Fedora has a "hardened build" option in RPM specfiles:
https://fedoraproject.org/wiki/Packaging:Guidelines#PIE
While we could enable that in the RPM, this would only
apply to Fedora. Thus these patches directly integrate
it in libvirt's configure.ac / Makefile.am files.
With these 2 patches all executables gain -fPIE and
-z relro -z now.
Using the checksec.sh script from
http://www.trapkit.de/tools/checksec.html
We can see the difference, before:
$ ~/checksec.sh --file /usr/sbin/libvirtd
'RELRO STACK CANARY NX PIE RPATH RUNPATH
FILE
Partial RELRO Canary found NX enabled No PIE No RPATH No RUNPATH
/usr/sbin/libvirtd
After
$ ~/checksec.sh --file /usr/sbin/libvirtd
'RELRO STACK CANARY NX PIE RPATH RUNPATH
FILE
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH
/usr/sbin/libvirtd