Robert Connolly cendres at
Tue Mar 30 07:29:40 PST 2004

On March 30, 2004 08:55 am, Adrian Fisher wrote:
> Wouldn't it be more beneficial to ensure changes didn't lock out
> mainstream technologies such as Java as I know many companies use it.

With propolice 8 files related to the java compiler would need to be skipped 
from propolice durring compile. I don't use java, so I've never checked into 
patching for this. Java gets killed by a Pax/Grsec kernel because of stack 
and heap protection. Pax distributes a chpax() utility to disable this 
protection on the Java binaries. That should be fairly safe since Java 
doesn't have issues with buffer overflows so far. This isn't part of the base 
system so I haven't given it any attention. Chpax isn't nessesary for 
anything in the lfs base.

More information about the hlfs-dev mailing list