On 14 May 2016 at 18:09, Christos Zoulas <[email protected]> wrote: > > Hi, > > I just turned on mprotect for amd64. The following sysctls have > been set to 1 > > security.pax.mprotect.enable=1 > security.pax.mprotect.global=1 > > If you want to see what processes hit this you can: > > security.pax.mprotect.debug=1 > > This breaks programs that need to map segments both writable and executable, > for example java. To fix them you can: > > paxctl +m /path/to/bin/java
Very nice :) Would it make sense to (possibly optionally) integrate this into pkgsrc builds for at least java? (the paxctl +m call)
