github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-22 13:38:26 +00:00
Code Issues Projects Releases Wiki Activity

scripts: Set --enable-pie on aarch64 arch

Browse Source 
PIE (position-independent executables) does good to security.

For some historical reason(compliation failure), it was disabled. But it
can be supported now on aarch64.

Fixes #926
Signed-off-by: Jia He <justin.he@arm.com>
This commit is contained in:
Jia He 2020-01-09 17:26:40 +08:00
parent 7cdf113cf0
commit 711eae642c
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
scripts/configure-hypervisor.sh
View File

@ -404,6 +404,11 @@ generate_qemu_options() {
qemu_options+=(arch:"--target-list=${arch}-softmmu")
fi
# aarch64 need to explictly set --enable-pie
if [ "${arch}" = "aarch64" ]; then
qemu_options+=(arch:"--enable-pie")
fi
_qemu_cflags=""
# compile with high level of optimisation
@ -427,7 +432,7 @@ generate_qemu_options() {
# and take advantage of ASLR, making ROP attacks much harder to perform.
# (https://wiki.debian.org/Hardening)
case "$arch" in
aarch64) _qemu_cflags+=" -fPIC" ;;
aarch64) _qemu_cflags+=" -fPIE" ;;
x86_64) _qemu_cflags+=" -fPIE" ;;
ppc64le) _qemu_cflags+=" -fPIE" ;;
s390x) _qemu_cflags+=" -fPIE" ;;
@ -444,7 +449,7 @@ generate_qemu_options() {
# and take advantage of ASLR, making ROP attacks much harder to perform.
# (https://wiki.debian.org/Hardening)
case "$arch" in
aarch64) ;;
aarch64) [ -z "${static}" ] && _qemu_ldflags+=" -pie" ;;
x86_64) [ -z "${static}" ] && _qemu_ldflags+=" -pie" ;;
ppc64le) [ -z "${static}" ] && _qemu_ldflags+=" -pie" ;;
s390x) [ -z "${static}" ] && _qemu_ldflags+=" -pie" ;;