On Mon, Jun 9, 2014 at 7:43 PM, Michael Orlitzky <m...@gentoo.org> wrote: > > On 06/07/2014 08:55 PM, Anthony G. Basile wrote: > > > > When running with a pax kernel, you must enable EMUTRAMP in your Kconfig > > and you must paxmark your python exe's with E. Note: EMUTRAMP is on by > > default and the ebuild automatically does the markings for you, so leave > > the defaults alone. > > > > Can linux-info.eclass be used to spit out a warning during a python emerge? > > This, > > use hardened && CONFIG_CHECK+=" ~CONFIG_PAX_EMUTRAMP" > > seems like a common pattern. With a little more ingenuity we can > probably have it check the running/installed kernel and not the USE flag. >
Where did the "Gentoo Linux" option in the kernel config disappear? the one that had the openrc / systemd options among other things. Could we just add an option in there that will force EMUTRAMP for the hardened-sources? -- Jason
