paxctld 1.2.1-1 / etc / paxctld.conf

# grub

/usr/bin/grub-script-check	E
/usr/bin/grub-bios-setup	E
/usr/sbin/grub-mkdevicemap	E
/usr/sbin/grub-probe		E

# qemu
/usr/bin/qemu-alpha		m
/usr/bin/qemu-arm		m
/usr/bin/qemu-armeb		m
/usr/bin/qemu-cris		m
/usr/bin/qemu-i386		m
/usr/bin/qemu-m68k		m
/usr/bin/qemu-microblaze	m
/usr/bin/qemu-microblazeel	m
/usr/bin/qemu-mips		m
/usr/bin/qemu-mips64		m
/usr/bin/qemu-mips64el		m
/usr/bin/qemu-mipsel		m
/usr/bin/qemu-mipsn32		m
/usr/bin/qemu-mipsn32el		m
/usr/bin/qemu-or32		m
/usr/bin/qemu-ppc		m
/usr/bin/qemu-ppc64		m
/usr/bin/qemu-ppc64abi32	m
/usr/bin/qemu-s390x		m
/usr/bin/qemu-sh4		m
/usr/bin/qemu-sh4eb		m
/usr/bin/qemu-sparc		m
/usr/bin/qemu-sparc32plus	m
/usr/bin/qemu-sparc64		m
/usr/bin/qemu-unicore32		m
/usr/bin/qemu-x86_64		m

/usr/bin/qemu-system-aarch64		m
/usr/bin/qemu-system-alpha		m
/usr/bin/qemu-system-arm		m
/usr/bin/qemu-system-cris		m
/usr/bin/qemu-system-i386		m
/usr/bin/qemu-system-lm32		m
/usr/bin/qemu-system-m68k		m
/usr/bin/qemu-system-microblaze		m
/usr/bin/qemu-system-microblazeel	m
/usr/bin/qemu-system-mips		m
/usr/bin/qemu-system-mips64		m
/usr/bin/qemu-system-mips64el		m
/usr/bin/qemu-system-mipsel		m
/usr/bin/qemu-system-moxie		m
/usr/bin/qemu-system-or32		m
/usr/bin/qemu-system-ppc		m
/usr/bin/qemu-system-ppc64		m
/usr/bin/qemu-system-ppcemb		m
/usr/bin/qemu-system-s390x		m
/usr/bin/qemu-system-sh4		m
/usr/bin/qemu-system-sh4eb		m
/usr/bin/qemu-system-sparc		m
/usr/bin/qemu-system-sparc64		m
/usr/bin/qemu-system-unicore32		m
/usr/bin/qemu-system-x86_64		m
/usr/bin/qemu-system-xtensa		m
/usr/bin/qemu-system-xtensaeb		m

# skype
/usr/lib/skype/skype		m
/usr/lib32/skype/skype		m

# steam
/usr/lib32/ld-linux.so.2	m

# node
/usr/bin/node			m

# chrome
/opt/google/chrome/chrome-sandbox	m
/opt/google/chrome/nacl_helper		m
/opt/google/chrome/chrome		m

# chromium
/usr/lib/chromium-browser/chromium-browser m

# firefox
/usr/lib/firefox/firefox		m
/usr/lib/firefox/plugin-container	m

# webapp-container
/usr/bin/webapp-container	m

# oxide
/usr/lib/x86_64-linux-gnu/oxide-qt/oxide-renderer m

# valgrind
/usr/bin/valgrind		m

# python
/usr/bin/python2.7		E
/usr/bin/python3.5		E

# java
/usr/lib/jvm/java-6-sun-1.6.0.10/jre/bin/java		m
/usr/lib/jvm/java-6-sun-1.6.0.10/jre/bin/javaws		m
/usr/lib/jvm/java-6-openjdk/jre/bin/java		m
/usr/lib/jvm/java-6-openjdk/jre/bin/java		m
/usr/lib/jvm/java-8-openjdk/jre/bin/java		m

# openrc
/lib/rc/bin/lsb2rcconf		E

# libreoffice
# Ubuntu doesn't seem to carry this patch:
# https://bz.apache.org/ooo/show_bug.cgi?id=80816
# libreoffice will still run fine without the below line,
# but it will report an RWX mprotect attempt
# /usr/lib/libreoffice/program/soffice.bin	m