[arch-dev-public] providing grsecurity in [community]

Thomas Bächler thomas at archlinux.org
Wed Apr 16 06:00:46 EDT 2014


Am 16.04.2014 11:52, schrieb Allan McRae:
> On 16/04/14 17:25, Daniel Micay wrote:
>> On 16/04/14 03:15 AM, Daniel Micay wrote:
>>> Pacman hooks would
>>> be a nicer solution than editing all the install scripts, but we don't
>>> have those :).
>>
>> It also wouldn't be nearly as bad if packages could store extended
>> attributes, since the ugly install scripts could be avoided and paxctl
>> would only be a make dependency. Packages like iputils already run into
>> this issue due to using capabilities as a replacement for setuid.
>>
> 
> Just submitted a patch to pacman that will allow setting capabilites in
> the package() function.

Since we want PAX support to remain optional, we'd still need hooks so
that after each upgrade, a script can adjust the flags appropriately.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20140416/d8f9f06a/attachment.asc>


More information about the arch-dev-public mailing list