2 files changed, 71 insertions, 48 deletions
diff --git a/configure b/configure
index d47e0cbb0..c3bca4bb8 100755
--- a/configure
+++ b/configure
@@ -2095,6 +2095,8 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 #AC_CONFIG_HEADERS([config.h])
 ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -3101,46 +3103,81 @@ fi
 HAVE_SPECTRE="no"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Spectre mitigation support in gcc or clang compiler" >&5
-$as_echo_n "checking for Spectre mitigation support in gcc or clang compiler... " >&6; }
-if test "$CC" = "gcc"; then :
-        HAVE_SPECTRE="yes"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mindirect-branch=thunk" >&5
-        $CC -mindirect-branch=thunk -c dummy.c || HAVE_SPECTRE="no"
+$as_echo_n "checking whether C compiler accepts -mindirect-branch=thunk... " >&6; }
-        rm -f dummy.o
+if ${ax_cv_check_cflags___mindirect_branch_thunk+:} false; then :
-        if test "$HAVE_SPECTRE" = "yes"; then :
+  $as_echo_n "(cached) " >&6
+else
-                EXTRA_CFLAGS+=" -mindirect-branch=thunk "
+  ax_check_save_flags=$CFLAGS
+  CFLAGS="$CFLAGS  -mindirect-branch=thunk"
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int
+main ()
+{
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ax_cv_check_cflags___mindirect_branch_thunk=yes
+else
+  ax_cv_check_cflags___mindirect_branch_thunk=no
 fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  CFLAGS=$ax_check_save_flags
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mindirect_branch_thunk" >&5
+$as_echo "$ax_cv_check_cflags___mindirect_branch_thunk" >&6; }
+if test "x$ax_cv_check_cflags___mindirect_branch_thunk" = xyes; then :
+  HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mindirect-branch=thunk"
+else
+  :
 fi
-if test "$CC" = "clang"; then :
-        HAVE_SPECTRE="yes"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mretpoline" >&5
-        $CC -mretpoline -c dummy.c || HAVE_SPECTRE="no"
+$as_echo_n "checking whether C compiler accepts -mretpoline... " >&6; }
-        rm -f dummy.o
+if ${ax_cv_check_cflags___mretpoline+:} false; then :
-        if test "$HAVE_SPECTRE" = "yes"; then :
+  $as_echo_n "(cached) " >&6
+else
-                EXTRA_CFLAGS+=" -mretpoline "
+  ax_check_save_flags=$CFLAGS
+  CFLAGS="$CFLAGS  -mretpoline"
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
-fi
+int
+main ()
+{
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ax_cv_check_cflags___mretpoline=yes
+else
+  ax_cv_check_cflags___mretpoline=no
 fi
-if test "$HAVE_SPECTRE" = "yes"; then :
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  CFLAGS=$ax_check_save_flags
-        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
 fi
-if test "$HAVE_SPECTRE" = "no"; then :
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mretpoline" >&5
+$as_echo "$ax_cv_check_cflags___mretpoline" >&6; }
-        { $as_echo "$as_me:${as_lineno-$LINENO}: result: ... not available" >&5
+if test "x$ax_cv_check_cflags___mretpoline" = xyes; then :
-$as_echo "... not available" >&6; }
+  HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline"
+else
+  :
 fi
 HAVE_APPARMOR=""
 # Check whether --enable-apparmor was given.
 if test "${enable_apparmor+set}" = set; then :
@@ -3154,7 +3191,6 @@ if test "x$enable_apparmor" = "xyes"; then :
 fi
 ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
diff --git a/configure.ac b/configure.ac
index 40ead1604..f14b3812c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3,35 +3,22 @@ AC_INIT(firejail, 0.9.61, netblue30@yahoo.com, , https://firejail.wordpress.com)
 AC_CONFIG_SRCDIR([src/firejail/main.c])
 #AC_CONFIG_HEADERS([config.h])
+AC_CONFIG_MACRO_DIR([m4])
 AC_PROG_CC
 #AC_PROG_CXX
 AC_PROG_INSTALL
 AC_PROG_RANLIB
 HAVE_SPECTRE="no"
-AC_MSG_CHECKING(for Spectre mitigation support in gcc or clang compiler)
+AX_CHECK_COMPILE_FLAG(
-AS_IF([test "$CC" = "gcc"], [
+    [-mindirect-branch=thunk],
-        HAVE_SPECTRE="yes"
+    [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mindirect-branch=thunk"]
-        $CC -mindirect-branch=thunk -c dummy.c || HAVE_SPECTRE="no"
+)
-        rm -f dummy.o
+AX_CHECK_COMPILE_FLAG(
-        AS_IF([test "$HAVE_SPECTRE" = "yes"], [
+    [-mretpoline],
-                EXTRA_CFLAGS+=" -mindirect-branch=thunk "
+    [HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline"]
-        ])
+)
-])
-AS_IF([test "$CC" = "clang"], [
-        HAVE_SPECTRE="yes"
-        $CC -mretpoline -c dummy.c || HAVE_SPECTRE="no"
-        rm -f dummy.o
-        AS_IF([test "$HAVE_SPECTRE" = "yes"], [
-                EXTRA_CFLAGS+=" -mretpoline "
-        ])
-])
-AS_IF([test "$HAVE_SPECTRE" = "yes"], [
-        AC_MSG_RESULT(yes)
-])
-AS_IF([test "$HAVE_SPECTRE" = "no"], [
-        AC_MSG_RESULT(... not available)
-])
 AC_SUBST([EXTRA_CFLAGS])
 HAVE_APPARMOR=""

diff --git a/configure b/configure index d47e0cbb0..c3bca4bb8 100755 --- a/configure +++ b/configure
@@ -2095,6 +2095,8 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
2095		2095
2096	#AC_CONFIG_HEADERS([config.h])	2096	#AC_CONFIG_HEADERS([config.h])
2097		2097
		2098
		2099
2098	ac_ext=c	2100	ac_ext=c
2099	ac_cpp='$CPP $CPPFLAGS'	2101	ac_cpp='$CPP $CPPFLAGS'
2100	ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'	2102	ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -3101,46 +3103,81 @@ fi
3101		3103
3102		3104
3103	HAVE_SPECTRE="no"	3105	HAVE_SPECTRE="no"
3104	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Spectre mitigation support in gcc or clang compiler" >&5
3105	$as_echo_n "checking for Spectre mitigation support in gcc or clang compiler... " >&6; }
3106	if test "$CC" = "gcc"; then :
3107		3106
3108	HAVE_SPECTRE="yes"	3107	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mindirect-branch=thunk" >&5
3109	$CC -mindirect-branch=thunk -c dummy.c \|\| HAVE_SPECTRE="no"	3108	$as_echo_n "checking whether C compiler accepts -mindirect-branch=thunk... " >&6; }
3110	rm -f dummy.o	3109	if ${ax_cv_check_cflags___mindirect_branch_thunk+:} false; then :
3111	if test "$HAVE_SPECTRE" = "yes"; then :	3110	$as_echo_n "(cached) " >&6
		3111	else
3112		3112
3113	EXTRA_CFLAGS+=" -mindirect-branch=thunk "	3113	ax_check_save_flags=$CFLAGS
		3114	CFLAGS="$CFLAGS -mindirect-branch=thunk"
		3115	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
		3116	/* end confdefs.h. */
3114		3117
		3118	int
		3119	main ()
		3120	{
		3121
		3122	;
		3123	return 0;
		3124	}
		3125	_ACEOF
		3126	if ac_fn_c_try_compile "$LINENO"; then :
		3127	ax_cv_check_cflags___mindirect_branch_thunk=yes
		3128	else
		3129	ax_cv_check_cflags___mindirect_branch_thunk=no
3115	fi	3130	fi
		3131	rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
		3132	CFLAGS=$ax_check_save_flags
		3133	fi
		3134	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mindirect_branch_thunk" >&5
		3135	$as_echo "$ax_cv_check_cflags___mindirect_branch_thunk" >&6; }
		3136	if test "x$ax_cv_check_cflags___mindirect_branch_thunk" = xyes; then :
		3137	HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mindirect-branch=thunk"
3116		3138
		3139	else
		3140	:
3117	fi	3141	fi
3118	if test "$CC" = "clang"; then :
3119		3142
3120	HAVE_SPECTRE="yes"	3143	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mretpoline" >&5
3121	$CC -mretpoline -c dummy.c \|\| HAVE_SPECTRE="no"	3144	$as_echo_n "checking whether C compiler accepts -mretpoline... " >&6; }
3122	rm -f dummy.o	3145	if ${ax_cv_check_cflags___mretpoline+:} false; then :
3123	if test "$HAVE_SPECTRE" = "yes"; then :	3146	$as_echo_n "(cached) " >&6
		3147	else
3124		3148
3125	EXTRA_CFLAGS+=" -mretpoline "	3149	ax_check_save_flags=$CFLAGS
		3150	CFLAGS="$CFLAGS -mretpoline"
		3151	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
		3152	/* end confdefs.h. */
3126		3153
3127	fi	3154	int
		3155	main ()
		3156	{
3128		3157
		3158	;
		3159	return 0;
		3160	}
		3161	_ACEOF
		3162	if ac_fn_c_try_compile "$LINENO"; then :
		3163	ax_cv_check_cflags___mretpoline=yes
		3164	else
		3165	ax_cv_check_cflags___mretpoline=no
3129	fi	3166	fi
3130	if test "$HAVE_SPECTRE" = "yes"; then :	3167	rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
3131		3168	CFLAGS=$ax_check_save_flags
3132	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
3133	$as_echo "yes" >&6; }
3134
3135	fi	3169	fi
3136	if test "$HAVE_SPECTRE" = "no"; then :	3170	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mretpoline" >&5
3137		3171	$as_echo "$ax_cv_check_cflags___mretpoline" >&6; }
3138	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ... not available" >&5	3172	if test "x$ax_cv_check_cflags___mretpoline" = xyes; then :
3139	$as_echo "... not available" >&6; }	3173	HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline"
3140		3174
		3175	else
		3176	:
3141	fi	3177	fi
3142		3178
3143		3179
		3180
3144	HAVE_APPARMOR=""	3181	HAVE_APPARMOR=""
3145	# Check whether --enable-apparmor was given.	3182	# Check whether --enable-apparmor was given.
3146	if test "${enable_apparmor+set}" = set; then :	3183	if test "${enable_apparmor+set}" = set; then :
@@ -3154,7 +3191,6 @@ if test "x$enable_apparmor" = "xyes"; then :
3154		3191
3155	fi	3192	fi
3156		3193
3157
3158	ac_ext=c	3194	ac_ext=c
3159	ac_cpp='$CPP $CPPFLAGS'	3195	ac_cpp='$CPP $CPPFLAGS'
3160	ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'	3196	ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'


diff --git a/configure.ac b/configure.ac index 40ead1604..f14b3812c 100644 --- a/configure.ac +++ b/configure.ac
@@ -3,35 +3,22 @@ AC_INIT(firejail, 0.9.61, netblue30@yahoo.com, , https://firejail.wordpress.com)
3	AC_CONFIG_SRCDIR([src/firejail/main.c])	3	AC_CONFIG_SRCDIR([src/firejail/main.c])
4	#AC_CONFIG_HEADERS([config.h])	4	#AC_CONFIG_HEADERS([config.h])
5		5
		6	AC_CONFIG_MACRO_DIR([m4])
		7
6	AC_PROG_CC	8	AC_PROG_CC
7	#AC_PROG_CXX	9	#AC_PROG_CXX
8	AC_PROG_INSTALL	10	AC_PROG_INSTALL
9	AC_PROG_RANLIB	11	AC_PROG_RANLIB
10		12
11	HAVE_SPECTRE="no"	13	HAVE_SPECTRE="no"
12	AC_MSG_CHECKING(for Spectre mitigation support in gcc or clang compiler)	14	AX_CHECK_COMPILE_FLAG(
13	AS_IF([test "$CC" = "gcc"], [	15	[-mindirect-branch=thunk],
14	HAVE_SPECTRE="yes"	16	[HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mindirect-branch=thunk"]
15	$CC -mindirect-branch=thunk -c dummy.c \|\| HAVE_SPECTRE="no"	17	)
16	rm -f dummy.o	18	AX_CHECK_COMPILE_FLAG(
17	AS_IF([test "$HAVE_SPECTRE" = "yes"], [	19	[-mretpoline],
18	EXTRA_CFLAGS+=" -mindirect-branch=thunk "	20	[HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline"]
19	])	21	)
20	])
21	AS_IF([test "$CC" = "clang"], [
22	HAVE_SPECTRE="yes"
23	$CC -mretpoline -c dummy.c \|\| HAVE_SPECTRE="no"
24	rm -f dummy.o
25	AS_IF([test "$HAVE_SPECTRE" = "yes"], [
26	EXTRA_CFLAGS+=" -mretpoline "
27	])
28	])
29	AS_IF([test "$HAVE_SPECTRE" = "yes"], [
30	AC_MSG_RESULT(yes)
31	])
32	AS_IF([test "$HAVE_SPECTRE" = "no"], [
33	AC_MSG_RESULT(... not available)
34	])
35	AC_SUBST([EXTRA_CFLAGS])	22	AC_SUBST([EXTRA_CFLAGS])
36		23
37	HAVE_APPARMOR=""	24	HAVE_APPARMOR=""