Notice: Undefined variable: name in /srv/http/vhosts/ on line 248

Package Details: linux-pax-flags 2.0.18-4

Git Clone URL: (read-only)
Package Base: linux-pax-flags
Description: Deactivates PaX flags for several binaries to work with PaX enabled kernels.
Upstream URL:
Keywords: grsecurity linux pax security
Licenses: GPL3
Submitter: phects
Maintainer: phects
Last Packager: phects
Votes: 18
Popularity: 0.000872
First Submitted: 2012-01-12 18:16
Last Updated: 2015-12-15 12:27

Latest Comments

1 2 3 4 5 6 ... Next › Last »

thestinger commented on 2014-12-11 19:29

The new version of paxd can now apply per-user exceptions via a user service. It automatically updates them when executables are updated/created so there is no need to manually run a script when Steam updates / installs a game and so on.

tancrackers commented on 2014-09-12 02:56


tancrackers commented on 2014-09-12 02:56


tancrackers commented on 2014-09-09 09:36


This is how I got Spotify to work (with music too!)

tancrackers commented on 2014-09-09 09:14

Also, cannot load, even with these flags set

tancrackers commented on 2014-09-09 08:05

Does anyone have PAX flags to get Spotify working?

tancrackers commented on 2014-09-01 16:48

Does anyone have PAX fags to get Spotify working?

thestinger commented on 2014-05-31 01:40

In order to work around the lack of Pacman hooks, I wrote a trivial daemon to watch for Pacman transactions and re-apply exceptions. I've included some more exceptions and removed many of the no longer needed RANDMMAP cases (SpiderMonkey used to require it).

You'll still need linux-pax-flags for files in home directories because it wouldn't be sane for a daemon running as root to be attempting to set those.

thestinger commented on 2014-04-21 02:19

Never mind what I said earlier here. The linux-grsec package can start using a permissive default-on RBAC policy to set these exceptions. This package will still be required for linux-pax, which I don't personally have an interest in.

thestinger commented on 2014-04-18 00:04

It would be nice to have this changed to using only extended attributes rather than paxctl. The extended attributes always work and leave the binaries untouched, along with not requiring an extra tool (just setfattr/getfattr).

Of course, you'll need to remove all the existing paxctl flags as long as linux-grsec is compiled with PaX ELF support.