From 2db6e4cda2e042fab327493c0fa095723d7c0352 Mon Sep 17 00:00:00 2001
From: jingrui <jingrui@huawei.com>
Date: Mon, 15 Apr 2019 10:58:07 +0800
Subject: [PATCH] containerd:  enable relro flags

Change-Id: I5f32e7bf794842a14e1644f7aa3115a65b1bc698
Signed-off-by: jingrui <jingrui@huawei.com>
---
 Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index e38dfb38..921b2d50 100644
--- a/Makefile
+++ b/Makefile
@@ -77,7 +77,8 @@ MANPAGES=ctr.1 containerd.1 containerd-config.1 containerd-config.toml.5
 # Build tags seccomp and apparmor are needed by CRI plugin.
 BUILDTAGS ?= seccomp apparmor
 GO_TAGS=$(if $(BUILDTAGS),-tags "$(BUILDTAGS)",)
-GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)'
+GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' \
+	-ldflags=-extldflags=-zrelro -ldflags=-extldflags=-znow
 SHIM_GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"'
 
 #Replaces ":" (*nix), ";" (windows) with newline for easy parsing
-- 
2.17.1