- 09 2月, 2018 1 次提交
-
-
由 Daniel P. Berrangé 提交于
Undefined symbols are a bad thing in general because they can get resolved in unexpected ways at runtime if multiple sources provide the same symbol name. For example both glibc and libtirpc may provide XDR symbols and we want to ensure that we resolve to libtirpc if that's what we originally built against. The toolchain maintainers thus strongly recommend that all applications use the '-z defs' linker flag to prevent undefined symbols. This is shortly becoming part of the default linker flags for RPMs. As an added benefit this aligns Linux builds with Windows builds, where the linker has never permitted undefined symbols. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 22 8月, 2013 1 次提交
-
-
由 Guido Günther 提交于
by adding it to AM_LDFLAGS instead of every linking rule and by avoiding a forked grep.
-
- 03 4月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
By passing the flags -z relro -z now to the linker, we can force it to resolve all library symbols at startup, instead of on-demand. This allows it to then make the global offset table (GOT) read-only, which makes some security attacks harder. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
PIE (position independent executable) adds security to executables by composing them entirely of position-independent code (PIC. The .so libraries already build with -fPIC. This adds -fPIE which is the equivalent to -fPIC, but for executables. This for allows Exec Shield to use address space layout randomization to prevent attackers from knowing where existing executable code is during a security attack using exploits that rely on knowing the offset of the executable code in the binary, such as return-to-libc attacks. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 14 1月, 2013 5 次提交
-
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 11 1月, 2013 3 次提交
-
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Most checks for libraries take the same format * --with-libFOO=yes|no|check|/some/path argument * check for a function NNN in libFOO.so * check for a header file DDD/HHH.h * Define a WITH_FOO config.h symbol * Define a WITH_FOO make conditional * Substitute FOO_CFLAGS and FOO_LIBS make variables * Print CFLAGS & LIBS summary at the end Doing all this correctly is rather difficult, typically done by copy+paste of a previous usage. Further small improvements people make are not applied to all previous usages. Improve this by creating some helper macros to apply good practice. First, to perform the actual checks: LIBVIRT_CHECK_LIB([SELINUX], [selinux], [getfilecon], [selinux/selinux.h]) This checks for 'getfilecon' in -lselinux, and the existence of 'selinux/selinux.h' header file. If successful it sets SELINUX_CFLAGS and SELINUX_LIBS. The WITH_SELINUX config.h macro and WITH_SELINUX make conditional are also defined. In some cases we need to check two variants of the same library LIBVIRT_CHECK_LIB_ALT([SASL], [sasl2], [sasl_client_init], [sasl/sasl.h], [SASL1], [sasl], [sasl_client_init], [sasl/sasl.h]) This checks for sasl_client_init in libsasl2, and if that is not found, checks sasl_client_init in libsasl. If the first check succeeds WITH_SASL is set, while if the second check succeeds *both* WITH_SASL and WITH_SASL1 are set. If the library supports pkg-config, then another variant is available LIBVIRT_CHECK_PKG([AVAHI], [avahi-client], [0.6.0]) This checks for avahi-client >= 0.6.0 via pkg-config and sets WITH_AVAHI if found. Finally to print a summary of CFLAGS & LIBs found (if any): LIBVIRT_RESULT_LIB([SELINUX]) Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-