* [PATCH] security_flags: Add comment about what it does and who uses it
@ 2015-05-29 13:16 Richard Purdie
0 siblings, 0 replies; only message in thread
From: Richard Purdie @ 2015-05-29 13:16 UTC (permalink / raw)
To: openembedded-core
It was pointed out that people couldn't easily see who used this or
why so add some comments about that.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 0ee3814..9608c7f 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -1,3 +1,10 @@
+# Setup extra CFLAGS and LDFLAGS which have 'security' benefits. These
+# don't work universally, there are recipes which can't use one, the other
+# or both so a blacklist is maintained here. The idea would be over
+# time to reduce this list to nothing.
+# From a Yocto Project perspective, this file is included and tested
+# in the DISTRO="poky-lsb" configuration.
+
SECURITY_CFLAGS ?= "-fstack-protector-all -pie -fpie -D_FORTIFY_SOURCE=2"
SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-all -D_FORTIFY_SOURCE=2"
SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2015-05-29 13:17 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-05-29 13:16 [PATCH] security_flags: Add comment about what it does and who uses it Richard Purdie
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox