pax flags for applications?

freedomofpress / ansible-role-grsecurity

The documentation and build system for the grsecurity kernel maintained by the Freedom of the Press Foundation for SecureDrop

GNU General Public License v2.0

49 stars 13 forks source link

pax flags for applications? #52

Closed ghost closed 8 years ago

ghost commented 8 years ago

Hey there,

I have been working on compiling a list of required pax flags needed to get applications to work post install, do you have a similar list that you could add to this role?

ageis commented 8 years ago

@Andrew415 hey there, we currently have a separate paxctld role for managing PaX flags: https://github.com/freedomofpress/ansible-role-paxctld You can use that if you like and add them to the defaults/main.yml.

conorsch commented 8 years ago

We're dogfooding the paxctld role internally and have had great results so far—make sure to set grsecurity_install_set_paxctl_flags: false if you plan to try it out. Eventually it'll probably be listed as a dependency for the install role, and the paxctl commands removed completely.

conorsch commented 8 years ago

Closing in favor of #38.