Reviewer needed: fix for JamVM's SElinux execstack issue for IcedTea6 HEAD
Xerxes Rånby
xerxes at zafena.se
Fri Aug 12 08:46:34 PDT 2011
fre 2011-08-12 klockan 17:16 +0200 skrev Pavel Tisnovsky:
> Greetings,
>
> as Omair and Xerxes pointed out yesterday, the SELinux executable stack
> issue found in JamVM running under Fedora 14 x86_64 is caused by linker
> settings. I've tried to add LDFLAGS to disable the settings of
> executable bit for stack and it works perfectly in my case.
>
> Can anybody please review this simple fix I've made in Makefile.am?
> AFAIK the proposed linker settings is applicable to all platforms.
>
> Here's ChangeLog entry:
>
> 2011-08-12 Pavel Tisnovsky <ptisnovs at redhat.com>
>
> * Makefile.am: added LDFLAGS for JamVM to fix the SELinux
> executable flag issue.
>
> Cheers,
> Pavel
> vanligt textdokument-bilaga (jamvm_execstack_hg.diff)
> diff -r 4c641e5e379d Makefile.am
> --- a/Makefile.am Thu Aug 11 16:48:40 2011 +0200
> +++ b/Makefile.am Fri Aug 12 11:06:23 2011 -0400
> @@ -1811,6 +1811,7 @@
> stamps/jamvm.stamp: $(OPENJDK_TREE) stamps/rt.stamp
> if BUILD_JAMVM
> cd jamvm/jamvm && \
> + LDFLAGS="-Xlinker -z -Xlinker noexecstack" \
> ./autogen.sh --with-java-runtime-library=openjdk \
> --prefix=$(abs_top_builddir)/jamvm/install ; \
> $(MAKE) ; \
Nice fix, i would suggest to add a NEWS entry.
Pushing this and having the buildbots build and test JamVM on all
various combinations of distributions and various default gcc settings
are the only sane way to know if these linker flags can introduce any
sideffects.
In in favour for you to push this fix to icedtea6, icedtea7 and the
icedtea branch, thanks.
Cheers,
Xerxes
More information about the distro-pkg-dev
mailing list