@@ -, +, @@ 
---
 bin/ebuild-helpers/prepstrip | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)
--- a/bin/ebuild-helpers/prepstrip	
+++ a/bin/ebuild-helpers/prepstrip	
@@ -15,7 +15,7 @@ exp_tf() {
 		eval ${var}_${flag}=$(tf has ${flag} ${!var})
 	done
 }
-exp_tf FEATURES compressdebug installsources nostrip splitdebug
+exp_tf FEATURES compressdebug installsources nostrip splitdebug xattr
 exp_tf RESTRICT binchecks installsources strip
 
 if ! ___eapi_has_prefix_variables; then
@@ -30,6 +30,11 @@ if ${RESTRICT_strip} || ${FEATURES_nostrip} ; then
 	${FEATURES_installsources} || exit 0
 fi
 
+PRESERVE_XATTR_PAX_FLAGS=false
+if [[ ${KERNEL} == linux ]] && ${FEATURES_xattr} && type -P setfattr >/dev/null ; then
+	PRESERVE_XATTR_PAX_FLAGS=true
+fi
+
 # look up the tools we might be using
 for t in STRIP:strip OBJCOPY:objcopy READELF:readelf ; do
 	v=${t%:*} # STRIP
@@ -292,6 +297,11 @@ do
 		chmod u+w "${x}"
 	fi
 
+	xt_pax_flags=
+	if ${PRESERVE_XATTR_PAX_FLAGS} ; then
+		xt_pax_flags="$(getfattr -n "user.pax.flags" --only-values "${x}" 2>/dev/null)"
+	fi
+
 	# only split debug info for final linked objects
 	# or kernel modules as debuginfo for intermediatary
 	# files (think crt*.o from gcc/glibc) is useless and
@@ -311,6 +321,11 @@ do
 		process_elf "${x}" "${inode_link}" ${SAFE_STRIP_FLAGS}
 	fi
 
+	if [[ ${xt_pax_flags} ]] && [[ ${#xt_pax_flags} -le 5 ]] && \
+		[[ -z ${xt_pax_flags//[-PpSsMmEeRr]} ]] ; then
+		setfattr -n "user.pax.flags" -v "${xt_pax_flags}" "${x}"
+	fi
+
 	if ${was_not_writable} ; then
 		chmod u-w "${x}"
 	fi