From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 9D7DE1381F3 for ; Mon, 8 Apr 2013 13:01:47 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CCBEFE0A97; Mon, 8 Apr 2013 13:01:43 +0000 (UTC) Received: from mail-ia0-f173.google.com (mail-ia0-f173.google.com [209.85.210.173]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E227FE095A for ; Mon, 8 Apr 2013 13:01:42 +0000 (UTC) Received: by mail-ia0-f173.google.com with SMTP id h37so5206190iak.32 for ; Mon, 08 Apr 2013 06:01:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:sender:x-originating-ip:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to :content-type:content-transfer-encoding:x-gm-message-state; bh=ey6SevSKqY9UNMHSGnEZExvsT7dwPKht2/b8fpY+4nI=; b=BAXmJYL9oHTvrfCg4YM9riSACdq7OwYBfVxZsAUkB3CyBUCl4xwBQaUZg8DngeVXdC yQFr84iJm9KOlrRZsfCirsJTwLTEM1rEox+pX/Es4d4sTpPnU0Mts92WLiRZnqIso+Jm YgXv5/SREDcb7kCvacd3GVkPEXh8VfVbS45v7XeUx0dFJEOar0JUC+eL+tNG1Ibl8umH t+rPWq6zAUhmJm6mVHqVBDtttjA8MZI5VRIJ+vm3oURY7DeFWYdOXZSM5IPmYZk+OSSG YdlBQn56/PcT8isRHflDu/VMrbRTAlf6Aa6NzFpKM/0HhfboUZCrFT8lZ+5dKoc0UnY3 qIjA== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.50.7.3 with SMTP id f3mr7142870iga.50.1365426098237; Mon, 08 Apr 2013 06:01:38 -0700 (PDT) Sender: rafael@rafaelmartins.eng.br Received: by 10.64.232.2 with HTTP; Mon, 8 Apr 2013 06:01:38 -0700 (PDT) X-Originating-IP: [187.37.76.76] In-Reply-To: <5162B82B.3040709@gentoo.org> References: <5161E0F1.1000308@gentoo.org> <5162B82B.3040709@gentoo.org> Date: Mon, 8 Apr 2013 10:01:38 -0300 X-Google-Sender-Auth: ixrLL70w8g0_D-9HfC7s-3D-Y6g Message-ID: Subject: Re: [gentoo-dev] Automagic pax-mark From: Rafael Goncalves Martins To: Gentoo Development Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Gm-Message-State: ALoCoQkZk1MfxBVk7dqcyrtCP5mEyePlwpVd8JL2rUXZGWjlFFpayp9tkFaaPXUgkQR4vNaq20vQ X-Archives-Salt: a7d6abb1-a7b9-4e62-a80f-7387694f47a0 X-Archives-Hash: c4afba673411c83a1aedf2c1f9472899 On Mon, Apr 8, 2013 at 9:29 AM, Ch=C3=AD-Thanh Christopher Nguy=E1=BB=85n wrote: > Mike Gilbert schrieb: >>> After recent changes in dev-lang/v8 and related ebuilds, the pax-mark c= all no >>> longer has a || die. This means that the resulting binaries may have PT= _PAX, >>> XATTR_PAX, both or neither markings depending on kernel configuration, >>> filesystem and mount options. >>> >>> I'd say that is not a good thing. If you agree with me, what could be d= one >>> here? Have pax-mark die in the eclass or mandate || die in ebuilds? Thi= s >>> would probably require pax-mark calls to be conditional on pax_kernel U= SE >>> flag or similar. >>> >> Most ebuilds do not call pax-mark || die. Most people do not run PaX >> systems, so a failure here is not a major issue. > > I agree that not having the pax-mark is not a significant problem > currently. It could become one when PaX becomes more widespread, but > that is not likely in the near term. > > What I think is bad is the automagic aspect of enabling pax-mark. > > > Best regards, > Ch=C3=AD-Thanh Christopher Nguy=E1=BB=85n > > I had some issues with pax-mark failling to work on openvz containers stored on partitions mounted without the user_xattr argument and ebuilds with '|| die', and was going to open bugs to people remove the '|| die' statements from the ebuilds, when I saw this thread. Disable xattr isn't a very common use case, but it is still valid. I don't want to have my builds falling at install phase just because the binary can't be pax-mark'ed, when I clearly don't care about PaX. If we don't want the automagic behavior, we should allow users to explicitly disable it. -- Rafael Goncalves Martins Gentoo Linux developer http://rafaelmartins.eng.br/