Re: [libvirt] [PATCH 2/2] Enable full RELRO mode

From: "Daniel P. Berrange" <berrange(a)redhat.com&gt; By passing the flags -z relro -z now to the linker, we can force it to resolve all library symbols at startup, instead of on-demand. This allows it to then make the global offset table (GOT) read-only, which makes some security attacks harder. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; --- configure.ac | 1 + daemon/Makefile.am | 1 + m4/virt-linker-relro.m4 | 15 +++++++++++++++ src/Makefile.am | 43 +++++++++++++++++++++++++++++++------------ tools/Makefile.am | 2 ++ 5 files changed, 50 insertions(+), 12 deletions(-) create mode 100644 m4/virt-linker-relro.m4

+++ b/m4/virt-linker-relro.m4 @@ -0,0 +1,15 @@ +dnl +dnl Check for -z now and -z relro linker flags