[poky] [PATCH 1/3] openssl: disable execstack flag to prevent problems with SELinux
Richard Purdie
rpurdie at linux.intel.com
Mon Nov 22 11:22:55 PST 2010
Hi Paul,
On Wed, 2010-11-17 at 11:37 +0000, Paul Eggleton wrote:
> The execstack flag gets set on libcrypto.so by default which causes SELinux
> to prevent it from being loaded on systems using SELinux, which includes
> Fedora. This patch disables the execstack flag. (Note: Red Hat do this in
> their openssl packaging.)
>
> Signed-off-by: Paul Eggleton <paul.eggleton at intel.com>
> ---
> meta/recipes-connectivity/openssl/openssl.inc | 2 +-
> .../recipes-connectivity/openssl/openssl_0.9.8p.bb | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
> index da90456..15144b1 100644
> --- a/meta/recipes-connectivity/openssl/openssl.inc
> +++ b/meta/recipes-connectivity/openssl/openssl.inc
> @@ -15,7 +15,7 @@ S = "${WORKDIR}/openssl-${PV}"
>
> AR_append = " r"
> CFLAG = "${@base_conditional('SITEINFO_ENDIANESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
> - -DTERMIO ${FULL_OPTIMIZATION} -Wall"
> + -DTERMIO ${FULL_OPTIMIZATION} -Wall -Wa,--noexecstack"
Should this flag be used for both the -native and target versions or
just the native one?
If its just native specific, you should be able to do something like:
CFLAG_append_virtclass-native = " -Wa,--noexecstack"
Cheers,
Richard
More information about the poky
mailing list