-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/22/2013 03:08 PM, Allan Wegan wrote: >> When you emerge something with a bazillion files, the install >> wrapper (and thus the python interpreter) get launched that many >> times. It's the startup time that kills it. > > Should that PAX markings not only be neccessary for a few > hand-selected binaries that refuse to work with secure-by-default > settings? I remember setting PAX-markings by hand (a year or so > ago) for a few binaries that would else crash with Grsec loglines. > I did not had the impression, that there are much of them (that > where mostly games, i admit).
Yes, and it should be possible to "write down" which binaries got pax-marked, and only use the python install wrapper for those particular files. But, there is an underlying problem that it would be nice to solve at the same time. It should be possible to set any sort of xattrs (not just PAX!) in an ebuild and have them correctly copied to the live filesystem during an emerge. For this to work, we have to handle the case where a developer (or an upstream makefile) calls setfattr manually on some files. When FEATURES="xattr" is set, portage uses the wrapper to install /every/ file, ostensibly for this case. The other way to handle it would be to check whether or not some file has xattrs, and use the regular 'install' if it doesn't. But how do you implement that? You'd either have to hack portage, or write some sort of wrapper... There's already a hack in portage to support xattrs, so maybe that would work, who knows. I'm in over my head here. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQIcBAEBAgAGBQJSZtRsAAoJEBxJck0inpOiz7AQAJIW8wrNorRl8YOjAOlTpoq/ rerZ2IIpyYYg6uB9fotEcJYtmiinClX4Yf3crl2tyqLZLlQJUFrIM+A90LdNAdXY wYbf5R9HpMxhNsTVKb4sP/ErZzktVOf26kyjzPlql+P/ICk0NYO+YgAswJI4b5L9 trVuraFPwPQGEDDEq5Ep8+9Mm6rBgAj95HlZHIChKVR0zB7jKL372z3QemeFS1sO Hc7YDZvlwb1U9Ab/EK7qy1aqTZg6Zrzn/wslyZo+tpnJ+aCJENXGDXWh678LDDTP BnKXsTjNkMXs+fmRfkL2ivIJNs8dYIlcTZ4rBotdBgXQ+fusRuyKXQe3CbyjMzjV 7V8s+aMj31QN29MbQ33zDIEdDyuhulXv4SpxZQfYyRn7ZBdmz2AxSABySQA7DzvJ OVwe6jRd7Zm272STBj0Agnf2ct6F0KRsC+gPl2COY9y+sV90BzquCsDYB4Z6ybX4 6Ttl/oAxVYjWZNu669TFxeiiga0FhjLVOTvaCJdXrva97iZsssjJFPJcCVSx/IKQ gu2WbZDX5yx0/TYNRIrqZ8MDB49sCMSLktvjJoOoEydaBDCv6X3y+zvVuR/OCElV DHdNRi25shztbQTZamgQdQLKOluTEPZ4gkAKH5jUHrg70cfQMG1HXMZFqC64aSi8 lUkJE3WYhuXJX9S6RvDE =G/D/ -----END PGP SIGNATURE-----
