From 53d5ea42c4d6a6532a13c0c0697a99ffc726e9e1 Mon Sep 17 00:00:00 2001
From: Justin Cormack <justin.cormack@docker.com>
Date: Fri, 14 Jul 2017 15:38:32 +0100
Subject: [PATCH] Build runc as static pie

This was waiting on the runc update which added ability to add extra flags.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
---
 pkg/runc/Dockerfile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/pkg/runc/Dockerfile b/pkg/runc/Dockerfile
index 75ff7b6b2..e02247b98 100644
--- a/pkg/runc/Dockerfile
+++ b/pkg/runc/Dockerfile
@@ -17,8 +17,7 @@ RUN mkdir -p $GOPATH/src/github.com/opencontainers && \
   git clone https://github.com/opencontainers/runc.git
 WORKDIR $GOPATH/src/github.com/opencontainers/runc
 RUN git checkout $RUNC_COMMIT
-# TODO static pie, currently no easy way to change build options
-RUN make static BUILDTAGS="seccomp"
+RUN make static BUILDTAGS="seccomp" EXTRA_FLAGS="-buildmode pie" EXTRA_LDFLAGS="-extldflags \\\"-fno-PIC -static\\\""
 RUN cp runc /usr/bin/
 
 FROM scratch