Reviewer needed: fix for JamVM's SElinux execstack issue for IcedTea6 HEAD

Pavel Tisnovsky ptisnovs at redhat.com
Wed Aug 17 04:43:07 PDT 2011 

Dr Andrew John Hughes wrote:
> On 17:46 Fri 12 Aug     , Xerxes Rånby wrote:
>> fre 2011-08-12 klockan 17:16 +0200 skrev Pavel Tisnovsky:
>>> Greetings,
>>>
>>> as Omair and Xerxes pointed out yesterday, the SELinux executable stack
>>> issue found in JamVM running under Fedora 14 x86_64 is caused by linker
>>> settings. I've tried to add LDFLAGS to disable the settings of
>>> executable bit for stack and it works perfectly in my case.
>>>
>>> Can anybody please review this simple fix I've made in Makefile.am?
>>> AFAIK the proposed linker settings is applicable to all platforms.
>>>
>>> Here's ChangeLog entry:
>>>
>>> 2011-08-12  Pavel Tisnovsky  <ptisnovs at redhat.com>
>>>
>>>         * Makefile.am: added LDFLAGS for JamVM to fix the SELinux
>>>         executable flag issue.
>>>
>>> Cheers,
>>> Pavel
>>> vanligt textdokument-bilaga (jamvm_execstack_hg.diff)
>>> diff -r 4c641e5e379d Makefile.am
>>> --- a/Makefile.am	Thu Aug 11 16:48:40 2011 +0200
>>> +++ b/Makefile.am	Fri Aug 12 11:06:23 2011 -0400
>>> @@ -1811,6 +1811,7 @@
>>>  stamps/jamvm.stamp: $(OPENJDK_TREE) stamps/rt.stamp
>>>  if BUILD_JAMVM
>>>  	cd jamvm/jamvm && \
>>> +	LDFLAGS="-Xlinker -z -Xlinker noexecstack" \
>>>  	./autogen.sh --with-java-runtime-library=openjdk \
>>>  	  --prefix=$(abs_top_builddir)/jamvm/install ; \
>>>  	$(MAKE) ; \
>> Nice fix, i would suggest to add a NEWS entry.
>>
>> Pushing this and having the buildbots build and test JamVM on all
>> various combinations of distributions and various default gcc settings
>> are the only sane way to know if these linker flags can introduce any
>> sideffects.
>>
>> In in favour for you to push this fix to icedtea6, icedtea7 and the
>> icedtea branch, thanks.
>>
>> Cheers,
>> Xerxes
>>
> 
> It's probably worth also getting this fixed upstream in JamVM.

Yes, it seems that IcedTea6 HEAD is compiled without problems, so it's time to
push this fix to IcedTea7 and 6-branches and probably to contact Robert.

Pavel

More information about the distro-pkg-dev mailing list