[poky] PATCH: openssl: disable execstack flag to prevent problems with SELinux
Paul Eggleton
paul.eggleton at intel.com
Fri Dec 3 08:09:03 PST 2010
On Thursday 02 December 2010 18:46:10 you wrote:
> On 11/19/2010 02:23 AM, Paul Eggleton wrote:
> > openssl: disable execstack flag to prevent problems with SELinux
> >
> > The execstack flag gets set on libcrypto.so by default which causes SELinux
> > to prevent it from being loaded on systems using SELinux, which includes
> > Fedora. This patch disables the execstack flag. (Note: Red Hat do this in
> > their openssl packaging.)
> >
> Should this be a native only CFLAG change?
>
> Since we are not SELinux on the target (that might be a layer someone
> else might provide).
AFAICT there's no benefit to leaving the execstack flag enabled for this library. However if we want to take the conservative approach and leave it as-is for the target that's fine. Let me know if that's the case and I will produce a new patch.
Cheers,
Paul
---------------------------------------------------------------------
Intel Corporation (UK) Limited
Registered No. 1134945 (England)
Registered Office: Pipers Way, Swindon SN3 1RJ
VAT No: 860 2173 47
This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.
More information about the poky
mailing list