From: Karl MacMillan <kmacmillan@mentalrootkit.com>
To: Daniel J Walsh <dwalsh@redhat.com>
Cc: "Christopher J. PeBenito" <cpebenito@tresys.com>,
SE Linux <selinux@tycho.nsa.gov>,
Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: Multiple small fixes to policycoreutils
Date: Wed, 15 Nov 2006 13:34:22 -0500 [thread overview]
Message-ID: <455B5DAE.8040408@mentalrootkit.com> (raw)
In-Reply-To: <455A227E.1040403@redhat.com>
Daniel J Walsh wrote:
> Christopher J. PeBenito wrote:
>> On Tue, 2006-11-14 at 11:18 -0500, Daniel J Walsh wrote:
>>
>>> Christopher J. PeBenito wrote:
>>>
>>>> On Tue, 2006-11-14 at 10:06 -0500, Daniel J Walsh wrote:
>>>>
>>>>> Add -fPIE and -pie to build of restorecond.
>>>>>
>>>>
>>>>> -CFLAGS ?= -g -Werror -Wall -W
>>>>> -override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
>>>>> +LDFLAGS ?= -pie
>>>>> +CFLAGS ?= -g -Werror -Wall -W +override CFLAGS +=
>>>>> -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64 -fPIE
>>>>>
>>>> I would say that this shouldn't be added in general, especially not to
>>>> the override. The default flags should be pretty basic, IMO.
>>>>
>>>>
>>> How about if we change
>>> LDFLAGS ?= ?= $(RANDLDFLAG)
>>> override CFLAGS += -I$(PREFIX)/include -D_FILE_OFFSET_BITS=64
>>> $(RANDCFLAG)
>>>
>>
>> Why does this need to be special? "?=" means if the variable isn't
>> already set (setting CFLAGS to "" counts as set), then its set with the
>> right side. This assignment won't happen if CFLAGS is set:
>>
>> CFLAGS ?= -g -Werror -Wall -W
>>
>> So in your spec file you just change your make command to `make
>> CFLAGS="-fPIE" LDFLAGS="-pie"`, then you'll get the behavior of the
>> patch above. Keeping the makefile as is will keep the defaults safe,
>> and then distros can set things whichever way they want with CFLAGS and
>> LDFLAGS and not have extra compile/linking flags pop up.
>>
>>
> No because this will effect all the Makefiles, not just the daemon
> ones. I do not want to build restorecon/setfiles etc with -fPIE.
>
What about a top-level USE_PIE makefile variable that directs all
sub-Makefiles to set PIE flags if appropriate for that module? By
default it would be off. This gets the behavior you want without having
to carry a patch and keeps the current behavior.
Karl
>
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> with
> the words "unsubscribe selinux" without quotes as the message.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2006-11-15 18:34 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-14 15:06 Multiple small fixes to policycoreutils Daniel J Walsh
2006-11-14 16:13 ` Christopher J. PeBenito
2006-11-14 16:18 ` Daniel J Walsh
2006-11-14 19:19 ` Christopher J. PeBenito
2006-11-14 20:09 ` Daniel J Walsh
2006-11-15 18:34 ` Karl MacMillan [this message]
2006-11-15 19:38 ` Joshua Brindle
2006-11-15 20:16 ` Daniel J Walsh
2006-11-15 20:18 ` Joshua Brindle
2006-11-15 22:01 ` Karl MacMillan
2006-11-16 0:05 ` Joshua Brindle
2006-11-16 22:15 ` Karl MacMillan
2006-11-17 0:50 ` Joshua Brindle
2006-11-17 12:02 ` Daniel J Walsh
2006-11-20 17:10 ` Karl MacMillan
2006-11-20 17:36 ` More " Daniel J Walsh
2006-11-20 18:28 ` Joshua Brindle
2006-11-20 20:14 ` Karl MacMillan
2006-11-20 20:25 ` Stephen Smalley
2006-11-21 3:54 ` Joshua Brindle
2006-11-21 14:35 ` Karl MacMillan
2006-11-21 14:37 ` Karl MacMillan
2006-11-20 21:58 ` Daniel J Walsh
2006-11-21 13:53 ` Stephen Smalley
2006-11-22 19:16 ` Daniel J Walsh
2006-11-22 19:22 ` Joshua Brindle
2006-11-22 20:05 ` Daniel J Walsh
2006-11-22 20:31 ` Joshua Brindle
2006-11-22 21:21 ` Daniel J Walsh
2006-11-28 19:37 ` Joshua Brindle
2006-11-29 21:18 ` Joshua Brindle
2006-11-22 20:06 ` Daniel J Walsh
2006-11-22 20:34 ` Joshua Brindle
2006-11-22 21:10 ` Daniel J Walsh
2006-11-22 20:07 ` Daniel J Walsh
2006-11-22 20:35 ` Joshua Brindle
2006-11-22 20:08 ` Daniel J Walsh
2006-11-22 20:36 ` Joshua Brindle
2006-11-22 20:10 ` Daniel J Walsh
2006-11-22 20:36 ` Joshua Brindle
2006-11-22 21:07 ` Daniel J Walsh
2006-11-27 13:39 ` Joshua Brindle
2006-11-21 21:13 ` Stephen Smalley
2006-11-15 16:13 ` Multiple " Joshua Brindle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=455B5DAE.8040408@mentalrootkit.com \
--to=kmacmillan@mentalrootkit.com \
--cc=cpebenito@tresys.com \
--cc=dwalsh@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.