extended functionality added for initscript, added sane settings to conf.d script to keep bugs down. no version bump needed

3 files changed, 35 insertions, 29 deletions

diff --git a/sys-apps/chpax/files/digest-chpax-0.4 b/sys-apps/chpax/files/digest-chpax-0.4
deleted file mode 100644
index f49ba308ad8c..000000000000
--- a/sys-apps/chpax/files/digest-chpax-0.4
+++ /dev/null
@@ -1 +0,0 @@
-MD5 d8731ed8a0c851f9d4a74fc721991fb9 chpax-0.4.tar.gz 3891
diff --git a/sys-apps/chpax/files/pax-conf.d b/sys-apps/chpax/files/pax-conf.d
index 8e471830b8c2..b0d8c204ae85 100644
--- a/sys-apps/chpax/files/pax-conf.d
+++ b/sys-apps/chpax/files/pax-conf.d
@@ -10,9 +10,12 @@
 # s	do not enforce segmentation based non-executable pages
 # x	do not randomize ET_EXEC base [ELF only]
 
-PAGEEXEC_EXEMPT="/usr/X11R6/bin/XFree86 /usr/lib/wine/bin/wine"
+PAGEEXEC_EXEMPT="/usr/X11R6/bin/XFree86 /usr/lib/wine/bin/wine /opt/blackdown-jdk-*/jre/bin/[a-z]*"
 TRAMPOLINE_EXEMPT=""
-MPROTECT_EXEMPT=""
+MPROTECT_EXEMPT="/opt/blackdown-jdk-*/jre/bin/[a-z]*"
 RANDMMAP_EXEMPT=""
-SEGMEXEC_EXEMPT=""
+SEGMEXEC_EXEMPT="/usr/X11R6/bin/xinit /usr/X11R6/bin/XFree86 /opt/blackdown-jdk-*/jre/bin/[a-z]* /usr/bin/xmms /usr/bin/mplayer /usr/bin/blender /usr/bin/gxine /usr/bin/totem /usr/bin/acme"
 RANDEXEC_EXEMPT=""
+
+# when zero flag mask is set to "yes" it will remove all pax flags from all files on reboot/stop
+ZERO_FLAG_MASK=no
diff --git a/sys-apps/chpax/files/pax-init.d b/sys-apps/chpax/files/pax-init.d
index eb00ec251048..474d632f5f20 100644
--- a/sys-apps/chpax/files/pax-init.d
+++ b/sys-apps/chpax/files/pax-init.d
@@ -10,38 +10,42 @@ checkconfig() {
 	/sbin/chpax -v /sbin/chpax >/dev/null 2>&1 || return 1
 }
 
+chpax_flag() {
+	flag=$1
+	fname=$2
+
+	if [ -w "$fname" ]; then
+		#einfo "chpax $flags $fname"
+		/sbin/chpax -$flag ${fname}
+		[ $? != 0 ] && eerror "error: chpax -$flag ${fname}"
+	fi
+}
+
 start() {
 	checkconfig || return 1
 
-	local err_msg="error running chpax on "
-
-	for x in ${PAGEEXEC_EXEMPT} ; do
-		[ -f ${x} ] && /sbin/chpax -p ${x} || eerror ${err_msg} ${x}
-	done
-
-	for x in ${TRAMPOLINE_EXEMPT} ; do
-		[ -f ${x} ] && /sbin/chpax -e ${x} || eerror ${err_msg} ${x}
-	done
-
-	for x in ${RANDMMAP_EXEMPT} ; do
-		[ -f ${x} ] && /sbin/chpax -r ${x} || eerror ${err_msg} ${x}
-	done
-
-	for x in ${MPROTECT_EXEMPT} ; do
-		[ -f ${x} ] && /sbin/chpax -m ${x} || eerror ${err_msg} ${x}
-	done
-
-	for x in ${SEGMEXEC_EXEMPT} ; do
-		[ -f ${x} ] && /sbin/chpax -s ${x} || eerror ${err_msg} ${x}
-	done
-
-	for x in ${RANDEXEC_EXEMPT} ; do
-		[ -f ${x} ] && /sbin/chpax -x ${x} || eerror ${err_msg} ${x}
-	done
+	for p in $PAGEEXEC_EXEMPT; do chpax_flag p ${p} ;done
+	for e in $TRAMPOLINE_EXEMPT; do chpax_flag e ${e} ;done
+	for r in $RANDMMAP_EXEMPT; do chpax_flag r ${r} ;done
+	for m in $MPROTECT_EXEMPT; do chpax_flag m ${m} ;done
+	for s in $SEGMEXEC_EXEMPT; do chpax_flag s ${s} ;done
+	for x in $RANDEXEC_EXEMPT; do chpax_flag x ${x} ;done
 
+	return 0
 }
 
 stop() {
+	checkconfig || return 1
+
+	[ "$ZERO_FLAG_MASK" = "yes" ] || return 0
+	einfo "chpax zero flag masking"
+	for p in $PAGEEXEC_EXEMPT; do chpax_flag z ${p} ;done
+	for e in $TRAMPOLINE_EXEMPT; do chpax_flag z ${e} ;done
+	for r in $RANDMMAP_EXEMPT; do chpax_flag z ${r} ;done
+	for m in $MPROTECT_EXEMPT; do chpax_flag z ${m} ;done
+	for s in $SEGMEXEC_EXEMPT; do chpax_flag z ${s} ;done
+	for x in $RANDEXEC_EXEMPT; do chpax_flag z ${x} ;done
+
 	return 0
 }