packages/lxc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add secure compile macro

Browse Source
This commit is contained in:
mzzhou 2023-07-10 22:27:09 +08:00
parent 470cf2277f
commit 9ce5ac8ddc
2 changed files with 73 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
0034-add-secure-compile-macro.patch Normal file
View File

@ -0,0 +1,65 @@
From 728d921b36f07833470a284a55cbfea4baaab268 Mon Sep 17 00:00:00 2001
From: mzzhou <1362843687@qq.com>
Date: Mon, 10 Jul 2023 21:28:10 +0800
Subject: [PATCH] add secure compile marco
---
configure.ac | 20 ++++++++++++++++++++
src/lxc/Makefile.am | 6 +++++-
2 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 2180586..e66bdf1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -837,10 +837,30 @@ if test "x$adapt_isulad" = "xyes"; then
AC_DEFINE([HAVE_ISULAD], 1, [adapt to iSulad])
AC_MSG_RESULT([yes])
+ AC_MSG_CHECKING([Whether enable secure compile])
+ AC_ARG_ENABLE([secure-compile],
+ [AC_HELP_STRING([--enable-secure-compile], [enable secure compile [default=no]])],
+ [secure_compile=$enableval], [secure_compile=yes])
+ AM_CONDITIONAL([HAVE_SECURE_COMPILE], [test "x$secure_compile" = "xyes"])
+ AC_DEFINE([HAVE_SECURE_COMPILE], 1, [enable secure compile])
+ AC_MSG_RESULT([yes])
+
# Check yajl
PKG_CHECK_MODULES([YAJL], [yajl >= 2],[],[AC_MSG_ERROR([You must install yajl >= 2])])
else
AC_MSG_RESULT([no])
+
+ AC_MSG_CHECKING([Whether enable secure compile])
+ AC_ARG_ENABLE([secure-compile],
+ [AC_HELP_STRING([--enable-secure-compile], [enable secure compile [default=no]])],
+ [secure_compile=$enableval], [secure_compile=yes])
+ AM_CONDITIONAL([HAVE_SECURE_COMPILE], [test "x$secure_compile" = "xyes"])
+ if test "x$secure_compile" = "xyes"; then
+ AC_DEFINE([HAVE_SECURE_COMPILE], 1, [enable secure compile])
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+ fi
fi
# Files requiring some variable expansion
diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index 61a229f..c1d20f6 100644
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -292,7 +292,11 @@ liblxc_la_LDFLAGS = -pthread \
-version-info @LXC_ABI_MAJOR@
if HAVE_ISULAD
-liblxc_la_LDFLAGS += @YAJL_LIBS@ -Wl,-z,relro \
+liblxc_la_LDFLAGS += @YAJL_LIBS@
+endif
+
+if HAVE_SECURE_COMPILE
+liblxc_la_LDFLAGS += -Wl,-z,relro \
-Wl,-z,now \
-Wl,-z,noexecstack
endif
--
2.41.0.windows.2

9
lxc.spec
View File

@ -1,4 +1,4 @@
%global _release 2022102420 %global _release 2022102421
Name: lxc Name: lxc
Version: 4.0.3 Version: 4.0.3
@ -41,6 +41,7 @@ Patch0030: 0030-remove-unused-meminfo-stats.patch
Patch0031: 0031-lxc-attach-Fix-lost-return-codes-of-spawned-processe.patch Patch0031: 0031-lxc-attach-Fix-lost-return-codes-of-spawned-processe.patch
Patch0032: 0032-fix-load-bpf-failed.patch Patch0032: 0032-fix-load-bpf-failed.patch
Patch0033: 0033-fix-mount-device-path-incorrect.patch Patch0033: 0033-fix-mount-device-path-incorrect.patch
Patch0034: 0034-add-secure-compile-macro.patch
BuildRequires: systemd-units git libtool graphviz docbook2X doxygen chrpath BuildRequires: systemd-units git libtool graphviz docbook2X doxygen chrpath
BuildRequires: pkgconfig(libseccomp) BuildRequires: pkgconfig(libseccomp)
@ -227,6 +228,12 @@ rm -rf %{buildroot}%{_sysconfdir}/default/%{name}
%endif %endif
%changelog %changelog
* Mon Jul 10 2023 mzzhou<1362843687@qq.com> - 4.0.3-2022102421
- Type:enhancement
- ID:NA
- SUG:NA
- DESC: add secure compile macro
* Fri Jun 16 2023 zhangxiaoyu<zhangxiaoyu58@huawei.com> - 4.0.3-2022102420 * Fri Jun 16 2023 zhangxiaoyu<zhangxiaoyu58@huawei.com> - 4.0.3-2022102420
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA