Add GRSecurity compatibility with --enable-pax-marks configure flag; add GRSecurity autodetection code to configure.
This commit is contained in:
auREAX
Graydon Hoare
parent
5585514c02
commit
0bb437aafa
|
|
@ -295,6 +295,7 @@ opt manage-submodules 1 "let the build manage the git submodules"
|
|||
opt mingw-cross 0 "cross-compile for win32 using mingw"
|
||||
opt clang 0 "prefer clang to gcc for building the runtime"
|
||||
opt local-rust 0 "use an installed rustc rather than downloading a snapshot"
|
||||
opt pax-marks 0 "apply PaX markings to rustc binaries (required for GRSecurity/PaX-patched kernels)"
|
||||
valopt prefix "/usr/local" "set installation prefix"
|
||||
valopt local-rust-root "/usr/local" "set prefix for local rust binary"
|
||||
valopt llvm-root "" "set LLVM root"
|
||||
|
|
@ -343,6 +344,8 @@ probe CFG_PDFLATEX pdflatex
|
|||
probe CFG_XETEX xetex
|
||||
probe CFG_LUATEX luatex
|
||||
probe CFG_NODE nodejs node
|
||||
probe CFG_PAXCTL paxctl /sbin/paxctl
|
||||
probe CFG_ZCAT zcat
|
||||
|
||||
if [ ! -z "$CFG_PANDOC" ]
|
||||
then
|
||||
|
|
@ -354,6 +357,52 @@ then
|
|||
fi
|
||||
fi
|
||||
|
||||
if [ "$CFG_OSTYPE" = "unknown-linux-gnu" ]
|
||||
then
|
||||
if [ ! -z "$CFG_ENABLE_PAX_MARKS" -a -z "$CFG_PAXCTL" ]
|
||||
then
|
||||
err "enabled PaX markings but no paxctl binary found"
|
||||
fi
|
||||
|
||||
if [ -z "$CFG_DISABLE_PAX_MARKS" ]
|
||||
then
|
||||
# GRSecurity/PaX detection. This can be very flaky.
|
||||
GRSEC_DETECTED=
|
||||
|
||||
# /dev/grsec only exists if CONFIG_GRKERNSEC_NO_RBAC is not set.
|
||||
# /proc is normally only available to root and users in the CONFIG_GRKERNSEC_PROC_GID group,
|
||||
# and /proc/sys/kernel/grsecurity is not available if ÇONFIG_GRKERNSEC_SYSCTL is not set.
|
||||
if [ -e /dev/grsec -o -d /proc/sys/kernel/grsecurity ]
|
||||
then
|
||||
GRSEC_DETECTED=1
|
||||
# /proc/config.gz is normally only available to root, and only if CONFIG_IKCONFIG_PROC has been set.
|
||||
elif [ -r /proc/config.gz -a ! -z "$CFG_ZCAT" ]
|
||||
then
|
||||
if "$CFG_ZCAT" /proc/config.gz | grep --quiet "CONFIG_GRKERNSEC=y"
|
||||
then
|
||||
GRSEC_DETECTED=1
|
||||
fi
|
||||
# Flaky.
|
||||
elif grep --quiet grsec /proc/version
|
||||
then
|
||||
GRSEC_DETECTED=1
|
||||
fi
|
||||
|
||||
if [ ! -z "$GRSEC_DETECTED" ]
|
||||
then
|
||||
step_msg "GRSecurity: yes"
|
||||
if [ ! -z "$CFG_PAXCTL" ]
|
||||
then
|
||||
CFG_ENABLE_PAX_MARKS=1
|
||||
else
|
||||
warn "GRSecurity kernel detected but no paxctl binary found: not setting CFG_ENABLE_PAX_MARKS"
|
||||
fi
|
||||
else
|
||||
step_msg "GRSecurity: no"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -z "$CFG_ENABLE_LOCAL_RUST" ]
|
||||
then
|
||||
if [ ! -f ${CFG_LOCAL_RUST_ROOT}/bin/rustc ]
|
||||
|
|
@ -699,6 +748,12 @@ putvar CFG_C_COMPILER
|
|||
putvar CFG_LIBDIR
|
||||
putvar CFG_DISABLE_MANAGE_SUBMODULES
|
||||
|
||||
if [ ! -z "$CFG_ENABLE_PAX_MARKS" ]
|
||||
then
|
||||
putvar CFG_ENABLE_PAX_MARKS
|
||||
putvar CFG_PAXCTL
|
||||
fi
|
||||
|
||||
if [ ! -z $BAD_PANDOC ]
|
||||
then
|
||||
CFG_PANDOC=
|
||||
|
|
|
|||
|
|
@ -12,6 +12,10 @@ ifdef CFG_ENABLE_LOCAL_RUST
|
|||
$(Q)$(S)src/etc/local_stage0.sh $(CFG_HOST_TRIPLE) $(CFG_LOCAL_RUST_ROOT)
|
||||
else
|
||||
$(Q)$(S)src/etc/get-snapshot.py $(CFG_HOST_TRIPLE) $(SNAPSHOT_FILE)
|
||||
ifdef CFG_ENABLE_PAX_MARKS
|
||||
@$(call E, apply PaX markings: $@)
|
||||
@"$(CFG_PAXCTL)" -cm "$@"
|
||||
endif
|
||||
endif
|
||||
$(Q)touch $@
|
||||
|
||||
|
|
|
|||
|
|
@ -29,6 +29,10 @@ $$(TBIN$(1)_T_$(2)_H_$(3))/rustc$$(X): \
|
|||
$$(TLIBRUSTC_DEFAULT$(1)_T_$(2)_H_$(3))
|
||||
@$$(call E, compile_and_link: $$@)
|
||||
$$(STAGE$(1)_T_$(2)_H_$(3)) -o $$@ $$<
|
||||
ifdef CFG_ENABLE_PAX_MARKS
|
||||
@$$(call E, apply PaX markings: $$@)
|
||||
@"$(CFG_PAXCTL)" -cm "$$@"
|
||||
endif
|
||||
|
||||
$$(TLIB$(1)_T_$(2)_H_$(3))/$$(CFG_LIBRUSTC): \
|
||||
$$(COMPILER_CRATE) $$(COMPILER_INPUTS) \
|
||||
|
|
|
|||
Loading…
Reference in New Issue