[OE-core] Run experience with security flags enabled
Dan McGregor
danismostlikely at gmail.com
Thu Sep 27 12:57:30 UTC 2018
On Wed, Sep 26, 2018, 15:47 Khem Raj <raj.khem at gmail.com> wrote:
>
>
> On Wed, Sep 26, 2018 at 2:25 PM Andreas Müller <schnitzeltony at gmail.com>
> wrote:
>
>> Hi,
>>
>> from oe-core perspective my images are build on sumo (glibc 2.27). To
>> see what to expect, I enabled security flags (and yes some recipes in
>> my layers needed rework).
>>
>> Now that I have an image, I thought: let's give it a run. Apart of
>> other issues (maybe later) I get on every startup an error message for
>> ldconfig.
>> systemctl ldconfig says:
>>
>> ● ldconfig.service - Rebuild Dynamic Linker Cache
>> Loaded: loaded (/lib/systemd/system/ldconfig.service; static;
>> vendor preset: enabled)
>> Active: failed (Result: core-dump) since Mon 2018-09-24 19:05:04
>> UTC; 2 days ago
>> Docs: man:ldconfig(8)
>> Process: 136 ExecStart=/sbin/ldconfig -X (code=dumped, signal=SEGV)
>> Main PID: 136 (code=dumped, signal=SEGV)
>>
>> Sep 24 19:05:04 raspberrypi3 systemd[1]: Starting Rebuild Dynamic
>> Linker Cache...
>> Sep 24 19:05:04 raspberrypi3 systemd[1]: ldconfig.service: Main
>> process exited, code=dumped, status=11/SEGV
>> Sep 24 19:05:04 raspberrypi3 systemd[1]: ldconfig.service: Failed with
>> result 'core-dump'.
>> Sep 24 19:05:04 raspberrypi3 systemd[1]: Failed to start Rebuild
>> Dynamic Linker Cache.
>>
>> Again somebody else seeing similar / remembers a fix?
>>
>
> I see similar issue in sumo as well
> I do use security flags too and was not sure if that was the reason I
> think its a good data point
> Sadly I don’t yet have looked into the issue in detail
>
GCC 7 and glibc don't play well together with static PIE. The real solution
is to use GCC 8, but Ross made a workaround for this issue:
http://git.openembedded.org/openembedded-core/commit/?id=5f64946b8740a5d944f48ec430470265703bfe5e
>
>>
>> Help appreciated
>>
>> Andreas
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core at lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20180927/5a5ecd37/attachment-0002.html>
More information about the Openembedded-core
mailing list