From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id DA16B13888F for ; Fri, 16 Oct 2015 23:42:28 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B623AE07F2; Fri, 16 Oct 2015 23:42:18 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id AE93BE07DF for ; Fri, 16 Oct 2015 23:42:17 +0000 (UTC) Received: from greysprite.dite (cpe-74-77-145-97.buffalo.res.rr.com [74.77.145.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: blueness) by smtp.gentoo.org (Postfix) with ESMTPSA id 42C66340B09 for ; Fri, 16 Oct 2015 23:42:15 +0000 (UTC) Subject: Re: [gentoo-dev] Re: [rfc] enable USE=xattr by default To: gentoo-dev@lists.gentoo.org References: <20151015034807.GK4446@vapier.lan> <20151015085745.GA46083@skade.schwarzvogel.de> <20151015105628.GA18915@meriadoc> <561F9043.2010700@gentoo.org> <20151015114759.GA25639@meriadoc> <20151015145801.6c4a3dc5@laptop.puleglot.ru> <20151016091411.44d4db5c@coreI5.fabnetwork> From: "Anthony G. Basile" Message-ID: <56218B52.3020908@gentoo.org> Date: Fri, 16 Oct 2015 19:42:10 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <20151016091411.44d4db5c@coreI5.fabnetwork> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Archives-Salt: 90a7b3b2-9be5-4328-84ad-9fa65f521320 X-Archives-Hash: 3084907e1033f200df5d705e222a2b5b On 10/16/15 3:14 AM, netfab wrote: > Le 15/10/15 à 15:11, Duncan a tapoté : > > Is there a bug opened about this ? > If the gentoo kernel XATTR patch is really required, it would be great > if users who do not use a gentoo kernel were aware about this. Does > PAX_MARKINGS="none" in make.conf (see pax-utils.eclass) is the way to > go ? Also this problem has already been discussed on @gentoo-user ¹. > > 1. http://www.gossamer-threads.com/lists/gentoo/user/305478 > I'm thinking that I should silence those warnings when we have PAX_MARKINGS="" or PAX_MARKINGS unset in the make.conf file. Users who want either PT or XT pax markings need to know about failures, but users that don't care don't need to see anything. We should make clear that pax markings are only supported on either gentoo-sources or hardened-sources because those kernels carry the patch which allow xattrs in the user.pax.* namespace on tmpfs. So if a users emerges while running a gentoo-sources kernel and then boots into a hardened-sources kernel, they'll get the correct pax markings. In fact, you can switch back and forth between gentoo-sources and hardened-sources all you like and the pax markings will be preserved. But if you emerge when using a vanilla kernel or some other which doesn't support user.pax.* on tmpfs, then you'll loose those markings. Booting afterwards into a hardened-sources kernel will leave pkgs which require pax markings broken. -- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : blueness@gentoo.org GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA GnuPG ID : F52D4BBA