selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Stephen Smalley <sds@tycho.nsa.gov>
To: bill.c.roberts@gmail.com, selinux@vger.kernel.org
Cc: William Roberts <william.c.roberts@intel.com>,
	James Carter <jwcart2@tycho.nsa.gov>
Subject: Re: [PATCH 1/2] Makefile: fix _FORTIFY_SOURCE redefined build error
Date: Fri, 14 Dec 2018 09:34:39 -0500	[thread overview]
Message-ID: <877d53f9-3296-368c-979f-cf73cfc50ebb@tycho.nsa.gov> (raw)
In-Reply-To: <a31ecb59-e330-08c8-95d3-8c9fe5a4022d@tycho.nsa.gov>

On 12/14/18 8:43 AM, Stephen Smalley wrote:
> On 12/13/18 4:32 PM, bill.c.roberts@gmail.com wrote:
>> From: William Roberts <william.c.roberts@intel.com>
>>
>> Certain builds of gcc enable _FORTIFY_SOURCE which results in the error:
>> <command-line>:0:0: warning: "_FORTIFY_SOURCE" redefined
>> <command-line>:0:0: note: this is the location of the previous definition
>>
>> Correct this by undefining it first and redefining it. Also, the previous
>> command line option was using -Wp which passing the value *AS IS* to the
>> pre-processor rather than to the compiler driver. The C pre-processor has
>> an undocumented interface subject to change per man 1 gcc. Just use the
>> -D option as is.
> 
> See commit ca07a2ad46be141dad90d885dd33a2ac31c6559a ("libselinux: avoid 
> redefining _FORTIFY_SOURCE") for why we don't specify a value for 
> _FORTIFY_SOURCE here.  Not sure about the -Wp,-D vs -D rationale.

I guess the issue here is that we want to provide sane defaults for 
building without breaking the build when others specify their own 
definitions and without weakening those definitions.  By undefining and 
re-defining, it seems like we might weaken existing builds that were 
specifying 2.

> 
>>
>> Signed-off-by: William Roberts <william.c.roberts@intel.com>
>> ---
>>   libselinux/src/Makefile   | 2 +-
>>   libselinux/utils/Makefile | 2 +-
>>   2 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
>> index 977b5c8cfcca..ee55bd0dbff7 100644
>> --- a/libselinux/src/Makefile
>> +++ b/libselinux/src/Makefile
>> @@ -64,7 +64,7 @@ ifeq ($(COMPILER), gcc)
>>   EXTRA_CFLAGS = -fipa-pure-const -Wlogical-op 
>> -Wpacked-bitfield-compat -Wsync-nand \
>>       -Wcoverage-mismatch -Wcpp -Wformat-contains-nul -Wnormalized=nfc 
>> -Wsuggest-attribute=const \
>>       -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure 
>> -Wtrampolines -Wjump-misses-init \
>> -    -Wno-suggest-attribute=pure -Wno-suggest-attribute=const 
>> -Wp,-D_FORTIFY_SOURCE
>> +    -Wno-suggest-attribute=pure -Wno-suggest-attribute=const 
>> -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=1
>>   else
>>   EXTRA_CFLAGS = -Wunused-command-line-argument
>>   endif
>> diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
>> index d06ffd66893b..64ab877015c6 100644
>> --- a/libselinux/utils/Makefile
>> +++ b/libselinux/utils/Makefile
>> @@ -30,7 +30,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k 
>> -Wformat-security -Winit-self -Wmissi
>>             -Wformat-extra-args -Wformat-zero-length -Wformat=2 
>> -Wmultichar \
>>             -Woverflow -Wpointer-to-int-cast -Wpragmas \
>>             -Wno-missing-field-initializers -Wno-sign-compare \
>> -          -Wno-format-nonliteral 
>> -Wframe-larger-than=$(MAX_STACK_SIZE) -Wp,-D_FORTIFY_SOURCE \
>> +          -Wno-format-nonliteral 
>> -Wframe-larger-than=$(MAX_STACK_SIZE) -U_FORTIFY_SOURCE 
>> -D_FORTIFY_SOURCE=1 \
>>             -fstack-protector-all --param=ssp-buffer-size=4 
>> -fexceptions \
>>             -fasynchronous-unwind-tables -fdiagnostics-show-option 
>> -funit-at-a-time \
>>             -Werror -Wno-aggregate-return -Wno-redundant-decls \
>>
> 


  reply	other threads:[~2018-12-14 14:32 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-12-13 21:32 [PATCH 1/2] Makefile: fix _FORTIFY_SOURCE redefined build error bill.c.roberts
2018-12-13 21:32 ` [PATCH 2/2] Makefile: add -Wstrict-overflow=5 to CFLAGS bill.c.roberts
2018-12-14 13:43 ` [PATCH 1/2] Makefile: fix _FORTIFY_SOURCE redefined build error Stephen Smalley
2018-12-14 14:34   ` Stephen Smalley [this message]
2018-12-14 16:02     ` William Roberts
2018-12-18 16:03       ` William Roberts
2018-12-18 19:02         ` William Roberts
2018-12-19  6:15           ` Jason Zaman
2018-12-19  9:12         ` Patrick Steinhardt
2018-12-19 15:42           ` William Roberts
2018-12-19 15:46             ` Stephen Smalley
2018-12-19 15:48               ` William Roberts

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=877d53f9-3296-368c-979f-cf73cfc50ebb@tycho.nsa.gov \
    --to=sds@tycho.nsa.gov \
    --cc=bill.c.roberts@gmail.com \
    --cc=jwcart2@tycho.nsa.gov \
    --cc=selinux@vger.kernel.org \
    --cc=william.c.roberts@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).