It seems useful to have several options for enforcing W^X. Silently blocking the allocations may lead to hidden cases of mis-behavior or changed behavior in applications.
This patch adds options to log violations (but allow the allocation to proceed anyway), block the violations, or even kill the processes (to allow a developer to pinpoint the place the W^X violation is occurring). These options can aid in evaluating the possibility of enabling W^X and in debugging W^X violations.
I chose not to maintain an option to silently block allocations. We could certainly add that, if that seems like a good idea. However, it seems like a system administrator who enables W^X protections probably would expect no regular ongoing violations would be occurring. Therefore, it seemed like it was useful to log the violations. But, I am open to hearing differing opinions.
Because this patch adds an option to choose to enforce or not enforce W^X globally, it also changes the default for ELF to enforcing W^X. The patch also checks for W^X violations in the ELF sections.