bug #40665

View | Details | Raw Unified | Return to bug 40665 | Differences between
Collapse All | Expand All




####################################################################
#         Copyright 1999-2003 Gentoo Technologies, Inc.            #
# Distributed under the terms of the GNU General Public License v2 #
####################################################################
# chpax	prefix	description
# p	PE	do not enforce paging based non-executable pages
# E	ET	emulate trampolines
# r	RE	do not randomize mmap() base [ELF only]
# m	ME	do not restrict mprotect()
# s	SE	do not enforce segmentation based non-executable pages
# x	XE	do not randomize ET_EXEC base [ELF only]
# z	zero flag mask

JAVA=/opt/blackdown-jdk-*/jre/{java,java_vm,keytool,kinit,klist,ktab,orbd,policytool,rmid,rmiregistry,servertool,tnameserv}
WINE=/usr/lib/wine/bin/wine/{wine,winebuild,wineclipsrv,winedump,winegcc,wineserver,winewrap}

# most things that need pageexec need segmexec and or vice versa so we set both.
PAGEEXEC_EXEMPT="/usr/X11R6/bin/XFree86 /usr/bin/xmms /usr/bin/mplayer /opt/OpenOffice*/program/soffice.bin \
 /usr/bin/blender /usr/bin/gxine /usr/bin/totem /usr/bin/acme $JAVA $WINE"

# "blkdwn_java" would be blackdown-jdk or blackdown-jre

# chpax command.  If using multiple tools, can separate by spaces.
# This one hits BOTH chpax and paxctl
CHPAX="/sbin/chpax /sbin/paxctl"
#CHPAX="/sbin/paxctl"
#CHPAX="/sbin/chpax"

PE_wine=/usr/lib/wine/bin/{wine{,build,clipsrv,dump,gcc,server,wrap,-{k,p}thread},w{mc,rc,idl}}
PE_blackdown_java=/opt/blackdown-{jdk-*/{,jre/},jre-*/}bin/{java{,_vm},keytool,kinit,klist,ktab,orbd,policytool,rmi{d,registry},servertool,tnameserv}
PE_openoffice=/opt/OpenOffice.org*/program/soffice.bin
PE_misc="/usr/X11R6/bin/XFree86 /usr/bin/xmms /usr/bin/mplayer \
 /usr/bin/blender /usr/bin/gxine /usr/bin/xine /usr/bin/totem /usr/bin/acme \
 /usr/bin/gnome-sound-recorder /usr/games/bin/bzflag /usr/bin/xfce4-panel"
RE_blkdwn_java="${PE_blkdwn_java}"
ME_blkdwn_java="${PE_blkdwn_java}"
XE_blkdwn_java="${PE_blkdwn_java}"

####################################
# Settings are really applied here #
####################################

PAGEEXEC_EXEMPT="${PEMISC} ${PE_wine} ${PE_blkdwn_java} ${PE_openoffice}"
TRAMPOLINE_EXEMPT=""
MPROTECT_EXEMPT="${ME_blkdwn_java}"
RANDMMAP_EXEMPT="${RE_blkdwn_java}"
SEGMEXEC_EXEMPT="${PAGEEXEC_EXEMPT}"
RANDEXEC_EXEMPT="${XE_blkdwn_java}"

# when zero flag mask is set to "yes" it will remove all pax flags from all files on reboot/stop
ZERO_FLAG_MASK="no"

Return to bug 40665

Lines 1-28 Link Here

(-)/usr/portage/sys-apps/chpax/files/pax-conf.d (-20 / +35 lines)
1	####################################################################	1	####################################################################
2	# Copyright 1999-2004 Gentoo Technologies, Inc. #	2	# Copyright 1999-2003 Gentoo Technologies, Inc. #
3	# Distributed under the terms of the GNU General Public License v2 #	3	# Distributed under the terms of the GNU General Public License v2 #
4	####################################################################	4	####################################################################
5	#	5	# chpax prefix description
6	# p do not enforce paging based non-executable pages	6	# p PE do not enforce paging based non-executable pages
7	# e do not emulate trampolines	7	# E ET emulate trampolines
8	# r do not randomize mmap() base [ELF only]	8	# r RE do not randomize mmap() base [ELF only]
9	# m do not restrict mprotect()	9	# m ME do not restrict mprotect()
10	# s do not enforce segmentation based non-executable pages	10	# s SE do not enforce segmentation based non-executable pages
11	# x do not randomize ET_EXEC base [ELF only]	11	# x XE do not randomize ET_EXEC base [ELF only]
12	# z zero flag mask
13
14	JAVA=/opt/blackdown-jdk-*/jre/{java,java_vm,keytool,kinit,klist,ktab,orbd,policytool,rmid,rmiregistry,servertool,tnameserv}
15	WINE=/usr/lib/wine/bin/wine/{wine,winebuild,wineclipsrv,winedump,winegcc,wineserver,winewrap}
16
17	# most things that need pageexec need segmexec and or vice versa so we set both.
18	PAGEEXEC_EXEMPT="/usr/X11R6/bin/XFree86 /usr/bin/xmms /usr/bin/mplayer /opt/OpenOffice*/program/soffice.bin \
19	/usr/bin/blender /usr/bin/gxine /usr/bin/totem /usr/bin/acme $JAVA $WINE"
20		12
		13	# "blkdwn_java" would be blackdown-jdk or blackdown-jre
		14
		15	# chpax command. If using multiple tools, can separate by spaces.
		16	# This one hits BOTH chpax and paxctl
		17	CHPAX="/sbin/chpax /sbin/paxctl"
		18	#CHPAX="/sbin/paxctl"
		19	#CHPAX="/sbin/chpax"
		20
		21	PE_wine=/usr/lib/wine/bin/{wine{,build,clipsrv,dump,gcc,server,wrap,-{k,p}thread},w{mc,rc,idl}}
		22	PE_blackdown_java=/opt/blackdown-{jdk-/{,jre/},jre-/}bin/{java{,_vm},keytool,kinit,klist,ktab,orbd,policytool,rmi{d,registry},servertool,tnameserv}
		23	PE_openoffice=/opt/OpenOffice.org*/program/soffice.bin
		24	PE_misc="/usr/X11R6/bin/XFree86 /usr/bin/xmms /usr/bin/mplayer \
		25	/usr/bin/blender /usr/bin/gxine /usr/bin/xine /usr/bin/totem /usr/bin/acme \
		26	/usr/bin/gnome-sound-recorder /usr/games/bin/bzflag /usr/bin/xfce4-panel"
		27	RE_blkdwn_java="${PE_blkdwn_java}"
		28	ME_blkdwn_java="${PE_blkdwn_java}"
		29	XE_blkdwn_java="${PE_blkdwn_java}"
		30
		31	####################################
		32	# Settings are really applied here #
		33	####################################
		34
		35	PAGEEXEC_EXEMPT="${PEMISC} ${PE_wine} ${PE_blkdwn_java} ${PE_openoffice}"
21	TRAMPOLINE_EXEMPT=""	36	TRAMPOLINE_EXEMPT=""
22	MPROTECT_EXEMPT=""	37	MPROTECT_EXEMPT="${ME_blkdwn_java}"
23	RANDMMAP_EXEMPT=""	38	RANDMMAP_EXEMPT="${RE_blkdwn_java}"
24	SEGMEXEC_EXEMPT="${PAGEEXEC_EXEMPT}"	39	SEGMEXEC_EXEMPT="${PAGEEXEC_EXEMPT}"
25	RANDEXEC_EXEMPT="${JAVA}"	40	RANDEXEC_EXEMPT="${XE_blkdwn_java}"
26		41
27	# when zero flag mask is set to "yes" it will remove all pax flags from all files on reboot/stop	42	# when zero flag mask is set to "yes" it will remove all pax flags from all files on reboot/stop
28	ZERO_FLAG_MASK=yes	43	ZERO_FLAG_MASK="no"