[rsbac] pax marking
Jens Kasten
jens at kasten-edv.de
Mon Dec 30 12:52:58 CET 2013
Am Mon, 30 Dec 2013 11:50:02 +0100
schrieb Amon Ott <ao at rsbac.org>:
> Am 30.12.2013 11:20, schrieb Jens Kasten:
> > Am Mon, 30 Dec 2013 11:14:16 +0100
> > schrieb Javier Juan Martínez Cabezón <tazok.id0 at gmail.com>:
> >
> > This I guessed.
> > So it ignore the PAX setting which set through paxctl?
>
> As usual, it all depends on your kernel config. We use "direct" MAC
> system integration for RSBAC pax_flags and disable all other methods
> of pax control. This is the only way to set values mandatorily.
I use the same setup.
OK, now I have PAX_MARKING diseabled on my Gentoo system.
I will grep out all PAX flags for every package from the Gentoo hardened
if someone need it too.
>
> Amon.
More information about the rsbac
mailing list