[lxc-devel] [lxd/master] make: add full-relro
brauner on Github
lxc-bot at linuxcontainers.org
Wed Apr 17 21:21:17 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190417/0e5448f9/attachment-0001.bin>
-------------- next part --------------
From aa93abbf5340b14bf761c2fac0c0282290007df8 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Wed, 17 Apr 2019 22:34:40 +0200
Subject: [PATCH] make: add full-relro
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
Makefile | 4 ++--
lxd/main_forkproxy.go | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index 99f2aa6bad..045915bebf 100644
--- a/Makefile
+++ b/Makefile
@@ -16,7 +16,7 @@ ifeq ($(TAG_SQLITE3),)
endif
go get -t -v -d ./...
- CC=$(CC) go install -v -tags "$(TAG_SQLITE3)" $(DEBUG) ./...
+ CGO_LDFLAGS_ALLOW="-Wl,-z,now" CC=$(CC) go install -v -tags "$(TAG_SQLITE3)" $(DEBUG) ./...
@echo "LXD built successfully"
.PHONY: client
@@ -90,7 +90,7 @@ ifeq ($(TAG_SQLITE3),)
endif
go get -t -v -d ./...
- CC=$(CC) go install -v -tags "$(TAG_SQLITE3) logdebug" $(DEBUG) ./...
+ CGO_LDFLAGS_ALLOW="-Wl,-z,now" CC=$(CC) go install -v -tags "$(TAG_SQLITE3) logdebug" $(DEBUG) ./...
@echo "LXD built successfully"
.PHONY: check
diff --git a/lxd/main_forkproxy.go b/lxd/main_forkproxy.go
index fb2213a548..b818e38d2b 100644
--- a/lxd/main_forkproxy.go
+++ b/lxd/main_forkproxy.go
@@ -283,6 +283,7 @@ void forkproxy()
}
*/
// #cgo CFLAGS: -std=gnu11 -Wvla
+// #cgo LDFLAGS: -Wl,-z,now -Wl,-z,relro
import "C"
const forkproxyUDSSockFDNum int = C.FORKPROXY_UDS_SOCK_FD_NUM
More information about the lxc-devel
mailing list