by adding it to AM_LDFLAGS instead of every linking rule and by avoiding a forked grep. --- Daniel kind of nacked the AM_LDFLAGS part already but I think it's a reasonable cleanup. We should rather use AM_LDFLAGS everywhere which (we currently don't and which would be another cleanup). Or are there any reasons to not have a read only GOT? daemon/Makefile.am | 4 +++- m4/virt-linker-relro.m4 | 8 ++++---- src/Makefile.am | 13 +++---------- tools/Makefile.am | 18 +++++++++++++----- 4 files changed, 23 insertions(+), 20 deletions(-) diff --git a/daemon/Makefile.am b/daemon/Makefile.am index ad7544c..5cd95aa 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -125,9 +125,11 @@ libvirtd_CFLAGS = \ -DQEMUD_PID_FILE="\"$(QEMUD_PID_FILE)\"" libvirtd_LDFLAGS = \ + $(RELRO_LDFLAGS) \ $(PIE_LDFLAGS) \ $(RELRO_LDFLAGS) \ - $(COVERAGE_LDFLAGS) + $(COVERAGE_LDFLAGS) \ + $(NULL) libvirtd_LDADD = \ $(LIBXML_LIBS) \ diff --git a/m4/virt-linker-relro.m4 b/m4/virt-linker-relro.m4 index 9bca90e..d287cbc 100644 --- a/m4/virt-linker-relro.m4 +++ b/m4/virt-linker-relro.m4 @@ -22,10 +22,10 @@ AC_DEFUN([LIBVIRT_LINKER_RELRO],[ AC_MSG_CHECKING([for how to force completely read-only GOT table]) RELRO_LDFLAGS= - `$LD --help 2>&1 | grep -- "-z relro" >/dev/null` && \ - RELRO_LDFLAGS="-Wl,-z -Wl,relro" - `$LD --help 2>&1 | grep -- "-z now" >/dev/null` && \ - RELRO_LDFLAGS="$RELRO_LDFLAGS -Wl,-z -Wl,now" + case `$LD --help 2>&1` in + *"-z relro"*) RELRO_LDFLAGS="-Wl,-z -Wl,relro" ;& + *"-z now"*) RELRO_LDFLAGS="$RELRO_LDFLAGS -Wl,-z -Wl,now" ;; + esac AC_SUBST([RELRO_LDFLAGS]) AC_MSG_RESULT([$RELRO_LDFLAGS]) diff --git a/src/Makefile.am b/src/Makefile.am index 4702cde..7c3d8a1 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -33,7 +33,9 @@ AM_CFLAGS = $(LIBXML_CFLAGS) \ $(WIN32_EXTRA_CFLAGS) \ $(COVERAGE_CFLAGS) AM_LDFLAGS = $(DRIVER_MODULE_LDFLAGS) \ - $(COVERAGE_LDFLAGS) + $(COVERAGE_LDFLAGS) \ + $(RELRO_LDFLAGS) \ + $(NULL) EXTRA_DIST = $(conf_DATA) util/keymaps.csv @@ -1812,7 +1814,6 @@ libvirt_la_LDFLAGS = \ -version-info $(LIBVIRT_VERSION_INFO) \ $(LIBVIRT_NODELETE) \ $(AM_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(CYGWIN_EXTRA_LDFLAGS) \ $(MINGW_EXTRA_LDFLAGS) \ $(NULL) @@ -1896,7 +1897,6 @@ libvirt_qemu_la_LDFLAGS = \ $(VERSION_SCRIPT_FLAGS)$(LIBVIRT_QEMU_SYMBOL_FILE) \ -version-info $(LIBVIRT_VERSION_INFO) \ $(AM_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(CYGWIN_EXTRA_LDFLAGS) \ $(MINGW_EXTRA_LDFLAGS) \ $(NULL) @@ -1908,7 +1908,6 @@ libvirt_lxc_la_LDFLAGS = \ $(VERSION_SCRIPT_FLAGS)$(LIBVIRT_LXC_SYMBOL_FILE) \ -version-info $(LIBVIRT_VERSION_INFO) \ $(AM_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(CYGWIN_EXTRA_LDFLAGS) \ $(MINGW_EXTRA_LDFLAGS) \ $(NULL) @@ -1964,7 +1963,6 @@ virtlockd_CFLAGS = \ virtlockd_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(CYGWIN_EXTRA_LDFLAGS) \ $(MINGW_EXTRA_LDFLAGS) \ $(NULL) @@ -2243,7 +2241,6 @@ libvirt_iohelper_SOURCES = $(UTIL_IO_HELPER_SOURCES) libvirt_iohelper_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(NULL) libvirt_iohelper_LDADD = \ libvirt_util.la \ @@ -2266,7 +2263,6 @@ libvirt_parthelper_SOURCES = $(STORAGE_HELPER_DISK_SOURCES) libvirt_parthelper_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(NULL) libvirt_parthelper_LDADD = \ $(LIBPARTED_LIBS) \ @@ -2298,7 +2294,6 @@ libvirt_sanlock_helper_CFLAGS = \ libvirt_sanlock_helper_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(NULL) libvirt_sanlock_helper_LDADD = libvirt.la endif @@ -2314,7 +2309,6 @@ libvirt_lxc_SOURCES = \ libvirt_lxc_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(NULL) libvirt_lxc_LDADD = \ $(FUSE_LIBS) \ @@ -2358,7 +2352,6 @@ virt_aa_helper_SOURCES = $(SECURITY_DRIVER_APPARMOR_HELPER_SOURCES) virt_aa_helper_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(NULL) virt_aa_helper_LDADD = \ libvirt_conf.la \ diff --git a/tools/Makefile.am b/tools/Makefile.am index f85c35c..be7ed23 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -22,6 +22,10 @@ INCLUDES = \ -I$(top_srcdir) \ $(GETTEXT_CPPFLAGS) +AM_LDFLAGS = \ + $(RELRO_LDFLAGS) \ + $(NULL) + POD2MAN = pod2man -c "Virtualization Support" -r "$(PACKAGE)-$(VERSION)" ICON_FILES = \ @@ -118,8 +122,8 @@ virt_host_validate_SOURCES = \ $(NULL) virt_host_validate_LDFLAGS = \ + $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(COVERAGE_LDFLAGS) \ $(NULL) @@ -137,11 +141,13 @@ virt_host_validate_CFLAGS = \ virt_login_shell_SOURCES = \ virt-login-shell.c -virt_login_shell_LDFLAGS = $(COVERAGE_LDFLAGS) +virt_login_shell_LDFLAGS = \ + $(AM_LDFLAGS) \ + $(COVERAGE_LDFLAGS) \ + $(NULL) virt_login_shell_LDADD = \ $(STATIC_BINARIES) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ ../src/libvirt.la \ ../src/libvirt-lxc.la \ ../gnulib/lib/libgnu.la @@ -167,11 +173,13 @@ virsh_SOURCES = \ virsh-volume.c virsh-volume.h \ $(NULL) -virsh_LDFLAGS = $(COVERAGE_LDFLAGS) +virsh_LDFLAGS = \ + $(AM_LDFLAGS) \ + $(COVERAGE_LDFLAGS) \ + $(NULL) virsh_LDADD = \ $(STATIC_BINARIES) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ ../src/libvirt.la \ ../src/libvirt-lxc.la \ ../src/libvirt-qemu.la \ -- 1.8.4.rc3