I’m using a kernel hardened with grsecurity, which blocks certain apps that use RWX memory / JIT such as electron from starting. The only way to make them run is to enable certain flags in the binary so that the kernel allows it to map memory as RWX. Basically I need something that when the snap package install, it runs “paxctl -cem BINARY” to enable those flags.
How can I do this with a snap that I have obtained from the snap store?
you can use the --dangerous option to snap install to install local snaps … note though that this will never be upgraded, you will miss all fixes and security patches …