summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--kernels/pax-flags-libre/PKGBUILD54
-rw-r--r--kernels/pax-flags-libre/browsers.conf10
-rw-r--r--kernels/pax-flags-libre/clamav.conf6
-rw-r--r--kernels/pax-flags-libre/games.conf20
-rw-r--r--kernels/pax-flags-libre/imagemagick.conf13
-rw-r--r--kernels/pax-flags-libre/java.conf13
-rw-r--r--kernels/pax-flags-libre/kde.conf22
-rw-r--r--kernels/pax-flags-libre/pax-flags-libre.8112
-rwxr-xr-xkernels/pax-flags-libre/pax-flags-libre.rb278
-rwxr-xr-xkernels/pax-flags-libre/pax-flags-libre.sh13
-rw-r--r--kernels/pax-flags-libre/polkit.conf5
-rw-r--r--kernels/pax-flags-libre/qemu.conf51
-rw-r--r--kernels/pax-flags-libre/replicant.conf8
-rw-r--r--kernels/pax-flags-libre/ruby.conf8
-rw-r--r--kernels/pax-flags-libre/simple.conf56
-rw-r--r--kernels/pax-flags-libre/valgrind.conf25
-rw-r--r--kernels/pax-flags-libre/wine.conf4
-rw-r--r--libre/paxd-libre/10-enable-pax.conf2
-rw-r--r--libre/paxd-libre/PKGBUILD34
19 files changed, 36 insertions, 698 deletions
diff --git a/kernels/pax-flags-libre/PKGBUILD b/kernels/pax-flags-libre/PKGBUILD
deleted file mode 100644
index 882031ffe..000000000
--- a/kernels/pax-flags-libre/PKGBUILD
+++ /dev/null
@@ -1,54 +0,0 @@
-# Contributors:
-# henning mueller <henning@orgizm.net>
-# Ahmad24, duncant, echoblack, niki, ShadowKyogre, s1gma, test0
-#
-# Forked libre version which blacklists nonfree software for Parabola here:
-# https://github.com/g4jc/pax-flags-libre
-#
-
-pkgname=pax-flags-libre
-pkgdesc='Deactivates PaX flags for several binaries to work with PaX enabled kernels (a libre fork of linux-pax-flags)'
-pkgver=2.0.17
-pkgrel=1
-arch=(any)
-url='https://github.com/g4jc/pax-flags-libre'
-license=(GPL3)
-depends=(ruby paxctl)
-optdepends=('sudo: Run as root automatically.')
-replaces=(linux-pax-flags)
-conflicts=(linux-pax-flags)
-provides=(linux-pax-flags)
-source=(
- $pkgname.sh $pkgname.rb $pkgname.8
- replicant.conf browsers.conf clamav.conf games.conf imagemagick.conf java.conf
- kde.conf polkit.conf qemu.conf ruby.conf simple.conf valgrind.conf wine.conf
-)
-
-package() {
- install -D -m755 $srcdir/$pkgname.sh $pkgdir/usr/bin/$pkgname
- install -D -m755 $srcdir/$pkgname.rb $pkgdir/usr/bin/$pkgname.rb
- install -D -m644 $srcdir/$pkgname.8 $pkgdir/usr/share/man/man8/$pkgname.8
-
- for config in $srcdir/*.conf; do
- install -D -m600 $config $pkgdir/usr/share/$pkgname/$(basename $config)
- done
-
- mkdir -p $pkgdir/etc/pax-flags-libre
-}
-
-sha256sums=('06295e9d2afea0ea01c42620f0cd5e3ae785bc42c2749d4bef52f7d5b8a043ce'
- '79367f1b72eb836557e24df20fc4ad142af55669c0fee1e3e7a0d34d35bfc9dc'
- '9d62896dd51be4979cd85bfcd09de219f6068ec312f27e2a66f7a2f2c78d1f38'
- '7bbbad18a19150893916995723cd7e256a7b4e2baa5c2ff57bc27886c40f51fc'
- 'aedce25acf41fffa7a5c15c2ad7e5034eb56bfedcde65612ae4bc3f86ef4841a'
- 'bb87f4dce8e20f2ce601bdcb888dd688d8f0e9d0ab367e09c8081daffa15b03a'
- '95471682765c3c5ca31b29e3de7f8a07de6b2857e999dcdd714d062fe3da04ea'
- '7dc92a303004c9d74a1fe4d40d75105a703366ade8b2b459b0aae8d6f8b62ed0'
- '71afe786955d149fe216ff1a60348562914a6820d3b7f9dc42aa44913062b04e'
- '01ddeec77c605e1d3aa00a1fdc4c3537989468ab78da5f37b893cdbcfe34176c'
- '1f205fddfb427a696fb00221a3007453e25fbbf180ea026c264d23eeac9e1870'
- '2736d0ef20d0127c34e132db38d8993dee3062ba0ac0cdf8d444a8d3665698b8'
- 'e5562d68df885c5ceeb51709fc57c86d7b2c7849b9d99f828a77228878e25d71'
- '7d9f510e649e4ead08be3bb5f6fe1b6371b47a9fbb2f9b829cf329caa16bad94'
- 'ea003c4201745cd0c4bcf5cec5ca2d0a79cc6b1b04ceaa276ace0ad0287b8c50'
- 'd78fe0a02b5801c70e3d64045b12c3cbee358689da9082d71003b1cffda73ee3')
diff --git a/kernels/pax-flags-libre/browsers.conf b/kernels/pax-flags-libre/browsers.conf
deleted file mode 100644
index a37590b80..000000000
--- a/kernels/pax-flags-libre/browsers.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-# MPROTECT and RANDMMAP off
-PSmXEr:
- - /usr/bin/elinks
- - /usr/bin/qupzilla
- - /usr/lib/iceweasel/iceweasel
- - /usr/lib/iceweasel/plugin-container
-
-# MPROTECT off
-PSmXER:
- - /usr/bin/midori
diff --git a/kernels/pax-flags-libre/clamav.conf b/kernels/pax-flags-libre/clamav.conf
deleted file mode 100644
index 7cb614bca..000000000
--- a/kernels/pax-flags-libre/clamav.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-# MPROTECT off
-PSmXER:
- - /usr/bin/clamscan
- - /usr/bin/freshclam
- - /usr/sbin/clamd:
- type: systemd
diff --git a/kernels/pax-flags-libre/games.conf b/kernels/pax-flags-libre/games.conf
deleted file mode 100644
index 59d5c7296..000000000
--- a/kernels/pax-flags-libre/games.conf
+++ /dev/null
@@ -1,20 +0,0 @@
-# MPROTECT and RANDMMAP off
-PSmXEr:
- - /usr/bin/pyrogenesis
- - /usr/bin/hwengine
-
-# PAGEEXEC and MPROTECT off
-#pSmXER:
-# TODO
-
-# MPROTECT off
-PSmXER:
- - /opt/doom3/doom.x86
- - /opt/enemy-territory/et.x86
- - /opt/quake3/ioquake3.i386
- - /opt/quake3/ioquake3.x86_64
- - /opt/ryzom/ryzom_client
- - /usr/bin/bzflag
- - /usr/bin/minetest
- - /usr/bin/opencity
-
diff --git a/kernels/pax-flags-libre/imagemagick.conf b/kernels/pax-flags-libre/imagemagick.conf
deleted file mode 100644
index a2201a754..000000000
--- a/kernels/pax-flags-libre/imagemagick.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# MPROTECT off
-PSmXER:
- - /usr/bin/animate
- - /usr/bin/compare
- - /usr/bin/composite
- - /usr/bin/conjure
- - /usr/bin/convert
- - /usr/bin/display
- - /usr/bin/identify
- - /usr/bin/import
- - /usr/bin/mogrify
- - /usr/bin/montage
- - /usr/bin/stream
diff --git a/kernels/pax-flags-libre/java.conf b/kernels/pax-flags-libre/java.conf
deleted file mode 100644
index 7c10aa16e..000000000
--- a/kernels/pax-flags-libre/java.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# All off :(
-psmxer:
- - /opt/java/bin/java
- - /opt/java/bin/javac
- - /usr/lib/jvm/java-6-openjdk/bin/java
- - /usr/lib/jvm/java-6-openjdk/bin/javac
- - /usr/lib/jvm/java-6-openjdk/jre/bin/java
- - /usr/lib/jvm/java-7-openjdk/bin/javac
- - /usr/lib/jvm/java-7-openjdk/jre/bin/java
-
-# MPROTECT off
-PSmXER:
- - /usr/lib/jvm/java-7-openjdk/bin/jar
diff --git a/kernels/pax-flags-libre/kde.conf b/kernels/pax-flags-libre/kde.conf
deleted file mode 100644
index 09c03cc51..000000000
--- a/kernels/pax-flags-libre/kde.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# MPROTECT off
-PSmXER:
- - /usr/bin/akonadi_sendlater_agent
- - /usr/bin/akonadi_archivemail_agent
- - /usr/bin/akonadi_mailfilter_agent
- - /usr/bin/akonadiconsole
- - /usr/bin/akregator
- - /usr/bin/blogilo
- - /usr/bin/kdeinit4
- - /usr/bin/kdenlive
- - /usr/bin/kmail
- - /usr/bin/knode
- - /usr/bin/knotify4
- - /usr/bin/kontact
- - /usr/bin/kwin
- - /usr/bin/okular
- - /usr/lib/kde4/libexec/drkonqi
- - /usr/lib/kde4/libexec/kwin_opengl_test
-
-# MPROTECT and RANDMMAP off
-PSmXEr:
- - /usr/lib/kde4/libexec/kscreenlocker_greet
diff --git a/kernels/pax-flags-libre/pax-flags-libre.8 b/kernels/pax-flags-libre/pax-flags-libre.8
deleted file mode 100644
index f27ae82f8..000000000
--- a/kernels/pax-flags-libre/pax-flags-libre.8
+++ /dev/null
@@ -1,112 +0,0 @@
-.TH pax-flags-libre 8 "" 2013-02-18
-.SH NAME
-\fBpax-flags-libre\fR \- Configure PaX flags for several binaries
-.SH SYNOPSIS
-\fBpax-flags-libre\fR [options] [filter]
-.SH DESCRIPTION
-\fBpax-flags-libre\fR is written to configure PaX flags for a set of binaries.
-It is intended to ease the usage of PaX (linux-libre-pax) or grsecurity (linux-libre-grsec,
-linux-libre-grsec-lts) enabled kernel on Parabola GNU/Linux-libre.
-.P
-PaX flags for a set of binaries are collected in YAML format configuration
-files. By default, every .conf file from /etc/pax-flags and
-/usr/share/pax-flags-libre is read. See the CONFIGURATION section for the file
-format.
-.P
-Root privileges are needed. If you set a value to $PAX_FLAGS_SUDO,
-\fBpax-flags-libre\fR will be called with sudo.
-.SH OPTIONS
-.TP
-\-c, \-\-config <path>
-Override default configuration paths. Requires one path argument. Can contain
-globs (escape them in some shells (zsh for example)).
-.TP
-\-h, \-\-help
-Displays a short usage message and option summary.
-.TP
-\-p, \-\-prepend
-Do not actually change anything.
-.TP
-\-x, \-\-xattr
-Sets the PaX flags through setfattr, underlying filesystems need xattr support.
-.TP
-\-y, \-\-yes
-Non-interactive mode. Assume yes on any question.
-.SH FILES
-.TP
-/etc/pax-flags/*.conf
-Files for overriding the standard flag set and path pattern configuration.
-.TP
-/usr/share/pax-flags-libre/*.conf
-The shipped configuration.
-.SH CONFIGURATION
-There are \fBsimple\fR configuration entries and \fBcomplex\fR ones. Complex
-configuration for a certain flag set and path pattern overrides simple. To
-override a simple entry with a complex one, the flag sets and path patterns have
-to match exactly.
-.SS "Simple entries"
-Simple configuration entries just set the PaX flags for a set of binaries. The
-format is as follows:
-.P
-PSmXER:
-.br
- \- /usr/bin/ruby
- \- /usr/bin/glx*
-.P
-\fBPSmXER\fR is the set of flags. Every letter represents a PaX flag. Uppercase
-enables the flag, lowercase disables it. See paxctl(1) for more details. This
-example disables MPROTECT on /usr/bin/ruby and /usr/bin/glx*.
-.SS "Complex entries"
-With complex entries it is possible to stop a daemon before setting the flags
-and starting it afterwards. The format is as follows:
-.P
-PSmXER:
-.br
- \- /usr/sbin/clamd:
- type: systemd
-.P
-This would stop clamd, disable MPROTECT for the binary and start the daemon
-again. The \fBtype\fR option values correspond to presets of status, start, stop
-actions. Currently there exists only "systemd". By default the systemd unit file
-would be "clamd" in this case or the basename of the path in general.
-.P
-PSmXEr:
-.br
- \- /usr/lib/polkit-1/polkitd:
- type: systemd
- systemd_name: polkit
-.P
-The \fBsystemd_name\fR option can be used to configure a differing systemd unit
-name.
-.P
-PSmXEr:
-.br
- \- /usr/lib/iceweasel/iceweasel:
- status: "pidof iceweasel"
- start: "iceweasel &"
- stop: "killall iceweasel"
-.P
-This would configure custom actions for \fBstatus\fR, \fBstart\fR and
-\fBstop\fR.
-.P
-PSmXER:
-.br
- \- /usr/bin/ruby:
- skip: true
-.P
-This would override a simple entry for the same flag set and path pattern and
-cause it to be skipped.
-.P
-PSmXER:
-.br
- \- /usr/lib32/somebinary:
- header: create
-.P
-This would cause paxctl to not convert the old binary header, but create a new
-one. See paxctl(1) for more details.
-.SH AUTHOR
-henning mueller <henning@orgizm.net>
-.SH SEE ALSO
-\- paxctl(1)
-.br
-\- http://www.yaml.org
diff --git a/kernels/pax-flags-libre/pax-flags-libre.rb b/kernels/pax-flags-libre/pax-flags-libre.rb
deleted file mode 100755
index 72a1a2b2c..000000000
--- a/kernels/pax-flags-libre/pax-flags-libre.rb
+++ /dev/null
@@ -1,278 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'getoptlong'
-require 'readline'
-require 'singleton'
-require 'yaml'
-
-# Monkey-path the Array class.
-class Array
- # ["foo", {"foo" => 1}].cleanup => [{"foo" => 1}]
- # If the key in a Hash element of an Array is also present as an element of
- # the Array, delete the latter.
- def cleanup
- array = self.dup
- self.grep(Hash).map(&:keys).flatten.each do |x|
- array.delete x
- end
- array
- end
-end
-
-# Class handles configuration parameters.
-class FlagsConfig < Hash
- # This is a singleton class.
- include Singleton
-
- # Merges a Hash or YAML file (containing a Hash) with itself.
- def load config
- if config.class == Hash
- merge! config
- return
- end
-
- unless config.nil?
- merge_yaml! config
- end
- end
-
- # Merge Config Hash with Hash in YAML file.
- def merge_yaml! path
- merge!(load_file path) do |key, old, new|
- (old + new).uniq.cleanup if old.is_a? Array and new.is_a? Array
- end
- end
-
- # Load YAML file and work around tabs not working for identation.
- def load_file path
- YAML.load open(path).read.gsub(/\t/, ' ')
- rescue Psych::SyntaxError => e
- print path, ':', e.message.split(':').last, "\n"
- exit 1
- end
-end
-
-# A method to print a beautiful usage message.
-def usage
- $stderr.puts <<EOF
-#{File.basename($0)} [options] [filters]
-
- OPTIONS
-
- -c, --config Override default configuration paths. Requires one
- argument. Can contain globs (escape them in some shells
- (zsh for example)).
- -h, --help This help.
- -p, --prepend Do not change anything.
- -y, --yes Non-interactive mode. Assume yes on questions.
- -x, --xattr Sets the PaX flags through setfattr, underlying
- filesystems need xattr support.
-
- FILTERS
-
- Only change flags for paths, which contain one of these filters as a string.
-
-EOF
- exit 1
-end
-
-# This iterates each config entry (which matches the filters). It yields flags,
-# entry, pattern and path of the config entry to the block code.
-def each_entry config, filters
- config.each do |flags, entries|
- entries.each do |entry|
- # Distinguish easy (String) and complex (Hash) config entries.
- if entry.is_a? String
- pattern = entry
- elsif entry.is_a? Hash
- pattern = entry.keys.first
- end
-
- # Skip this entry, if its path pattern does not contain one of the
- # filters.
- # TODO Do this for every matching path.
- unless filters.empty?
- temp_filters = filters.dup
- temp_filters.keep_if do |filter|
- pattern.downcase.include? filter.downcase
- end
- next if temp_filters.empty?
- end
-
- # If this runs with sudo, the ~ (for the users home path) have to point to
- # the user who runs it, not to root.
- unless ENV['SUDO_USER'].nil?
- paths = File.expand_path pattern.gsub('~', '~' + ENV['SUDO_USER'])
- else
- paths = File.expand_path pattern
- end
-
- # Now yield for every matching path.
- Dir.glob(paths).each do |path|
- yield flags, entry, pattern, path
- end
- end
- end
-end
-
-# Trap SIGINT (ctrl+c)
-trap(:INT) { exit 1 }
-
-# Define the possible options.
-options = GetoptLong.new(
- ['--config', '-c', GetoptLong::REQUIRED_ARGUMENT],
- ['--help', '-h', GetoptLong::NO_ARGUMENT],
- ['--prepend', '-p', GetoptLong::NO_ARGUMENT],
- ['--xattr', '-x', GetoptLong::NO_ARGUMENT],
- ['--yes', '-y', GetoptLong::NO_ARGUMENT],
-)
-
-# Initialize option variables.
-new_configs = []
-prepend = false
-yes = false
-xattr = false
-
-# Set option variables.
-begin
- options.each do |option, argument|
- case option
- when '--config'
- new_configs = Dir.glob argument
- when '--help'
- usage
- when '--prepend'
- prepend = true
- when '--xattr'
- xattr = true
- when '--yes'
- yes = true
- end
- end
-rescue GetoptLong::InvalidOption => e
- usage
-end
-
-# Whatever is left over is a filter.
-filters = ARGV
-
-# Exit if we are not running with root privileges.
-if Process.uid != 0
- $stderr << "Root privileges needed.\n"
- exit 1
-end
-
-# Either default config paths or overridden ones.
-config_paths = if new_configs.empty?
- ['/etc/pax-flags-libre/*.conf', '/usr/share/pax-flags-libre/*.conf']
-else
- new_configs
-end
-
-# Initialize the singleton config object...
-config = FlagsConfig.instance
-
-# ... and load every config file.
-config_paths.each do |path|
- Dir.glob(path).each do |file|
- config.load file
- end
-end
-
-# Helper text for simple entries.
-puts <<EOF
-Some programs do not work properly without deactivating some of the PaX
-features. Please close all instances of them if you want to change the
-configuration for the following binaries.
-EOF
-
-# Show every simple entry.
-each_entry config, filters do |flags, entry, pattern, path|
- puts ' * ' + path if File.exists? path and entry.is_a? String
-end
-
-# Let us sum up the complex entries...
-autopaths = []
-each_entry config, filters do |flags, entry, pattern, path|
- if File.exists? path and entry.is_a? Hash
- autopaths.push path if not (entry.nil? and entry[path]['skip'])
- end
-end
-
-# ... to decide, if we need to print them.
-unless autopaths.empty?
- puts <<EOF
-
-For the following programs there are also changes neccessary but you do not have
-to close or restart instances of them manually.
-EOF
-
- autopaths.each do |path|
- puts ' * ' + path
- end
-end
-
-puts
-puts 'Continue writing PaX headers? [Y/n]'
-
-$stdout.flush
-
-unless yes
- a = Readline.readline.chomp.downcase
- exit 1 if a.downcase != 'y' unless a.empty?
-end
-
-# Iterate each entry to actually set the flags.
-each_entry config, filters do |flags, entry, pattern, path|
- if File.exists? path
- e = entry[pattern]
- actions = %w(status start stop)
- start_again = false
-
- # Get action commands from entries config.
- status = e['status']
- start = e['start']
- stop = e['stop']
-
- # If the type attribute is set to systemd, we set the action command
- # variables again but to systemd defaults.
- if e['type'] == 'systemd'
- name = e['systemd_name'] || File.basename(path)
- actions.each do |action|
- eval "#{action} = \"systemctl #{action} #{name}.service\""
- end
- end
-
- # If the entry is complex, stop it if it is running.
- if entry.is_a? Hash
- if status and system(status + '> /dev/null')
- system stop unless prepend
- start_again = true if start
- end
- end
-
- if xattr
- # setfattr seems to be picky about the order of the flags,
- # rearrange it beforehand
- xflags = flags[/[Pp]/] + flags[/[Ee]/] + flags[/[Mm]/] +
- flags[/[Rr]/] + flags[/[Ss]/]
- print xflags, ' ', path, "\n"
- else
- print flags, ' ', path, "\n"
- end
-
- # Set the flags and notify the user.
- unless prepend
- if xattr
- `setfattr -n user.pax.flags -v #{xflags} "#{path}"`
- else
- header = 'c'
- header = 'C' if e['header'] == 'create'
- `paxctl -#{header}#{flags} "#{path}"`
- end
- end
-
- # Start the complex entries service again, if it is neccessary.
- system start unless prepend if start_again
- end
-end
diff --git a/kernels/pax-flags-libre/pax-flags-libre.sh b/kernels/pax-flags-libre/pax-flags-libre.sh
deleted file mode 100755
index 97b45cc87..000000000
--- a/kernels/pax-flags-libre/pax-flags-libre.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-
-ruby=$(which ruby)
-
-[ -z $PAX_FLAGS_SUDO ] && sudo='' || sudo='sudo'
-
-[ "$(paxctl -v $ruby 2>/dev/null)" ] || {
- $sudo paxctl -cm $ruby
-}
-
-$sudo systemctl --system daemon-reload
-
-$sudo pax-flags-libre.rb $@
diff --git a/kernels/pax-flags-libre/polkit.conf b/kernels/pax-flags-libre/polkit.conf
deleted file mode 100644
index 5a97136d2..000000000
--- a/kernels/pax-flags-libre/polkit.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-# MPROTECT and RANDMMAP off
-PSmXEr:
- - /usr/lib/polkit-1/polkitd:
- type: systemd
- systemd_name: polkit
diff --git a/kernels/pax-flags-libre/qemu.conf b/kernels/pax-flags-libre/qemu.conf
deleted file mode 100644
index 428d2928b..000000000
--- a/kernels/pax-flags-libre/qemu.conf
+++ /dev/null
@@ -1,51 +0,0 @@
-# SEGMEXEC and MPROTECT off
-# (RANDEXEC is not activatable for qemu. The binaries seem to be compiled
-# with PIE enabled, though.)
-PsmxER:
- - /usr/bin/qemu-alpha
- - /usr/bin/qemu-arm
- - /usr/bin/qemu-armeb
- - /usr/bin/qemu-cris
- - /usr/bin/qemu-i386
- - /usr/bin/qemu-m68k
- - /usr/bin/qemu-microblaze
- - /usr/bin/qemu-microblazeel
- - /usr/bin/qemu-mips
- - /usr/bin/qemu-mipsel
- - /usr/bin/qemu-ppc
- - /usr/bin/qemu-ppc64
- - /usr/bin/qemu-ppc64abi32
- - /usr/bin/qemu-s390x
- - /usr/bin/qemu-sh4
- - /usr/bin/qemu-sh4eb
- - /usr/bin/qemu-sparc
- - /usr/bin/qemu-sparc32plus
- - /usr/bin/qemu-sparc64
- - /usr/bin/qemu-unicore32
- - /usr/bin/qemu-x86_64
-
-# MPROTECT off
-PSmXER:
- - /usr/bin/qemu-system-alpha
- - /usr/bin/qemu-system-arm
- - /usr/bin/qemu-system-cris
- - /usr/bin/qemu-system-i386
- - /usr/bin/qemu-system-lm32
- - /usr/bin/qemu-system-m68k
- - /usr/bin/qemu-system-microblaze
- - /usr/bin/qemu-system-microblazeel
- - /usr/bin/qemu-system-mips
- - /usr/bin/qemu-system-mips64
- - /usr/bin/qemu-system-mips64el
- - /usr/bin/qemu-system-mipsel
- - /usr/bin/qemu-system-ppc
- - /usr/bin/qemu-system-ppc64
- - /usr/bin/qemu-system-ppcemb
- - /usr/bin/qemu-system-s390x
- - /usr/bin/qemu-system-sh4
- - /usr/bin/qemu-system-sh4eb
- - /usr/bin/qemu-system-sparc
- - /usr/bin/qemu-system-sparc64
- - /usr/bin/qemu-system-x86_64
- - /usr/bin/qemu-system-xtensa
- - /usr/bin/qemu-system-xtensaeb
diff --git a/kernels/pax-flags-libre/replicant.conf b/kernels/pax-flags-libre/replicant.conf
deleted file mode 100644
index a916c34b8..000000000
--- a/kernels/pax-flags-libre/replicant.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-# MPROTECT off
-PSmXER:
- - /opt/replicant-sdk/tools/emulator-arm
- - /opt/replicant-sdk/tools/emulator-x86
- - /opt/replicant-sdk/platform-tools/adb:
- status: "pidof adb"
- start: "adb start-server"
- stop: "adb kill-server"
diff --git a/kernels/pax-flags-libre/ruby.conf b/kernels/pax-flags-libre/ruby.conf
deleted file mode 100644
index c6d976649..000000000
--- a/kernels/pax-flags-libre/ruby.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-# MPROTECT off
-PSmXER:
- - ~/.rbenv/versions/?.?.?{,-p*}/bin/ruby
- - ~/.rbenv/versions/?.?.?{,-p*}/lib/ruby/gems/*/gems/capybara-webkit-*/bin/webkit_server
- - ~/.rvm/rubies/ruby-?.?.?{,-p*}/bin/ruby
- - ~/.rvm/gems/ruby-?.?.?{,-p*}/gems/capybara-webkit-*/bin/webkit_server
- - /usr/bin/rbx
- - /usr/bin/ruby
diff --git a/kernels/pax-flags-libre/simple.conf b/kernels/pax-flags-libre/simple.conf
deleted file mode 100644
index 3039f1215..000000000
--- a/kernels/pax-flags-libre/simple.conf
+++ /dev/null
@@ -1,56 +0,0 @@
-# RANDMMAP off
-PSMXEr:
- - /usr/bin/grub-script-check
-
-# MPROTECT and RANDMMAP off
-PSmXEr:
- - /usr/bin/gnome-shell
- - /usr/bin/grub-bios-setup
- - /usr/lib/gcc/x86_64-unknown-linux-gnu/*/cc1plus
- - /usr/lib/icedove/icedove
-
-# MPROTECT off
-PSmXER:
- - /usr/bin/blender
- - /usr/bin/btsync
- - /usr/bin/cabal
- - /usr/bin/cheese
- - /usr/bin/dolphin-emu
- - /usr/bin/dosbox
- - /usr/bin/epiphany
- - /usr/bin/gendesk
- - /usr/bin/glxdemo
- - /usr/bin/glxgears
- - /usr/bin/glxinfo
- - /usr/bin/glxspheres
- - /usr/bin/goldendict
- - /usr/bin/gtk-query-immodules-*
- - /usr/bin/inkscape
- - /usr/bin/konstruktor
- - /usr/bin/liferea
- - /usr/bin/minitube
- - /usr/bin/mono
- - /usr/bin/mplayer
- - /usr/bin/mumble
- - /usr/bin/obex-data-server
- - /usr/bin/python2
- - /usr/bin/rhythmbox
- - /usr/bin/scheme
- - /usr/bin/seahorse
- - /usr/bin/spicec
- - /usr/bin/systemsettings
- - /usr/bin/tcc
- - /usr/bin/vlc
- - /usr/lib/erlang/erts-*/bin/beam
- - /usr/lib/erlang/erts-*/bin/beam.smp
- - /usr/lib/ghc-*/ghc
- - /usr/lib/libreoffice/program/soffice.bin
- - /usr/lib/webkitgtk/WebKitWebProcess
- - /usr/lib/xbmc/xbmc.bin
- - /usr/sbin/grub-probe
- - /usr/sbin/vbetool
- - /usr/bin/xiphos
-
-# PAGEEXEC, MPROTECT, EMUTRAMP and RANDMMAP off
-pSmXer:
- - /usr/bin/sbcl
diff --git a/kernels/pax-flags-libre/valgrind.conf b/kernels/pax-flags-libre/valgrind.conf
deleted file mode 100644
index 6d25559ae..000000000
--- a/kernels/pax-flags-libre/valgrind.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# MPROTECT off
-PSmXER:
- - /usr/bin/valgrind
- - /usr/lib/valgrind/cachegrind-amd64-linux
- - /usr/lib/valgrind/cachegrind-x86-linux
- - /usr/lib/valgrind/callgrind-amd64-linux
- - /usr/lib/valgrind/callgrind-x86-linux
- - /usr/lib/valgrind/drd-amd64-linux
- - /usr/lib/valgrind/drd-x86-linux
- - /usr/lib/valgrind/exp-bbv-amd64-linux
- - /usr/lib/valgrind/exp-bbv-x86-linux
- - /usr/lib/valgrind/exp-dhat-amd64-linux
- - /usr/lib/valgrind/exp-dhat-x86-linux
- - /usr/lib/valgrind/exp-sgcheck-amd64-linux
- - /usr/lib/valgrind/exp-sgcheck-x86-linux
- - /usr/lib/valgrind/helgrind-amd64-linux
- - /usr/lib/valgrind/helgrind-x86-linux
- - /usr/lib/valgrind/lackey-amd64-linux
- - /usr/lib/valgrind/lackey-x86-linux
- - /usr/lib/valgrind/massif-amd64-linux
- - /usr/lib/valgrind/massif-x86-linux
- - /usr/lib/valgrind/memcheck-amd64-linux
- - /usr/lib/valgrind/memcheck-x86-linux
- - /usr/lib/valgrind/none-amd64-linux
- - /usr/lib/valgrind/none-x86-linux
diff --git a/kernels/pax-flags-libre/wine.conf b/kernels/pax-flags-libre/wine.conf
deleted file mode 100644
index 77b33053d..000000000
--- a/kernels/pax-flags-libre/wine.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-# All off :(
-psmxer:
- - /usr/bin/wine-preloader
- - /usr/bin/wine64-preloader
diff --git a/libre/paxd-libre/10-enable-pax.conf b/libre/paxd-libre/10-enable-pax.conf
new file mode 100644
index 000000000..77e51d87c
--- /dev/null
+++ b/libre/paxd-libre/10-enable-pax.conf
@@ -0,0 +1,2 @@
+# Disable PaX soft mode (set earlier by 05-grsecurity.conf)
+kernel.pax.softmode = 0
diff --git a/libre/paxd-libre/PKGBUILD b/libre/paxd-libre/PKGBUILD
new file mode 100644
index 000000000..924010bcf
--- /dev/null
+++ b/libre/paxd-libre/PKGBUILD
@@ -0,0 +1,34 @@
+# Maintainer (Arch): Daniel Micay <danielmicay@gmail.com>
+# Maintainer: André Silva <emulatorman@parabola.nu>
+# Contributor: Gaming4JC <gaming4jc2@yahoo.com>
+
+_pkgname=paxd
+pkgname=paxd-libre
+pkgver=1.0.1
+pkgrel=1
+pkgdesc='PaX exception daemon, without nonfree software support'
+arch=(i686 x86_64)
+url='https://github.com/g4jc/paxd-libre/'
+license=(MIT)
+replaces=($_pkgname linux-pax-flags)
+conflicts=($_pkgname linux-pax-flags)
+provides=($_pkgname linux-pax-flags)
+depends=(glibc)
+makedepends=(git)
+source=(git://github.com/g4jc/paxd-libre#tag=$pkgver 10-enable-pax.conf)
+md5sums=('SKIP'
+ 'a40677d2cd39ada4c2560927c67e0ea2')
+backup=(etc/paxd-libre.conf)
+
+build() {
+ cd $pkgname
+ make CC=gcc
+}
+
+package() {
+ cd $pkgname
+ mkdir -p "$pkgdir/usr/lib/systemd/system/sysinit.target.wants"
+ make PREFIX=/usr DESTDIR="$pkgdir" install
+ install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+ install -Dm644 ../10-enable-pax.conf "$pkgdir/etc/sysctl.d/10-enable-pax.conf"
+}