On 06/23/2017 06:28 PM, Anthony G. Basile wrote: > I don't recommend we remove any of the machinery from Gentoo that deals with PaX > markings. I'm still using the hardened profile both at my desktop and my server - now together with latest stable vanilla-kernel by directly following the stable kernel git (echo "sys-kernel/vanilla-sources-4.10.13" >> /etc/portage/profile/package.provided). I realized (at the tinderbox images as well), that PAX-marking error messages do occur, when I didn't add '-paxkernel' to my USE flags. I do wonder, if the PAX marking logic could detect a running non-hardened kernel and therefore silently skip the step ? -- Toralf PGP 23217DA7 9B888F45