libsepol: drop dso question on CFLAGS (package maintainers weigh in please)

libsepol: drop dso question on CFLAGS (package maintainers weigh in please)

[William Roberts]

The libsepol/src/Makefile has the below lines for CFLAGS:

CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-format-attribute -O2

override CFLAGS += -I. -I../include -D_GNU_SOURCE

Does anyone have a preference where I add the -fno-semantic-interposition?

I was thinking the conditional assignment because of the comment made
about packagers overriding things on the selinux drop dso patch
series.

Re: libsepol: drop dso question on CFLAGS (package maintainers weigh in please)

[Stephen Smalley]

On Fri, Mar 6, 2020 at 9:52 AM William Roberts <bill.c.roberts@gmail.com> wrote:
>
> The libsepol/src/Makefile has the below lines for CFLAGS:
>
> CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-format-attribute -O2
>
> override CFLAGS += -I. -I../include -D_GNU_SOURCE
>
> Does anyone have a preference where I add the -fno-semantic-interposition?
>
> I was thinking the conditional assignment because of the comment made
> about packagers overriding things on the selinux drop dso patch
> series.

I am not a package maintainer but regardless of how this gets added
(and I think in the libselinux case
it ends up being part of the conditional assignment), we need to make
sure that maintainers are strongly
encouraged to add it to their builds to preserve existing behavior.

Re: libsepol: drop dso question on CFLAGS (package maintainers weigh in please)

[William Roberts]

On Fri, Mar 6, 2020 at 10:24 AM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> On Fri, Mar 6, 2020 at 9:52 AM William Roberts <bill.c.roberts@gmail.com> wrote:
> >
> > The libsepol/src/Makefile has the below lines for CFLAGS:
> >
> > CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-format-attribute -O2
> >
> > override CFLAGS += -I. -I../include -D_GNU_SOURCE
> >
> > Does anyone have a preference where I add the -fno-semantic-interposition?
> >
> > I was thinking the conditional assignment because of the comment made
> > about packagers overriding things on the selinux drop dso patch
> > series.
>
> I am not a package maintainer but regardless of how this gets added
> (and I think in the libselinux case
> it ends up being part of the conditional assignment), we need to make
> sure that maintainers are strongly
> encouraged to add it to their builds to preserve existing behavior.

Definitely.

The same would go for libselinux, its on EXTRA_CFLAGS which eventually
gets conditionally assigned to CFLAGS.

I would imagine if you set custom CFLAGS when building a package, you better
make sure it's perfect. You won't necessarily get a wrong lib, but you could get
something undesirable for a host of reasons (hardening flags omitted, etc).

I could definitely see an argument to add this no matter what for gcc builds
(omit for clang) and make it non-override-able. But the package folks seemed
to frown on that.