On 09/10/2013 09:08 AM, Sven Vermeulen wrote:
On Sep 10, 2013 3:03 PM, "Michael Orlitzky" <mich...@orlitzky.com> wrote:
On 09/10/2013 07:44 AM, Anthony G. Basile wrote:
On 09/09/2013 07:45 PM, Michael Orlitzky wrote:
On 09/09/2013 05:26 PM, Anthony G. Basile wrote:
You can use XT_PAX provided you're not running something like a
tinderbox, ie doing massive amounts of ebuilds. The problem is that
install is being wrapped by install.py. As a result every instance of
install mean invoking the python interpreter. With lots and lots of
installs, this adds up to being very slow.
Ok, thanks. These are all servers and installing anything is out of the
ordinary. Should I add a note about PAX_MARKINGS to the wiki, or is
there a plan to make that unnecessary (again)?
Feel free to add any documentation you guys think is lacking.
Whoops, I don't have rights to edit the page. I wrote the blurb, though:
5. Update make.conf.
To prevent warnings for non-hardened users, portage defaults to PT_PAX
markings when installing packages. If the migration was successful and
your kernel is respecting the new XATTR_PAX markings, you can tell
portage to use them in the future. Simply set,
{{File|/etc/portage/make.conf||<pre>
PAX_MARKINGS="XT"
</pre>}}
in your make.conf.
Yes, everything under Project: namespace is only writable for developers.
If the project developers don't mind end user changes the documents can be
moved to the general location (like we did with many SELinux related
documents).
You can always put edits in your personal space and have a developer review
and integrate if needed, but my preference is to move those documents to
the main namespace.
Wkr,
Sven
Sven go ahead and make them like the SELinux docs. Is there any way to
monitor the changes, eg by having emails sent the way the torproject
wiki does?
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
