paxctld - Daemon to automatically apply appropriate PaX flags
paxctld [ -c <config_file> ] [ -d ] [ -p <pid_file> ] [ -q ]
paxctld is a daemon that automatically applies PaX flags to binaries on the system. These flags are applied via user extended attributes and are refreshed on any update to the binaries specified in its configuration file.
paxctld.conf is the configuration file located in /etc that defines which binaries to mark with specific PaX flags. The format of this configuration file is multiple lines of the form:
<full pathname> <PaX flags> [nonroot]
Empty lines or lines beginning with '#' are ignored. Files that have spaces in the path leading to them must be surrounded in double quotes. The optional nonroot string is to be used if the file being marked is not owned by root. paxctld will not allow files not owned by root to be marked (or have their symlinks followed) without this string. If the pathname specifies a symlink not owned by root, the target of the symlink must have the same owner.
-c <config_file> Specify a config file other than the default of /etc/paxctld.conf
-d Make paxctld run as a daemon
-p <pid_file> Specify the pid file to use when running in daemon mode
-q Enable quiet mode to suppress all syslogs from paxctld
Please include as much information as possible and send bug reports to spender@grsecurity.net
paxctld was created and is maintained by Brad Spengler <spender@security.net>