On 09/09/2013 01:56 PM, Michael Orlitzky wrote:
On 09/09/2013 01:47 PM, Anthony G. Basile wrote:
That was my mistake. When I dropped XT I forgot to update the comment.
We tried XT right off the bat, but discovered a couple of problems: 1)
install doesn't preserve xattr. we have a solution but it isn't working
that well, and 2) there were lots of warning thrown for non hardened
users which annoyed them. So we dropped to just PT.
What do you recommend then? Stick with PT_PAX until the install thing is
fixed, and then add PAX_MARKINGS=XT to make.conf?
You can use XT_PAX provided you're not running something like a
tinderbox, ie doing massive amounts of ebuilds. The problem is that
install is being wrapped by install.py. As a result every instance of
install mean invoking the python interpreter. With lots and lots of
installs, this adds up to being very slow.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
