platform_external_selinux/libselinux/utils
Patrick Steinhardt ca07a2ad46 libselinux: avoid redefining _FORTIFY_SOURCE
Two makefiles of ours pass `-D_FORTIFY_SOURCE=2` directly to the
preprocessor. While this does not pose any problems when the value has
not been previously set, it can break the build if it is part of the
standard build flags.

The issue can easily be fixed by instead defining `_FORTIFY_SOURCE`
without specifying a concrete value. In this case, gcc will not error
out and simply keep using the previously defined value. On the other
hand, if no value has been defined, we will now compile with
`_FORTIFY_SOURCE=1`. From feature_test_macros(7):

    If _FORTIFY_SOURCE is set to 1, with compiler optimization level 1
    (gcc -O1) and above, checks that shouldn't change the behavior of
    conforming programs are performed.  With _FORTIFY_SOURCE set to 2,
    some more checking is added, but some conforming programs might
    fail.

While this leaves us with less checks for buffer overflows, it will only
enable checks that should not change behaviour of conforming programs.
With _FORTIFY_SOURCE=2, the compiler may even unintentionally change
behaviour of conforming programs. So in fact, one could even argue that
we should only be setting the value to 1 anyway to avoid surprising side
effects.

So this patch changes our CFLAGS to only pass `-D_FORTIFY_SOURCE`
without any concrete value, fixing the build issue.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
2017-06-22 16:44:07 -04:00
..
.gitignore libselinux: Remove util/selinux_restorecon.c 2017-05-02 11:03:06 -04:00
avcstat.c libselinux: avcstat: Clean up redundant condition 2016-11-29 11:11:26 -05:00
compute_av.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
compute_create.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
compute_member.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
compute_relabel.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
compute_user.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
getconlist.c libselinux/utils: fix all the noreturn errors 2016-11-01 17:29:49 -04:00
getdefaultcon.c libselinux/utils: fix all the noreturn errors 2016-11-01 17:29:49 -04:00
getenforce.c libselinux: use -W and -Werror in utils 2011-12-05 16:14:17 -05:00
getfilecon.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
getpidcon.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
getsebool.c libselinux: getsebool: always free names 2017-04-12 14:46:02 -04:00
getseuser.c Get rid of security_context_t and fix const declarations. 2014-02-19 16:11:48 -05:00
Makefile libselinux: avoid redefining _FORTIFY_SOURCE 2017-06-22 16:44:07 -04:00
matchpathcon.c libselinux: include errno.h instead of sys/errno.h 2017-01-09 16:00:22 -05:00
policyvers.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
sefcontext_compile.c libselinux/utils: add noreturn to sefcontext_compile 2016-10-18 13:51:23 -04:00
selabel_digest.c libselinux/utils: fix all the noreturn errors 2016-11-01 17:29:49 -04:00
selabel_lookup.c libselinux/utils: fix all the noreturn errors 2016-11-01 17:29:49 -04:00
selabel_lookup_best_match.c libselinux/utils: fix all the noreturn errors 2016-11-01 17:29:49 -04:00
selabel_partial_match.c libselinux/utils: fix all the noreturn errors 2016-11-01 17:29:49 -04:00
selinux_check_access.c libselinux/utils: add noreturn attribute to selinux_check_access's usage 2017-05-05 13:07:04 -04:00
selinux_check_securetty_context.c libselinux: include errno.h instead of sys/errno.h 2017-01-09 16:00:22 -05:00
selinuxenabled.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
selinuxexeccon.c libselinux/utils: fix all the noreturn errors 2016-11-01 17:29:49 -04:00
setenforce.c libselinux/utils: fix all the noreturn errors 2016-11-01 17:29:49 -04:00
setfilecon.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
togglesebool.c libselinux/utils: fix all the noreturn errors 2016-11-01 17:29:49 -04:00