From: "André Draszik" <git@andred.net>
To: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH 2/3] pulseaudio: disable PIE flags when hardened flags are enabled
Date: Fri, 09 Jun 2017 15:02:15 +0100 [thread overview]
Message-ID: <1497016935.4561.15.camel@andred.net> (raw)
In-Reply-To: <CAMKF1srdVU0p-e4gPJx5rNEhk4aQdsiELuz+-1AsD_tgG6b_Gw@mail.gmail.com>
On Fri, 2017-06-09 at 13:07 +0000, Khem Raj wrote:
> On Fri, Jun 9, 2017 at 5:56 AM Burton, Ross <ross.burton@intel.com> wrote:
>
> >
> > On 9 June 2017 at 04:41, Khem Raj <raj.khem@gmail.com> wrote:
> >
> > > +SECURITY_CFLAGS = "${SECURITY_NO_PIE_CFLAGS}"
> > >
> >
> > These tend to go into security-flags.inc, not the recipe.
> >
>
> I know that's been the case but I think having a global file is error
> prone
> its better to have it in recipe context since it can get attention at
> upgrade time to test if this has been fixed in new release etc
Isn't one of the main root causes really that bitbake passes -fpie -pie even
when the recipe is building a shared library? (Maybe not in this case here,
though). Obviously, bitbake doesn't really know about shared libraries, and
yes, each recipe's build system could filter out pie flags for shared
library targets, but that's probably better done at libtool level:
http://lists.openembedded.org/pipermail/openembedded-devel/2016-November/110048.html
Cheers,
Andre'
next prev parent reply other threads:[~2017-06-09 14:02 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-09 3:41 [PATCH 0/3] Fix imagetests with harderning flags Khem Raj
2017-06-09 3:41 ` [PATCH 1/3] testimage.bbclass: Correct the comment to state right dir for test cases Khem Raj
2017-06-09 3:41 ` [PATCH 2/3] pulseaudio: disable PIE flags when hardened flags are enabled Khem Raj
2017-06-09 12:55 ` Burton, Ross
2017-06-09 13:07 ` Khem Raj
2017-06-09 14:02 ` André Draszik [this message]
2017-06-09 14:07 ` Khem Raj
2017-06-09 16:38 ` Tanu Kaskinen
2017-06-09 17:10 ` Khem Raj
2019-04-22 12:33 ` Tanu Kaskinen
2019-04-22 20:28 ` Khem Raj
2019-04-26 12:53 ` Tanu Kaskinen
2019-04-26 13:52 ` Richard Purdie
2017-06-09 3:41 ` [PATCH 3/3] rng-tools: Fix textrels on 32bit x86 Khem Raj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1497016935.4561.15.camel@andred.net \
--to=git@andred.net \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox