Before starting with PaX support (PAX) module administration, your should read the PAX description.

PAX administration only changes the pax_flags attribute of files and the pax_role attribute of users. This can either be done with rsbac_fd_menu and rsbac_user_menu or with the command line tools attr_get_file_dir, attr_set_file_dir, attr_get_user and attr_set_user.

The pax_role value determines user access to both attributes: normal users have no access, system admins have read access and security officer has full access.

Example to set some flags on /bin/sample:

attr_set_file_dir PAX FILE /bin/sample pax_flags PeMRxS

Table of Contents: RSBAC Handbook
Previous: CAP
Next: FF
Alternative: Setting up Modules