[arch-dev-public] providing grsecurity in [community]

Allan McRae allan at archlinux.org
Wed Apr 16 06:21:18 EDT 2014

On 16/04/14 20:00, Thomas Bächler wrote:
> Am 16.04.2014 11:52, schrieb Allan McRae:
>> On 16/04/14 17:25, Daniel Micay wrote:
>>> On 16/04/14 03:15 AM, Daniel Micay wrote:
>>>> Pacman hooks would
>>>> be a nicer solution than editing all the install scripts, but we don't
>>>> have those :).
>>> It also wouldn't be nearly as bad if packages could store extended
>>> attributes, since the ugly install scripts could be avoided and paxctl
>>> would only be a make dependency. Packages like iputils already run into
>>> this issue due to using capabilities as a replacement for setuid.
>> Just submitted a patch to pacman that will allow setting capabilites in
>> the package() function.
> Since we want PAX support to remain optional, we'd still need hooks so
> that after each upgrade, a script can adjust the flags appropriately.

Sure...   I really don't care about PAX (and think it should just be
packaged in a separate repo...).  I just wanted pacman to support
setting capabilities during packaging.


More information about the arch-dev-public mailing list