diff --git a/alpine/base/ebpf/Dockerfile b/alpine/base/ebpf/Dockerfile index fb7c29c0b..4eddcf4de 100644 --- a/alpine/base/ebpf/Dockerfile +++ b/alpine/base/ebpf/Dockerfile @@ -6,7 +6,7 @@ COPY cdefs.h /usr/include/sys/ ADD kernel-headers.tar / ADD kernel-dev.tar / ADD kernel-modules.tar / -ADD 100-musl-compat.patch decl.patch intl.patch bcc-gnuism.patch ./ +ADD 100-musl-compat.patch decl.patch intl.patch bcc-gnuism.patch bcc-stack-protector.patch ./ RUN cat elfutils-$ELFUTILS_VERSION.tar.bz2 | tar xjf - RUN cd elfutils-$ELFUTILS_VERSION && \ patch -p1 < ../100-musl-compat.patch && \ @@ -15,7 +15,7 @@ RUN cd elfutils-$ELFUTILS_VERSION && \ automake && \ ./configure --prefix=/usr CFLAGS=-Wno-strict-aliasing && \ make -C libelf && make -C libelf install -RUN cd bcc && patch -p0 < ../bcc-gnuism.patch +RUN cd bcc && patch -p0 < ../bcc-gnuism.patch && patch -p0 < ../bcc-stack-protector.patch RUN mkdir -p bcc/build && cd bcc/build && \ cmake .. -DCMAKE_INSTALL_PREFIX=/usr -DLUAJIT_INCLUDE_DIR=/usr/include/luajit-2.1 && \ make && \ diff --git a/alpine/base/ebpf/Makefile b/alpine/base/ebpf/Makefile index ea07c0043..b575503ac 100644 --- a/alpine/base/ebpf/Makefile +++ b/alpine/base/ebpf/Makefile @@ -2,7 +2,7 @@ KERNEL_FILES=-C ../../kernel/x86_64 kernel-headers.tar kernel-dev.tar kernel-mod default: ebpf.tag -ebpf.tag: Dockerfile 100-musl-compat.patch bcc-gnuism.patch decl.patch intl.patch temp_failure.patch cdefs.h error.h +ebpf.tag: Dockerfile 100-musl-compat.patch bcc-gnuism.patch bcc-stack-protector.patch decl.patch intl.patch temp_failure.patch cdefs.h error.h BUILD=$$( tar cf - $^ $(KERNEL_FILES) | docker build -q - ) && [ -n "$$BUILD" ] && echo "Built $$BUILD" && \ echo $$BUILD > $@ diff --git a/alpine/base/ebpf/bcc-stack-protector.patch b/alpine/base/ebpf/bcc-stack-protector.patch new file mode 100644 index 000000000..c33c91d49 --- /dev/null +++ b/alpine/base/ebpf/bcc-stack-protector.patch @@ -0,0 +1,10 @@ +--- src/cc/frontends/clang/kbuild_helper.cc ++++ src/cc/frontends/clang/kbuild_helper.cc +@@ -89,6 +89,7 @@ int KBuildHelper::get_flags(const char *uname_machine, vector *cflags) { + cflags->push_back("-D__HAVE_BUILTIN_BSWAP64__"); + cflags->push_back("-Wno-unused-value"); + cflags->push_back("-Wno-pointer-sign"); ++ cflags->push_back("-fno-stack-protector"); + + return 0; + }