Extend xattr support.

[nning]

Currently setting PaX flags with extended attributes is only possibly globally (linux-pax-flags -x) or filter specific (linux-pax-flags -x skype) by explicitly providing the -x option.

This is problematic, because linux-pax-flags called from post install/upgrade hooks always sets PaX flags by PT_PAX_FLAGS header.

So it would be desirable to have

• a global persistent option for always using xattr instead of PT_PAX_FLAGS and
• the possibility to choose xattr flags per binary (for example skype).

[lukasreuter]

I have noticed the same problem with the post install hook; my "fix" is to just edit linux-pax-flags.sh to always pass -x to the ruby script. But i think a more elegant way would be to check for user.pax.flags with getfattr before apply the changes and if the xattr flags already exists, override to use xattr for this path. This would eliminate the need for a global setting as it would always apply with sefattr if you have used the -x option before. If for some reason only a few files have xattr (e.g. you only applied it to skype) then you can be sure that these don't get their headers changed. Additionally we could add some way to indicate that a file should use xattr if possible to the *.conf files (although i don't know how to check for xattr support at the path location).