diff options
author | netblue30 <netblue30@yahoo.com> | 2018-03-23 19:28:05 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-03-23 19:28:05 -0400 |
commit | e3f64f751ec2caaf4c209f95eefab5bc9166db0e (patch) | |
tree | 9e52bf8ec37c4b53813144d84a3df8989efb82ed | |
parent | added java support for libreoffice (diff) | |
download | firejail-e3f64f751ec2caaf4c209f95eefab5bc9166db0e.tar.gz firejail-e3f64f751ec2caaf4c209f95eefab5bc9166db0e.tar.zst firejail-e3f64f751ec2caaf4c209f95eefab5bc9166db0e.zip |
support Spectre mitigation patch for gcc compiler
-rw-r--r-- | Makefile.in | 4 | ||||
-rw-r--r-- | RELNOTES | 4 | ||||
-rwxr-xr-x | configure | 30 | ||||
-rw-r--r-- | configure.ac | 20 | ||||
-rw-r--r-- | dummy.c | 3 | ||||
-rw-r--r-- | src/fbuilder/Makefile.in | 4 | ||||
-rw-r--r-- | src/fcopy/Makefile.in | 3 | ||||
-rw-r--r-- | src/firecfg/Makefile.in | 3 | ||||
-rw-r--r-- | src/firejail/Makefile.in | 3 | ||||
-rw-r--r-- | src/firemon/Makefile.in | 3 | ||||
-rw-r--r-- | src/fldd/Makefile.in | 4 | ||||
-rw-r--r-- | src/fnet/Makefile.in | 4 | ||||
-rw-r--r-- | src/fnetfilter/Makefile.in | 4 | ||||
-rw-r--r-- | src/fsec-optimize/Makefile.in | 4 | ||||
-rw-r--r-- | src/fsec-print/Makefile.in | 3 | ||||
-rw-r--r-- | src/fseccomp/Makefile.in | 4 | ||||
-rw-r--r-- | src/ftee/Makefile.in | 3 | ||||
-rw-r--r-- | src/lib/Makefile.in | 3 |
18 files changed, 83 insertions, 23 deletions
diff --git a/Makefile.in b/Makefile.in index 27187f53a..21055b694 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -75,7 +75,7 @@ distclean: clean | |||
75 | for dir in $(APPS) $(MYLIBS); do \ | 75 | for dir in $(APPS) $(MYLIBS); do \ |
76 | $(MAKE) -C $$dir distclean; \ | 76 | $(MAKE) -C $$dir distclean; \ |
77 | done | 77 | done |
78 | rm -fr Makefile autom4te.cache config.log config.status config.h uids.h | 78 | rm -fr Makefile autom4te.cache config.log config.status config.h uids.h dummy.o |
79 | 79 | ||
80 | realinstall: | 80 | realinstall: |
81 | # firejail executable | 81 | # firejail executable |
@@ -195,7 +195,7 @@ uninstall: | |||
195 | rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firemon | 195 | rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firemon |
196 | rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firecfg | 196 | rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firecfg |
197 | 197 | ||
198 | DISTFILES = "src etc platform contrib configure configure.ac Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh mkuid.sh COPYING README RELNOTES" | 198 | DISTFILES = "src etc platform contrib configure configure.ac dummy.c Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh mkuid.sh COPYING README RELNOTES" |
199 | DISTFILES_TEST = "test/apps test/apps-x11 test/apps-x11-xorg test/root test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils test/chroot" | 199 | DISTFILES_TEST = "test/apps test/apps-x11 test/apps-x11-xorg test/root test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils test/chroot" |
200 | 200 | ||
201 | dist: | 201 | dist: |
@@ -26,8 +26,8 @@ firejail (0.9.53) baseline; urgency=low | |||
26 | * added sandbox name support in firemon | 26 | * added sandbox name support in firemon |
27 | * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, | 27 | * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, |
28 | * new profiles: discord-canary, pycharm-community, pycharm-professional, | 28 | * new profiles: discord-canary, pycharm-community, pycharm-professional, |
29 | * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, VS Code, | 29 | * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, |
30 | * new profiles: falkon, gnome-builder, asunder | 30 | * new profiles: falkon, gnome-builder, asunder, VS Code, |
31 | -- netblue30 <netblue30@yahoo.com> Thu, 1 Mar 2018 08:00:00 -0500 | 31 | -- netblue30 <netblue30@yahoo.com> Thu, 1 Mar 2018 08:00:00 -0500 |
32 | 32 | ||
33 | firejail (0.9.52) baseline; urgency=low | 33 | firejail (0.9.52) baseline; urgency=low |
@@ -646,6 +646,7 @@ EGREP | |||
646 | GREP | 646 | GREP |
647 | CPP | 647 | CPP |
648 | HAVE_APPARMOR | 648 | HAVE_APPARMOR |
649 | EXTRA_CFLAGS | ||
649 | RANLIB | 650 | RANLIB |
650 | INSTALL_DATA | 651 | INSTALL_DATA |
651 | INSTALL_SCRIPT | 652 | INSTALL_SCRIPT |
@@ -3105,6 +3106,33 @@ else | |||
3105 | fi | 3106 | fi |
3106 | 3107 | ||
3107 | 3108 | ||
3109 | |||
3110 | HAVE_SPECTRE="no" | ||
3111 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Spectre mitigation support in gcc compiler" >&5 | ||
3112 | $as_echo_n "checking for Spectre mitigation support in gcc compiler... " >&6; } | ||
3113 | if test "$CC" = "gcc"; then : | ||
3114 | |||
3115 | HAVE_SPECTRE="yes" | ||
3116 | $CC -mindirect-branch=thunk -c dummy.c || HAVE_SPECTRE="no" | ||
3117 | rm -f dummy.o | ||
3118 | |||
3119 | fi | ||
3120 | if test "$HAVE_SPECTRE" = "yes"; then : | ||
3121 | |||
3122 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
3123 | $as_echo "yes" >&6; } | ||
3124 | EXTRA_CFLAGS+="-mindirect-branch=thunk" | ||
3125 | |||
3126 | fi | ||
3127 | if test "$HAVE_SPECTRE" = "no"; then : | ||
3128 | |||
3129 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: ... not available" >&5 | ||
3130 | $as_echo "... not available" >&6; } | ||
3131 | |||
3132 | fi | ||
3133 | |||
3134 | |||
3135 | |||
3108 | HAVE_APPARMOR="" | 3136 | HAVE_APPARMOR="" |
3109 | # Check whether --enable-apparmor was given. | 3137 | # Check whether --enable-apparmor was given. |
3110 | if test "${enable_apparmor+set}" = set; then : | 3138 | if test "${enable_apparmor+set}" = set; then : |
@@ -5024,7 +5052,9 @@ echo " file transfer support: $HAVE_FILE_TRANSFER" | |||
5024 | echo " overlayfs support: $HAVE_OVERLAYFS" | 5052 | echo " overlayfs support: $HAVE_OVERLAYFS" |
5025 | echo " git install support: $HAVE_GIT_INSTALL" | 5053 | echo " git install support: $HAVE_GIT_INSTALL" |
5026 | echo " busybox workaround: $BUSYBOX_WORKAROUND" | 5054 | echo " busybox workaround: $BUSYBOX_WORKAROUND" |
5055 | echo " Spectre compiler patch: $HAVE_SPECTRE" | ||
5027 | echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" | 5056 | echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" |
5057 | echo " EXTRA_CFLAGS: $EXTRA_CFLAGS" | ||
5028 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" | 5058 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" |
5029 | echo " Gcov instrumentation: $HAVE_GCOV" | 5059 | echo " Gcov instrumentation: $HAVE_GCOV" |
5030 | echo " Install contrib scripts: $HAVE_CONTRIB_INSTALL" | 5060 | echo " Install contrib scripts: $HAVE_CONTRIB_INSTALL" |
diff --git a/configure.ac b/configure.ac index 952dec3b8..d6d4eb874 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -9,6 +9,24 @@ AC_PROG_CC | |||
9 | AC_PROG_INSTALL | 9 | AC_PROG_INSTALL |
10 | AC_PROG_RANLIB | 10 | AC_PROG_RANLIB |
11 | 11 | ||
12 | |||
13 | HAVE_SPECTRE="no" | ||
14 | AC_MSG_CHECKING(for Spectre mitigation support in gcc compiler) | ||
15 | AS_IF([test "$CC" = "gcc"], [ | ||
16 | HAVE_SPECTRE="yes" | ||
17 | $CC -mindirect-branch=thunk -c dummy.c || HAVE_SPECTRE="no" | ||
18 | rm -f dummy.o | ||
19 | ]) | ||
20 | AS_IF([test "$HAVE_SPECTRE" = "yes"], [ | ||
21 | AC_MSG_RESULT(yes) | ||
22 | EXTRA_CFLAGS+="-mindirect-branch=thunk" | ||
23 | ]) | ||
24 | AS_IF([test "$HAVE_SPECTRE" = "no"], [ | ||
25 | AC_MSG_RESULT(... not available) | ||
26 | ]) | ||
27 | AC_SUBST([EXTRA_CFLAGS]) | ||
28 | |||
29 | |||
12 | HAVE_APPARMOR="" | 30 | HAVE_APPARMOR="" |
13 | AC_ARG_ENABLE([apparmor], | 31 | AC_ARG_ENABLE([apparmor], |
14 | AS_HELP_STRING([--enable-apparmor], [enable apparmor])) | 32 | AS_HELP_STRING([--enable-apparmor], [enable apparmor])) |
@@ -198,7 +216,9 @@ echo " file transfer support: $HAVE_FILE_TRANSFER" | |||
198 | echo " overlayfs support: $HAVE_OVERLAYFS" | 216 | echo " overlayfs support: $HAVE_OVERLAYFS" |
199 | echo " git install support: $HAVE_GIT_INSTALL" | 217 | echo " git install support: $HAVE_GIT_INSTALL" |
200 | echo " busybox workaround: $BUSYBOX_WORKAROUND" | 218 | echo " busybox workaround: $BUSYBOX_WORKAROUND" |
219 | echo " Spectre compiler patch: $HAVE_SPECTRE" | ||
201 | echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" | 220 | echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" |
221 | echo " EXTRA_CFLAGS: $EXTRA_CFLAGS" | ||
202 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" | 222 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" |
203 | echo " Gcov instrumentation: $HAVE_GCOV" | 223 | echo " Gcov instrumentation: $HAVE_GCOV" |
204 | echo " Install contrib scripts: $HAVE_CONTRIB_INSTALL" | 224 | echo " Install contrib scripts: $HAVE_CONTRIB_INSTALL" |
diff --git a/dummy.c b/dummy.c new file mode 100644 index 000000000..061ed7eef --- /dev/null +++ b/dummy.c | |||
@@ -0,0 +1,3 @@ | |||
1 | int main(void) { | ||
2 | return 0; | ||
3 | } | ||
diff --git a/src/fbuilder/Makefile.in b/src/fbuilder/Makefile.in index dd8e2ce6e..5bf78f92a 100644 --- a/src/fbuilder/Makefile.in +++ b/src/fbuilder/Makefile.in | |||
@@ -22,9 +22,9 @@ HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | |||
22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | 22 | HAVE_APPARMOR=@HAVE_APPARMOR@ |
23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | 23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ |
24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ |
25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
26 | HAVE_GCOV=@HAVE_GCOV@ | 25 | HAVE_GCOV=@HAVE_GCOV@ |
27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 26 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
28 | 28 | ||
29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 29 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
30 | C_FILE_LIST = $(sort $(wildcard *.c)) | 30 | C_FILE_LIST = $(sort $(wildcard *.c)) |
@@ -34,7 +34,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | |||
34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
35 | 35 | ||
36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h | 36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h |
37 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
38 | 38 | ||
39 | fbuilder: $(OBJS) | 39 | fbuilder: $(OBJS) |
40 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) | 40 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) |
diff --git a/src/fcopy/Makefile.in b/src/fcopy/Makefile.in index ad08f543e..519240c3d 100644 --- a/src/fcopy/Makefile.in +++ b/src/fcopy/Makefile.in | |||
@@ -25,6 +25,7 @@ HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | |||
25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
26 | HAVE_GCOV=@HAVE_GCOV@ | 26 | HAVE_GCOV=@HAVE_GCOV@ |
27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
28 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
28 | 29 | ||
29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 30 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
30 | C_FILE_LIST = $(sort $(wildcard *.c)) | 31 | C_FILE_LIST = $(sort $(wildcard *.c)) |
@@ -34,7 +35,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | |||
34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 35 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
35 | 36 | ||
36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h | 37 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h |
37 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 38 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
38 | 39 | ||
39 | fcopy: $(OBJS) | 40 | fcopy: $(OBJS) |
40 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) | 41 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) |
diff --git a/src/firecfg/Makefile.in b/src/firecfg/Makefile.in index 0b2b03275..f0d389e36 100644 --- a/src/firecfg/Makefile.in +++ b/src/firecfg/Makefile.in | |||
@@ -19,6 +19,7 @@ HAVE_X11=@HAVE_X11@ | |||
19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | 19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ |
20 | HAVE_GCOV=@HAVE_GCOV@ | 20 | HAVE_GCOV=@HAVE_GCOV@ |
21 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 21 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
22 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
22 | 23 | ||
23 | 24 | ||
24 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 25 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
@@ -29,7 +30,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | |||
29 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 30 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
30 | 31 | ||
31 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h | 32 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h |
32 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 33 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
33 | 34 | ||
34 | firecfg: $(OBJS) ../lib/common.o | 35 | firecfg: $(OBJS) ../lib/common.o |
35 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o $(LIBS) $(EXTRA_LDFLAGS) | 36 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o $(LIBS) $(EXTRA_LDFLAGS) |
diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in index 01cb929e2..543924103 100644 --- a/src/firejail/Makefile.in +++ b/src/firejail/Makefile.in | |||
@@ -25,6 +25,7 @@ HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | |||
25 | HAVE_GCOV=@HAVE_GCOV@ | 25 | HAVE_GCOV=@HAVE_GCOV@ |
26 | HAVE_GIT_INSTALL=@HAVE_GIT_INSTALL@ | 26 | HAVE_GIT_INSTALL=@HAVE_GIT_INSTALL@ |
27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
28 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
28 | 29 | ||
29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 30 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
30 | C_FILE_LIST = $(sort $(wildcard *.c)) | 31 | C_FILE_LIST = $(sort $(wildcard *.c)) |
@@ -34,7 +35,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV | |||
34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 35 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
35 | 36 | ||
36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h | 37 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h |
37 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 38 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
38 | 39 | ||
39 | firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o | 40 | firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o |
40 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/ldd_utils.o $(LIBS) $(EXTRA_LDFLAGS) | 41 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/ldd_utils.o $(LIBS) $(EXTRA_LDFLAGS) |
diff --git a/src/firemon/Makefile.in b/src/firemon/Makefile.in index 326c305d9..ede25f6b5 100644 --- a/src/firemon/Makefile.in +++ b/src/firemon/Makefile.in | |||
@@ -17,10 +17,11 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$ | |||
17 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now | 17 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now |
18 | HAVE_GCOV=@HAVE_GCOV@ | 18 | HAVE_GCOV=@HAVE_GCOV@ |
19 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 19 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
20 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
20 | 21 | ||
21 | 22 | ||
22 | %.o : %.c $(H_FILE_LIST) | 23 | %.o : %.c $(H_FILE_LIST) |
23 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 24 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
24 | 25 | ||
25 | firemon: $(OBJS) ../lib/common.o ../lib/pid.o | 26 | firemon: $(OBJS) ../lib/common.o ../lib/pid.o |
26 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/pid.o $(LIBS) $(EXTRA_LDFLAGS) | 27 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/pid.o $(LIBS) $(EXTRA_LDFLAGS) |
diff --git a/src/fldd/Makefile.in b/src/fldd/Makefile.in index e2bf4b787..e199d517d 100644 --- a/src/fldd/Makefile.in +++ b/src/fldd/Makefile.in | |||
@@ -24,7 +24,7 @@ HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | |||
24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ |
25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
26 | HAVE_GCOV=@HAVE_GCOV@ | 26 | HAVE_GCOV=@HAVE_GCOV@ |
27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ |
28 | 28 | ||
29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 29 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
30 | C_FILE_LIST = $(sort $(wildcard *.c)) | 30 | C_FILE_LIST = $(sort $(wildcard *.c)) |
@@ -34,7 +34,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | |||
34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
35 | 35 | ||
36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h ../include/ldd_utils.h | 36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h ../include/ldd_utils.h |
37 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
38 | 38 | ||
39 | fldd: $(OBJS) ../lib/ldd_utils.o | 39 | fldd: $(OBJS) ../lib/ldd_utils.o |
40 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/ldd_utils.o $(LIBS) $(EXTRA_LDFLAGS) | 40 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/ldd_utils.o $(LIBS) $(EXTRA_LDFLAGS) |
diff --git a/src/fnet/Makefile.in b/src/fnet/Makefile.in index 3288e6354..06b8bbee7 100644 --- a/src/fnet/Makefile.in +++ b/src/fnet/Makefile.in | |||
@@ -22,9 +22,9 @@ HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | |||
22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | 22 | HAVE_APPARMOR=@HAVE_APPARMOR@ |
23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | 23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ |
24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ |
25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
26 | HAVE_GCOV=@HAVE_GCOV@ | 25 | HAVE_GCOV=@HAVE_GCOV@ |
27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 26 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
28 | 28 | ||
29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 29 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
30 | C_FILE_LIST = $(sort $(wildcard *.c)) | 30 | C_FILE_LIST = $(sort $(wildcard *.c)) |
@@ -34,7 +34,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | |||
34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
35 | 35 | ||
36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/libnetlink.h | 36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/libnetlink.h |
37 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
38 | 38 | ||
39 | fnet: $(OBJS) ../lib/libnetlink.o | 39 | fnet: $(OBJS) ../lib/libnetlink.o |
40 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/libnetlink.o $(LIBS) $(EXTRA_LDFLAGS) | 40 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/libnetlink.o $(LIBS) $(EXTRA_LDFLAGS) |
diff --git a/src/fnetfilter/Makefile.in b/src/fnetfilter/Makefile.in index 1063737e1..0a0a8acc0 100644 --- a/src/fnetfilter/Makefile.in +++ b/src/fnetfilter/Makefile.in | |||
@@ -24,7 +24,7 @@ HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | |||
24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ |
25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
26 | HAVE_GCOV=@HAVE_GCOV@ | 26 | HAVE_GCOV=@HAVE_GCOV@ |
27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ |
28 | 28 | ||
29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 29 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
30 | C_FILE_LIST = $(sort $(wildcard *.c)) | 30 | C_FILE_LIST = $(sort $(wildcard *.c)) |
@@ -34,7 +34,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | |||
34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
35 | 35 | ||
36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h | 36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h |
37 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
38 | 38 | ||
39 | fnetfilter: $(OBJS) | 39 | fnetfilter: $(OBJS) |
40 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) | 40 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) |
diff --git a/src/fsec-optimize/Makefile.in b/src/fsec-optimize/Makefile.in index 6ddbfc075..faa1aa476 100644 --- a/src/fsec-optimize/Makefile.in +++ b/src/fsec-optimize/Makefile.in | |||
@@ -22,9 +22,9 @@ HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | |||
22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | 22 | HAVE_APPARMOR=@HAVE_APPARMOR@ |
23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | 23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ |
24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ |
25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
26 | HAVE_GCOV=@HAVE_GCOV@ | 25 | HAVE_GCOV=@HAVE_GCOV@ |
27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 26 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
28 | 28 | ||
29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 29 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
30 | C_FILE_LIST = $(sort $(wildcard *.c)) | 30 | C_FILE_LIST = $(sort $(wildcard *.c)) |
@@ -34,7 +34,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | |||
34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
35 | 35 | ||
36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/seccomp.h ../include/syscall.h | 36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/seccomp.h ../include/syscall.h |
37 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
38 | 38 | ||
39 | fsec-optimize: $(OBJS) ../lib/libnetlink.o | 39 | fsec-optimize: $(OBJS) ../lib/libnetlink.o |
40 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) | 40 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) |
diff --git a/src/fsec-print/Makefile.in b/src/fsec-print/Makefile.in index 5d23382f7..177b23f06 100644 --- a/src/fsec-print/Makefile.in +++ b/src/fsec-print/Makefile.in | |||
@@ -25,6 +25,7 @@ HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | |||
25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
26 | HAVE_GCOV=@HAVE_GCOV@ | 26 | HAVE_GCOV=@HAVE_GCOV@ |
27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
28 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
28 | 29 | ||
29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 30 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
30 | C_FILE_LIST = $(sort $(wildcard *.c)) | 31 | C_FILE_LIST = $(sort $(wildcard *.c)) |
@@ -34,7 +35,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | |||
34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 35 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
35 | 36 | ||
36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/seccomp.h ../include/syscall.h | 37 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/seccomp.h ../include/syscall.h |
37 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 38 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
38 | 39 | ||
39 | fsec-print: $(OBJS) ../lib/libnetlink.o | 40 | fsec-print: $(OBJS) ../lib/libnetlink.o |
40 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) | 41 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) |
diff --git a/src/fseccomp/Makefile.in b/src/fseccomp/Makefile.in index df4343d36..3fd73bc5c 100644 --- a/src/fseccomp/Makefile.in +++ b/src/fseccomp/Makefile.in | |||
@@ -22,9 +22,9 @@ HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | |||
22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | 22 | HAVE_APPARMOR=@HAVE_APPARMOR@ |
23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | 23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ |
24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ |
25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
26 | HAVE_GCOV=@HAVE_GCOV@ | 25 | HAVE_GCOV=@HAVE_GCOV@ |
27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 26 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
28 | 28 | ||
29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 29 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
30 | C_FILE_LIST = $(sort $(wildcard *.c)) | 30 | C_FILE_LIST = $(sort $(wildcard *.c)) |
@@ -34,7 +34,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | |||
34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
35 | 35 | ||
36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h | 36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h |
37 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
38 | 38 | ||
39 | fseccomp: $(OBJS) | 39 | fseccomp: $(OBJS) |
40 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) | 40 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) |
diff --git a/src/ftee/Makefile.in b/src/ftee/Makefile.in index fd39f0cb7..8846126f8 100644 --- a/src/ftee/Makefile.in +++ b/src/ftee/Makefile.in | |||
@@ -7,6 +7,7 @@ NAME=@PACKAGE_NAME@ | |||
7 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | 7 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ |
8 | HAVE_GCOV=@HAVE_GCOV@ | 8 | HAVE_GCOV=@HAVE_GCOV@ |
9 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 9 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
10 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
10 | 11 | ||
11 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 12 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
12 | C_FILE_LIST = $(sort $(wildcard *.c)) | 13 | C_FILE_LIST = $(sort $(wildcard *.c)) |
@@ -16,7 +17,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | |||
16 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 17 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
17 | 18 | ||
18 | %.o : %.c $(H_FILE_LIST) | 19 | %.o : %.c $(H_FILE_LIST) |
19 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 20 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
20 | 21 | ||
21 | ftee: $(OBJS) | 22 | ftee: $(OBJS) |
22 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(EXTRA_LDFLAGS) | 23 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(EXTRA_LDFLAGS) |
diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index a49e56ad2..a25014c74 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in | |||
@@ -5,6 +5,7 @@ NAME=@PACKAGE_NAME@ | |||
5 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | 5 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ |
6 | HAVE_GCOV=@HAVE_GCOV@ | 6 | HAVE_GCOV=@HAVE_GCOV@ |
7 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 7 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
8 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
8 | 9 | ||
9 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 10 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
10 | C_FILE_LIST = $(sort $(wildcard *.c)) | 11 | C_FILE_LIST = $(sort $(wildcard *.c)) |
@@ -16,7 +17,7 @@ LDFLAGS:=-pic -Wl,-z,relro -Wl,-z,now | |||
16 | all: $(OBJS) | 17 | all: $(OBJS) |
17 | 18 | ||
18 | %.o : %.c $(H_FILE_LIST) | 19 | %.o : %.c $(H_FILE_LIST) |
19 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 20 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
20 | 21 | ||
21 | clean:; rm -f $(OBJS) *.gcov *.gcda *.gcno | 22 | clean:; rm -f $(OBJS) *.gcov *.gcda *.gcno |
22 | 23 | ||