/[gentoo-x86]/eclass/pax-utils.eclass
Gentoo

Contents of /eclass/pax-utils.eclass

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (show annotations) (download)
Wed Nov 15 22:14:25 2006 UTC (7 years, 10 months ago) by kevquinn
Branch: MAIN
Changes since 1.1: +35 -72 lines
Simplified...

1 # Copyright 1999-2006 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.1 2006/01/22 14:18:48 kevquinn Exp $
4
5 # Author:
6 # Kevin F. Quinn <kevquinn@gentoo.org>
7 #
8 # This eclass provides support for manipulating PaX markings on ELF
9 # binaries, wrapping the use of the chpax and paxctl utilities.
10
11 inherit eutils
12
13 ##### pax-mark ####
14 # Mark a file for PaX, with the provided flags, and log it into
15 # a PaX database. Returns non-zero if flag marking failed.
16 #
17 # If paxctl is installed, but not chpax, then the legacy
18 # EI flags (which are not strip-safe) will not be set.
19 # If neither are installed, falls back to scanelf (which
20 # is always present, but currently doesn't quite do all
21 # that paxctl can do).
22
23 pax-mark() {
24 local flags fail=0
25 flags=$1
26 shift
27 if [[ -x /sbin/chpax ]]; then
28 einfo "Legacy EI PaX marking $* with ${flags}"
29 /sbin/chpax -${flags} $* || fail=1
30 fi
31 if [[ -x /sbin/paxctl ]]; then
32 einfo "PT PaX marking $* with ${flags}"
33 /sbin/paxctl -${flags} $* ||
34 /sbin/paxctl -c${flags} $* ||
35 /sbin/paxctl -C${flags} $* || fail=1
36 elif [[ -x /usr/bin/scanelf ]]; then
37 einfo "Fallback PaX marking $* with ${flags}"
38 /usr/bin/scanelf -Xxz ${flags} $*
39 else
40 ewarn "Failed to set PaX markings ${flags} for files $*. Executables may be killed by PaX kernels."
41 fail=1
42 fi
43 return ${fail}
44 }
45
46 ##### host-is-pax
47 # Indicates whether the build machine has PaX or not; intended for use
48 # where the build process must be modified conditionally in order to satisfy PaX.
49 host-is-pax() {
50 # We need procfs to work this out. PaX is only available on Linux,
51 # so result is always false on non-linux machines (e.g. Gentoo/*BSD)
52 [[ -e /proc/self/status ]] || return 1
53 grep ^PaX: /proc/self/status > /dev/null
54 return $?
55 }

  ViewVC Help
Powered by ViewVC 1.1.20