diff options
author | Robin Gloster <mail@glob.in> | 2016-07-25 12:47:13 +0000 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2016-07-25 12:47:13 +0000 |
commit | f222d9874643197fb61ca8460449f10abae1a4fd (patch) | |
tree | b8b9c2dcdf54cc418ef54d579b7d21e0830006b8 /doc | |
parent | 1f04b4a566d3c8f8de5354ed09dee46557c4abe3 (diff) | |
parent | e725c927d4a09ee116fe18f2f0718364678a321f (diff) | |
download | nixlib-f222d9874643197fb61ca8460449f10abae1a4fd.tar nixlib-f222d9874643197fb61ca8460449f10abae1a4fd.tar.gz nixlib-f222d9874643197fb61ca8460449f10abae1a4fd.tar.bz2 nixlib-f222d9874643197fb61ca8460449f10abae1a4fd.tar.lz nixlib-f222d9874643197fb61ca8460449f10abae1a4fd.tar.xz nixlib-f222d9874643197fb61ca8460449f10abae1a4fd.tar.zst nixlib-f222d9874643197fb61ca8460449f10abae1a4fd.zip |
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
Diffstat (limited to 'doc')
-rw-r--r-- | doc/stdenv.xml | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/doc/stdenv.xml b/doc/stdenv.xml index 303ad2db8a75..034e0bb7590d 100644 --- a/doc/stdenv.xml +++ b/doc/stdenv.xml @@ -1319,6 +1319,25 @@ someVar=$(stripHash $name; echo $strippedName) <envar>GST_PLUGIN_SYSTEM_PATH</envar> environment variable.</para></listitem> </varlistentry> + <varlistentry> + <term>paxctl</term> + <listitem><para>Defines the <varname>paxmark</varname> helper for + setting per-executable PaX flags on Linux (where it is available by + default; on all other platforms, <varname>paxmark</varname> is a no-op). + For example, to disable secure memory protections on the executable + <replaceable>foo</replaceable>: + <programlisting> + postFixup = '' + paxmark m $out/bin/<replaceable>foo</replaceable> + ''; + </programlisting> + The <literal>m</literal> flag is the most common flag and is typically + required for applications that employ JIT compilation or otherwise need to + execute code generated at run-time. Disabling PaX protections should be + considered a last resort: if possible, problematic features should be + disabled or patched to work with PaX.</para></listitem> + </varlistentry> + </variablelist> </para> |