# if chpax is on the target system, set the appropriate PaX flags

	ewarn "Disabling some PaX restrictions (${CHPAX_CONSERVATIVE_FLAGS})"

	# this will not hurt the binary, it modifies only unused ELF bits

	# but may confuse things like AV scanners and automatic tripwire

	if has_version sys-apps/chpax

	then

		echo

		einfo "setting up conservative PaX flags for jar, javac and java"

		for paxkills in "jar" "javac" "java" "javah" "javadoc"

		do

			chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${P}/bin/$paxkills

		done

		# /opt/sun-jdk-1.4.2.03/jre/bin/java_vm

	for paxkills in "jar" "javac" "java" "javah" "javadoc"

		chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${P}/jre/bin/java_vm

	do

		$(which scanelf) -Xxz ${CHPAX_CONSERVATIVE_FLAGS} /opt/${P}/bin/$paxkills

	done

		einfo "you should have seen lots of chpax output above now"

	$(which scanelf) -Xxz ${CHPAX_CONSERVATIVE_FLAGS} /opt/${P}/jre/bin/java_vm

		ewarn "make sure the grsec ACL contains those entries also"

		ewarn "because enabling it will override the chpax setting"

		ewarn "on the physical files - help for PaX and grsecurity"

		ewarn "can be given by #gentoo-hardened + hardened@gentoo.org"

	fi