On 10/16/15 3:14 AM, netfab wrote:
Le 15/10/15 à 15:11, Duncan a tapoté :
Is there a bug opened about this ?
If the gentoo kernel XATTR patch is really required, it would be great
if users who do not use a gentoo kernel were aware about this. Does
PAX_MARKINGS="none" in make.conf (see pax-utils.eclass) is the way to
go ? Also this problem has already been discussed on @gentoo-user ¹.
1. http://www.gossamer-threads.com/lists/gentoo/user/305478
I'm thinking that I should silence those warnings when we have
PAX_MARKINGS="" or PAX_MARKINGS unset in the make.conf file. Users who
want either PT or XT pax markings need to know about failures, but users
that don't care don't need to see anything.
We should make clear that pax markings are only supported on either
gentoo-sources or hardened-sources because those kernels carry the patch
which allow xattrs in the user.pax.* namespace on tmpfs. So if a users
emerges while running a gentoo-sources kernel and then boots into a
hardened-sources kernel, they'll get the correct pax markings. In fact,
you can switch back and forth between gentoo-sources and
hardened-sources all you like and the pax markings will be preserved.
But if you emerge when using a vanilla kernel or some other which
doesn't support user.pax.* on tmpfs, then you'll loose those markings.
Booting afterwards into a hardened-sources kernel will leave pkgs which
require pax markings broken.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
GnuPG ID : F52D4BBA
