Lines 162-189
Link Here
|
162 |
# Set as default VM if none exists |
162 |
# Set as default VM if none exists |
163 |
java-vm-2_pkg_postinst |
163 |
java-vm-2_pkg_postinst |
164 |
|
164 |
|
165 |
# if chpax is on the target system, set the appropriate PaX flags |
165 |
ewarn "Disabling some PaX restrictions (${CHPAX_CONSERVATIVE_FLAGS})" |
166 |
# this will not hurt the binary, it modifies only unused ELF bits |
|
|
167 |
# but may confuse things like AV scanners and automatic tripwire |
168 |
if has_version sys-apps/chpax |
169 |
then |
170 |
echo |
171 |
einfo "setting up conservative PaX flags for jar, javac and java" |
172 |
|
173 |
for paxkills in "jar" "javac" "java" "javah" "javadoc" |
174 |
do |
175 |
chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${P}/bin/$paxkills |
176 |
done |
177 |
|
166 |
|
178 |
# /opt/sun-jdk-1.4.2.03/jre/bin/java_vm |
167 |
for paxkills in "jar" "javac" "java" "javah" "javadoc" |
179 |
chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${P}/jre/bin/java_vm |
168 |
do |
|
|
169 |
$(which scanelf) -Xxz ${CHPAX_CONSERVATIVE_FLAGS} /opt/${P}/bin/$paxkills |
170 |
done |
180 |
|
171 |
|
181 |
einfo "you should have seen lots of chpax output above now" |
172 |
$(which scanelf) -Xxz ${CHPAX_CONSERVATIVE_FLAGS} /opt/${P}/jre/bin/java_vm |
182 |
ewarn "make sure the grsec ACL contains those entries also" |
|
|
183 |
ewarn "because enabling it will override the chpax setting" |
184 |
ewarn "on the physical files - help for PaX and grsecurity" |
185 |
ewarn "can be given by #gentoo-hardened + hardened@gentoo.org" |
186 |
fi |
187 |
|
173 |
|
188 |
if ! use X; then |
174 |
if ! use X; then |
189 |
echo |
175 |
echo |