Scroll to navigation

PAXCTLD(8) System Manager's Manual PAXCTLD(8)

NAME

paxctld - Daemon to automatically apply appropriate PaX flags

SYNOPSIS

paxctld [ -c <config_file> ] [ -d ] [ -p <pid_file> ] [ -q ]

DESCRIPTION

paxctld is a daemon that automatically applies PaX flags to binaries on the system. These flags are applied via user extended attributes and are refreshed on any update to the binaries specified in its configuration file.

paxctld.conf is the configuration file located in /etc that defines which binaries to mark with specific PaX flags. The format of this configuration file is multiple lines of the form:

<full pathname> <PaX flags> [nonroot]

Empty lines or lines beginning with '#' are ignored. Files that have spaces in the path leading to them must be surrounded in double quotes. The optional nonroot string is to be used if the file being marked is not owned by root. paxctld will not allow files not owned by root to be marked (or have their symlinks followed) without this string. If the pathname specifies a symlink not owned by root, the target of the symlink must have the same owner.

OPTIONS

Specify a config file other than the default of /etc/paxctld.conf
Make paxctld run as a daemon
Specify the pid file to use when running in daemon mode
Enable quiet mode to suppress all syslogs from paxctld

REPORTING BUGS

Please include as much information as possible and send bug reports to spender@grsecurity.net

AUTHOR

paxctld was created and is maintained by Brad Spengler <spender@security.net>