* [PATCH] security_flags: Add comment about what it does and who uses it
@ 2015-05-29 13:16 Richard Purdie
0 siblings, 0 replies; only message in thread
From: Richard Purdie @ 2015-05-29 13:16 UTC (permalink / raw)
To: openembedded-core
It was pointed out that people couldn't easily see who used this or
why so add some comments about that.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 0ee3814..9608c7f 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -1,3 +1,10 @@
+# Setup extra CFLAGS and LDFLAGS which have 'security' benefits. These
+# don't work universally, there are recipes which can't use one, the other
+# or both so a blacklist is maintained here. The idea would be over
+# time to reduce this list to nothing.
+# From a Yocto Project perspective, this file is included and tested
+# in the DISTRO="poky-lsb" configuration.
+
SECURITY_CFLAGS ?= "-fstack-protector-all -pie -fpie -D_FORTIFY_SOURCE=2"
SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-all -D_FORTIFY_SOURCE=2"
SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2015-05-29 13:17 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-05-29 13:16 [PATCH] security_flags: Add comment about what it does and who uses it Richard Purdie
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.