Dave beat me to the punch, but I was going to say the same thing. The only thing we need with the exec-shield option/sysctl is for it to go away. If anybody needs more configurability, it can be something like "noexec=emul" to ignore NX hardware to test out the segmentation hack, or "noexec=noemul" to only use real hardware support if it's there and never do segmentation. But aside from convenience of smoke-testing the segmentation hack on current (NX-capable) hardware (without tweaking the firmware to suppress it or whatever)--which really only benefits us and we don't seem to care--I have never heard of any users asking for any flexibility on this option. Your patch looks fine to me, though I of course didn't test it either. Thanks, Roland _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
