Noexecstack -Wl

author Jagger <robert@swiecki.net>

Wed, 9 Mar 2016 00:11:05 +0000 (01:11 +0100)

committer Jagger <robert@swiecki.net>

Wed, 9 Mar 2016 00:11:05 +0000 (01:11 +0100)
author Jagger <robert@swiecki.net>
Wed, 9 Mar 2016 00:11:05 +0000 (01:11 +0100)
committer Jagger <robert@swiecki.net>
Wed, 9 Mar 2016 00:11:05 +0000 (01:11 +0100)
diff --git a/Makefile b/Makefile

index 7cd2f9426b5c4fd83f8628e7ac5c1291c4c383ef..3e050c7cfd1f6fb3a268c1f1c76b2da7eae28021 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -24,7 +24,7 @@ CFLAGS += -O2 -g -ggdb -c -std=gnu11 \
         -fstack-protector-all -Wformat -Wformat=2 -Wformat-security -fPIE \
         -Wall -Wextra -Werror
  
-LDFLAGS += -Wl,-z,now -Wl,-z,relro -pie
+LDFLAGS += -Wl,-z,now -Wl,-z,relro -pie -Wl,-z,noexecstack
  
  COMPILER = $(shell $(CC) -v 2>&1 | grep -E '(gcc|clang) version' | grep -oE '(clang|gcc)')
  
@@ -32,9 +32,6 @@ ifeq ($(COMPILER),clang)
         CFLAGS += -fblocks
         LDFLAGS += -lBlocksRuntime
  endif
-ifeq ($(COMPILER),gcc)
-       LDFLAGS += -Wa,--noexecstack
-endif
  
  SRCS = nsjail.c cmdline.c contain.c log.c mount.c net.c sandbox.c subproc.c user.c util.c uts.c seccomp/bpf-helper.c
  OBJS = $(SRCS:.c=.o)
author	Jagger <robert@swiecki.net>
	Wed, 9 Mar 2016 00:11:05 +0000 (01:11 +0100)
committer	Jagger <robert@swiecki.net>
	Wed, 9 Mar 2016 00:11:05 +0000 (01:11 +0100)