After you install grsecurity kernel like SameKernel#grsecurity some programs that do risky operations will be prohibited from running.

To keep using them you need to run this easy scripts that will reconfigure them and remove them from strong forms of grsecurity/PAX protection.

The pax flags technical documentation:

As for Debian-Wheezy, following script will properly tune the binary flags, and will exclude this programs from PAX Grsecurity


1) Install package attr

2) Enable mount option user_xattr (is this mandatory TODO please check and write here, anyone) on the partition that serves your binaries (e.g. /usr/ or /) by editing /etc/fstab and rebooting, or for faster test without reboot: mount / -o user_xattr,ro mount /usr -o user_xattr,ro

3) Run this script as root (after reviewing it - it just runs several setfattr commands to set custom flags on files, PaX enabled grsecurity kernel reads them on program execution) - it is located also in your copy of SameKernel/deterministic-kernel, search for that filename e.g. in directory apps/.

4) You need to re-run this script after upgrading/reinstalling the affected programs (and sometimes re-run the installation after) - mostly for java upgrades, kernel upgrades


all this problems will be resolved once we have hooks that run this script when other packages are installed

please contact us #mempo @ and ircp2 if you can help with this - see Mempo#contact