I see on AppArmor denial for /dev/nvidiactl that electron builds occasionally have binaries with executable stacks. I have dlib and libraw C++ nodejs addons, so I use npm rebuild and node-gyp rebuild:
ELECTRON_VERSION="1.8.1";
npm rebuild \
--runtime=electron \
--target=${ELECTRON_VERSION} \
--disturl=https://atom.io/download/atom-shell \
--build-from-source
cd dlib
node-gyp rebuild \
--runtime=electron \
--target=${ELECTRON_VERSION} \
--disturl=https://atom.io/download/atom-shell \
--build-from-source
cd ..
cd libraw
node-gyp rebuild \
--runtime=electron \
--target=${ELECTRON_VERSION} \
--disturl=https://atom.io/download/atom-shell \
--build-from-source
cd ..
Since I’m using npm rebuild, am I responsible for configuring npm and gyp so that they don’t produce binaries with executable stacks? Or is electron responsible for the way that it npm rebuilds to not have an executable stack? When I get home I’ll try using a version of electron other than 1.8.1 to see if it produces an binary without an executable stack.