security_flags: disable static PIE in glibc

Static PIE doesn't work entirely right in GCC 7, for example ldconfig on ARM with the flags enabled will something segfault during initialisation. To mitigate this until we have GCC 8 integrated, don't enable static PIE. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@intel.com> 2018-05-14 13:02:11 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-05-14 14:08:56 +0100
commit: 5f64946b8740a5d944f48ec430470265703bfe5e (patch)
tree: dacfdeeab43f578b2d65f5a7e3260f04ba63c73d /meta/conf/distro/include/security_flags.inc
parent: 1121806603c6f621d084b692216f3f616a0768dc (diff)
download: openembedded-core-contrib-5f64946b8740a5d944f48ec430470265703bfe5e.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index d66dd57649..aaeca6991b 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -6,7 +6,7 @@
 # in the DISTRO="poky-lsb" configuration.
 
 GCCPIE ?= "--enable-default-pie"
-GLIBCPIE ?= "--enable-static-pie"
+# If static PIE is known to work well, GLIBCPIE="--enable-static-pie" can be set
 
 # _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use
 # -O0 which then results in a compiler warning.
author	Ross Burton <ross.burton@intel.com>	2018-05-14 13:02:11 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-05-14 14:08:56 +0100
commit	5f64946b8740a5d944f48ec430470265703bfe5e (patch)
tree	dacfdeeab43f578b2d65f5a7e3260f04ba63c73d /meta/conf/distro/include/security_flags.inc
parent	1121806603c6f621d084b692216f3f616a0768dc (diff)
download	openembedded-core-contrib-5f64946b8740a5d944f48ec430470265703bfe5e.tar.gz