diff --git a/WHATS_NEW b/WHATS_NEW index d512ab5aa..f299b849a 100644 --- a/WHATS_NEW +++ b/WHATS_NEW @@ -1,5 +1,6 @@ Version 2.02.105 - ===================================== + Compile/link daemons with RELRO and PIE options to harden daemon security. Support per-object compilation cflags via CFLAGS_object.o. Automatically detect support for compiler/linker options to use RELRO and PIE. Add --splitsnapshot to lvconvert to separate out cow LV. diff --git a/daemons/clvmd/Makefile.in b/daemons/clvmd/Makefile.in index 9ca11baf1..4677048f1 100644 --- a/daemons/clvmd/Makefile.in +++ b/daemons/clvmd/Makefile.in @@ -88,7 +88,8 @@ LVMLIBS += -ldevmapper LIBS += $(PTHREAD_LIBS) DEFS += -D_REENTRANT -CFLAGS += -fno-strict-aliasing +CFLAGS += -fno-strict-aliasing $(DAEMON_CFLAGS) +LDFLAGS += $(DAEMON_LDFLAGS) INSTALL_TARGETS = \ install_clvmd diff --git a/daemons/cmirrord/Makefile.in b/daemons/cmirrord/Makefile.in index 0efc8d4af..df7c2a800 100644 --- a/daemons/cmirrord/Makefile.in +++ b/daemons/cmirrord/Makefile.in @@ -28,7 +28,8 @@ include $(top_builddir)/make.tmpl LIBS += -ldevmapper LMLIBS += $(CPG_LIBS) $(SACKPT_LIBS) -CFLAGS += $(CPG_CFLAGS) $(SACKPT_CFLAGS) +CFLAGS += $(CPG_CFLAGS) $(SACKPT_CFLAGS) $(DAEMON_CFLAGS) +LDFLAGS += $(DAEMON_LDFLAGS) cmirrord: $(OBJECTS) $(top_builddir)/lib/liblvm-internal.a $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJECTS) \ diff --git a/daemons/dmeventd/Makefile.in b/daemons/dmeventd/Makefile.in index 1302a440b..fcc5c9ea8 100644 --- a/daemons/dmeventd/Makefile.in +++ b/daemons/dmeventd/Makefile.in @@ -59,8 +59,10 @@ device-mapper: $(TARGETS) LIBS += -ldevmapper LVMLIBS += -ldevmapper-event $(PTHREAD_LIBS) +CFLAGS_dmeventd.o += $(DAEMON_CFLAGS) + dmeventd: $(LIB_SHARED) dmeventd.o - $(CC) $(CFLAGS) $(LDFLAGS) $(ELDFLAGS) -L. -o $@ dmeventd.o \ + $(CC) $(CFLAGS) $(LDFLAGS) $(DAEMON_LDFLAGS) $(ELDFLAGS) -L. -o $@ dmeventd.o \ $(DL_LIBS) $(LVMLIBS) $(LIBS) -rdynamic dmeventd.static: $(LIB_STATIC) dmeventd.o $(interfacebuilddir)/libdevmapper.a diff --git a/daemons/lvmetad/Makefile.in b/daemons/lvmetad/Makefile.in index 35aa4ab65..f08198aa2 100644 --- a/daemons/lvmetad/Makefile.in +++ b/daemons/lvmetad/Makefile.in @@ -33,8 +33,8 @@ LVMLIBS = -ldaemonserver $(LVMINTERNAL_LIBS) -ldevmapper LIBS += $(PTHREAD_LIBS) -LDFLAGS += -L$(top_builddir)/libdaemon/server -CLDFLAGS += -L$(top_builddir)/libdaemon/server +LDFLAGS += -L$(top_builddir)/libdaemon/server $(DAEMON_LDFLAGS) +CLDFLAGS += -L$(top_builddir)/libdaemon/server $(DAEMON_CFLAGS) lvmetad: $(OBJECTS) $(top_builddir)/libdaemon/client/libdaemonclient.a \ $(top_builddir)/libdaemon/server/libdaemonserver.a diff --git a/make.tmpl.in b/make.tmpl.in index 944be9b68..5f72182b7 100644 --- a/make.tmpl.in +++ b/make.tmpl.in @@ -150,6 +150,15 @@ WFLAGS += -Wclobbered -Wempty-body -Wignored-qualifiers \ -Wtype-limits -Wsync-nand -Wlogical-op endif +ifneq ("@STATIC_LINK@", "yes") +ifeq ("@HAVE_PIE@", "yes") +ifeq ("@HAVE_FULL_RELRO@", "yes") + DAEMON_CFLAGS += -fPIE -DPIE + DAEMON_LDFLAGS += -Wl,-z,relro,-z,now -pie +endif +endif +endif + #WFLAGS += -W -Wno-sign-compare -Wno-unused-parameter -Wno-missing-field-initializers #WFLAGS += -Wsign-compare -Wunused-parameter -Wmissing-field-initializers #WFLAGS += -Wconversion -Wbad-function-cast -Wcast-qual -Waggregate-return -Wpacked