Nelson H. F. Beebe <be...@math.utah.edu> wrote: > If only a small number of packages need W^X capability, would it make > sense to create a separate file tree for them, and let every other > part of the filesystem enjoy W^X protection, along with additional > security from addition of pledge() and veil() promises into software > packages?
We did that. They are all in /usr/local But you went and disabled it. Some people just cannot be helped. No, we will not differentiate those binaries further via a symbolic link far.