diff options
author | netblue30 <netblue30@yahoo.com> | 2019-06-26 10:24:28 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2019-06-26 10:24:28 -0400 |
commit | 37b23e8d53ce4d1f96d21fb89b6f702cc8a8c788 (patch) | |
tree | 36d309f37cc288fe527eb53414ed575c36024083 | |
parent | Silence xauth output in src/firejail/x11.c (#2796) (diff) | |
download | firejail-37b23e8d53ce4d1f96d21fb89b6f702cc8a8c788.tar.gz firejail-37b23e8d53ce4d1f96d21fb89b6f702cc8a8c788.tar.zst firejail-37b23e8d53ce4d1f96d21fb89b6f702cc8a8c788.zip |
testing for -fstack-clash-protection and -fstack-protector-strong compile flags
-rwxr-xr-x | configure | 94 | ||||
-rw-r--r-- | configure.ac | 14 |
2 files changed, 90 insertions, 18 deletions
@@ -682,7 +682,6 @@ infodir | |||
682 | docdir | 682 | docdir |
683 | oldincludedir | 683 | oldincludedir |
684 | includedir | 684 | includedir |
685 | runstatedir | ||
686 | localstatedir | 685 | localstatedir |
687 | sharedstatedir | 686 | sharedstatedir |
688 | sysconfdir | 687 | sysconfdir |
@@ -775,7 +774,6 @@ datadir='${datarootdir}' | |||
775 | sysconfdir='${prefix}/etc' | 774 | sysconfdir='${prefix}/etc' |
776 | sharedstatedir='${prefix}/com' | 775 | sharedstatedir='${prefix}/com' |
777 | localstatedir='${prefix}/var' | 776 | localstatedir='${prefix}/var' |
778 | runstatedir='${localstatedir}/run' | ||
779 | includedir='${prefix}/include' | 777 | includedir='${prefix}/include' |
780 | oldincludedir='/usr/include' | 778 | oldincludedir='/usr/include' |
781 | docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' | 779 | docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' |
@@ -1028,15 +1026,6 @@ do | |||
1028 | | -silent | --silent | --silen | --sile | --sil) | 1026 | | -silent | --silent | --silen | --sile | --sil) |
1029 | silent=yes ;; | 1027 | silent=yes ;; |
1030 | 1028 | ||
1031 | -runstatedir | --runstatedir | --runstatedi | --runstated \ | ||
1032 | | --runstate | --runstat | --runsta | --runst | --runs \ | ||
1033 | | --run | --ru | --r) | ||
1034 | ac_prev=runstatedir ;; | ||
1035 | -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ | ||
1036 | | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ | ||
1037 | | --run=* | --ru=* | --r=*) | ||
1038 | runstatedir=$ac_optarg ;; | ||
1039 | |||
1040 | -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) | 1029 | -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) |
1041 | ac_prev=sbindir ;; | 1030 | ac_prev=sbindir ;; |
1042 | -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | 1031 | -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ |
@@ -1174,7 +1163,7 @@ fi | |||
1174 | for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ | 1163 | for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ |
1175 | datadir sysconfdir sharedstatedir localstatedir includedir \ | 1164 | datadir sysconfdir sharedstatedir localstatedir includedir \ |
1176 | oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ | 1165 | oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ |
1177 | libdir localedir mandir runstatedir | 1166 | libdir localedir mandir |
1178 | do | 1167 | do |
1179 | eval ac_val=\$$ac_var | 1168 | eval ac_val=\$$ac_var |
1180 | # Remove trailing slashes. | 1169 | # Remove trailing slashes. |
@@ -1327,7 +1316,6 @@ Fine tuning of the installation directories: | |||
1327 | --sysconfdir=DIR read-only single-machine data [PREFIX/etc] | 1316 | --sysconfdir=DIR read-only single-machine data [PREFIX/etc] |
1328 | --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] | 1317 | --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] |
1329 | --localstatedir=DIR modifiable single-machine data [PREFIX/var] | 1318 | --localstatedir=DIR modifiable single-machine data [PREFIX/var] |
1330 | --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] | ||
1331 | --libdir=DIR object code libraries [EPREFIX/lib] | 1319 | --libdir=DIR object code libraries [EPREFIX/lib] |
1332 | --includedir=DIR C header files [PREFIX/include] | 1320 | --includedir=DIR C header files [PREFIX/include] |
1333 | --oldincludedir=DIR C header files for non-gcc [/usr/include] | 1321 | --oldincludedir=DIR C header files for non-gcc [/usr/include] |
@@ -3194,6 +3182,78 @@ else | |||
3194 | : | 3182 | : |
3195 | fi | 3183 | fi |
3196 | 3184 | ||
3185 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-clash-protection" >&5 | ||
3186 | $as_echo_n "checking whether C compiler accepts -fstack-clash-protection... " >&6; } | ||
3187 | if ${ax_cv_check_cflags___fstack_clash_protection+:} false; then : | ||
3188 | $as_echo_n "(cached) " >&6 | ||
3189 | else | ||
3190 | |||
3191 | ax_check_save_flags=$CFLAGS | ||
3192 | CFLAGS="$CFLAGS -fstack-clash-protection" | ||
3193 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3194 | /* end confdefs.h. */ | ||
3195 | |||
3196 | int | ||
3197 | main () | ||
3198 | { | ||
3199 | |||
3200 | ; | ||
3201 | return 0; | ||
3202 | } | ||
3203 | _ACEOF | ||
3204 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3205 | ax_cv_check_cflags___fstack_clash_protection=yes | ||
3206 | else | ||
3207 | ax_cv_check_cflags___fstack_clash_protection=no | ||
3208 | fi | ||
3209 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3210 | CFLAGS=$ax_check_save_flags | ||
3211 | fi | ||
3212 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_clash_protection" >&5 | ||
3213 | $as_echo "$ax_cv_check_cflags___fstack_clash_protection" >&6; } | ||
3214 | if test "x$ax_cv_check_cflags___fstack_clash_protection" = xyes; then : | ||
3215 | HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-clash-protection" | ||
3216 | |||
3217 | else | ||
3218 | : | ||
3219 | fi | ||
3220 | |||
3221 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector-strong" >&5 | ||
3222 | $as_echo_n "checking whether C compiler accepts -fstack-protector-strong... " >&6; } | ||
3223 | if ${ax_cv_check_cflags___fstack_protector_strong+:} false; then : | ||
3224 | $as_echo_n "(cached) " >&6 | ||
3225 | else | ||
3226 | |||
3227 | ax_check_save_flags=$CFLAGS | ||
3228 | CFLAGS="$CFLAGS -fstack-protector-strong" | ||
3229 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
3230 | /* end confdefs.h. */ | ||
3231 | |||
3232 | int | ||
3233 | main () | ||
3234 | { | ||
3235 | |||
3236 | ; | ||
3237 | return 0; | ||
3238 | } | ||
3239 | _ACEOF | ||
3240 | if ac_fn_c_try_compile "$LINENO"; then : | ||
3241 | ax_cv_check_cflags___fstack_protector_strong=yes | ||
3242 | else | ||
3243 | ax_cv_check_cflags___fstack_protector_strong=no | ||
3244 | fi | ||
3245 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
3246 | CFLAGS=$ax_check_save_flags | ||
3247 | fi | ||
3248 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector_strong" >&5 | ||
3249 | $as_echo "$ax_cv_check_cflags___fstack_protector_strong" >&6; } | ||
3250 | if test "x$ax_cv_check_cflags___fstack_protector_strong" = xyes; then : | ||
3251 | HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-protector-strong" | ||
3252 | |||
3253 | else | ||
3254 | : | ||
3255 | fi | ||
3256 | |||
3197 | 3257 | ||
3198 | HAVE_APPARMOR="" | 3258 | HAVE_APPARMOR="" |
3199 | # Check whether --enable-apparmor was given. | 3259 | # Check whether --enable-apparmor was given. |
@@ -3326,8 +3386,8 @@ if test "x$enable_apparmor" = "xyes"; then : | |||
3326 | HAVE_APPARMOR="-DHAVE_APPARMOR" | 3386 | HAVE_APPARMOR="-DHAVE_APPARMOR" |
3327 | 3387 | ||
3328 | pkg_failed=no | 3388 | pkg_failed=no |
3329 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for AA" >&5 | 3389 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libapparmor" >&5 |
3330 | $as_echo_n "checking for AA... " >&6; } | 3390 | $as_echo_n "checking for libapparmor... " >&6; } |
3331 | 3391 | ||
3332 | if test -n "$AA_CFLAGS"; then | 3392 | if test -n "$AA_CFLAGS"; then |
3333 | pkg_cv_AA_CFLAGS="$AA_CFLAGS" | 3393 | pkg_cv_AA_CFLAGS="$AA_CFLAGS" |
@@ -3367,7 +3427,7 @@ fi | |||
3367 | 3427 | ||
3368 | 3428 | ||
3369 | if test $pkg_failed = yes; then | 3429 | if test $pkg_failed = yes; then |
3370 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 3430 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
3371 | $as_echo "no" >&6; } | 3431 | $as_echo "no" >&6; } |
3372 | 3432 | ||
3373 | if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then | 3433 | if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then |
@@ -3394,7 +3454,7 @@ Alternatively, you may set the environment variables AA_CFLAGS | |||
3394 | and AA_LIBS to avoid the need to call pkg-config. | 3454 | and AA_LIBS to avoid the need to call pkg-config. |
3395 | See the pkg-config man page for more details." "$LINENO" 5 | 3455 | See the pkg-config man page for more details." "$LINENO" 5 |
3396 | elif test $pkg_failed = untried; then | 3456 | elif test $pkg_failed = untried; then |
3397 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 3457 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
3398 | $as_echo "no" >&6; } | 3458 | $as_echo "no" >&6; } |
3399 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 | 3459 | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 |
3400 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} | 3460 | $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} |
diff --git a/configure.ac b/configure.ac index 675c8fd65..27dcb39c5 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -2,7 +2,11 @@ | |||
2 | # Note: | 2 | # Note: |
3 | # | 3 | # |
4 | # If for any reason autoconf fails, run "autoreconf -i --install " and try again. | 4 | # If for any reason autoconf fails, run "autoreconf -i --install " and try again. |
5 | # We rely soley on autoconf, without automake. Apparently, in this case | 5 | # This is how the error looks like on Arch Linux: |
6 | # ./configure: line 3064: syntax error near unexpected token `newline' | ||
7 | # ./configure: line 3064: `AX_CHECK_COMPILE_FLAG(' | ||
8 | # | ||
9 | # We rely solely on autoconf, without automake. Apparently, in this case | ||
6 | # the macros from m4 directory are not picked up by default by automake. | 10 | # the macros from m4 directory are not picked up by default by automake. |
7 | # "autoreconf -i --install" seems to fix the problem. | 11 | # "autoreconf -i --install" seems to fix the problem. |
8 | # | 12 | # |
@@ -26,6 +30,14 @@ AX_CHECK_COMPILE_FLAG( | |||
26 | [-mretpoline], | 30 | [-mretpoline], |
27 | [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline"] | 31 | [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline"] |
28 | ) | 32 | ) |
33 | AX_CHECK_COMPILE_FLAG( | ||
34 | [-fstack-clash-protection], | ||
35 | [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-clash-protection"] | ||
36 | ) | ||
37 | AX_CHECK_COMPILE_FLAG( | ||
38 | [-fstack-protector-strong], | ||
39 | [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-protector-strong"] | ||
40 | ) | ||
29 | 41 | ||
30 | HAVE_APPARMOR="" | 42 | HAVE_APPARMOR="" |
31 | AC_ARG_ENABLE([apparmor], | 43 | AC_ARG_ENABLE([apparmor], |