I've followed the migration guide,
https://wiki.gentoo.org/wiki/Project:Hardened/PaX_flag_migration_from_PT_PAX_to_XATTR_PAX
on a few machines now without problem. But, I have a couple of routers
that should experience a minimum of downtime. The guide has you reboot
twice: once to enable XATTR_PAX in the kernel, and again to remove
PT_PAX after running migrate-pax. I was wondering: is it safe to do both
at once, assuming I can live without PaX for five minutes?
That is, can I disable PT_PAX, enable XATTR_PAX, reboot, and run
migrate-pax? Or might that cause problems?
(Note: I can't run the elfix test suite anyway, since I have EMUTRAMP
disabled.)
https://wiki.gentoo.org/wiki/Project:Hardened/PaX_flag_migration_from_PT_PAX_to_XATTR_PAX
on a few machines now without problem. But, I have a couple of routers
that should experience a minimum of downtime. The guide has you reboot
twice: once to enable XATTR_PAX in the kernel, and again to remove
PT_PAX after running migrate-pax. I was wondering: is it safe to do both
at once, assuming I can live without PaX for five minutes?
That is, can I disable PT_PAX, enable XATTR_PAX, reboot, and run
migrate-pax? Or might that cause problems?
(Note: I can't run the elfix test suite anyway, since I have EMUTRAMP
disabled.)