[lxc-devel] [lxc/master] hardening: enable address sanitizer build

brauner on Github lxc-bot at linuxcontainers.org
Tue Mar 12 20:01:32 UTC 2019


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 429 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190312/47d7b03f/attachment-0001.bin>
-------------- next part --------------
From 565c4427e25184dbd9a3a07a4a7306fd030e3eed Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 12 Mar 2019 20:58:09 +0100
Subject: [PATCH] hardening: enable address sanitizer build

This adds --{disable,enable}-asan. It is disabled by default.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 configure.ac        | 7 +++++++
 src/lxc/Makefile.am | 4 ++++
 2 files changed, 11 insertions(+)

diff --git a/configure.ac b/configure.ac
index 3abee054f7..9d07dbc027 100644
--- a/configure.ac
+++ b/configure.ac
@@ -428,6 +428,12 @@ AC_ARG_ENABLE([commands],
 	[], [enable_commands=yes])
 AM_CONDITIONAL([ENABLE_COMMANDS], [test "x$enable_commands" = "xyes"])
 
+# Build with ASAN commands
+AC_ARG_ENABLE([asan],
+	[AC_HELP_STRING([--enable-asan], [build with address sanitizer enabled [default=no]])],
+	[], [enable_asan=no])
+AM_CONDITIONAL([ENABLE_ASAN], [test "x$enable_asan" = "xyes"])
+
 # Optional test binaries
 AC_ARG_ENABLE([tests],
 	[AC_HELP_STRING([--enable-tests], [build test/example binaries [default=no]])],
@@ -1001,6 +1007,7 @@ Documentation:
 
 Debugging:
  - tests: $enable_tests
+ - ASAN: $enable_asan
  - mutex debugging: $enable_mutex_debugging
 
 Paths:
diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index 538201b517..b868d530eb 100644
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -235,6 +235,10 @@ liblxc_la_CFLAGS = -fPIC \
 		   -DPIC \
 		   $(AM_CFLAGS) \
 		   -pthread
+if ENABLE_ASAN
+liblxc_la_CFLAGS += -fsanitize=address \
+		    -fno-omit-frame-pointer
+endif
 
 liblxc_la_LDFLAGS = -pthread \
 		    -Wl,-no-undefined \


More information about the lxc-devel mailing list