[OE-core] Run experience with security flags enabled
Khem Raj
raj.khem at gmail.com
Thu Sep 27 18:49:36 UTC 2018
I sent it earlier today see
https://patchwork.openembedded.org/patch/155216/
On Thu, Sep 27, 2018 at 11:42 AM Andreas Müller <schnitzeltony at gmail.com> wrote:
>
> On Thu, Sep 27, 2018 at 2:57 PM, Dan McGregor <danismostlikely at gmail.com> wrote:
> > On Wed, Sep 26, 2018, 15:47 Khem Raj <raj.khem at gmail.com> wrote:
> >>
> >>
> >>
> >> On Wed, Sep 26, 2018 at 2:25 PM Andreas Müller <schnitzeltony at gmail.com>
> >> wrote:
> >>>
> >>> Hi,
> >>>
> >>> from oe-core perspective my images are build on sumo (glibc 2.27). To
> >>> see what to expect, I enabled security flags (and yes some recipes in
> >>> my layers needed rework).
> >>>
> >>> Now that I have an image, I thought: let's give it a run. Apart of
> >>> other issues (maybe later) I get on every startup an error message for
> >>> ldconfig.
> >>> systemctl ldconfig says:
> >>>
> >>> ● ldconfig.service - Rebuild Dynamic Linker Cache
> >>> Loaded: loaded (/lib/systemd/system/ldconfig.service; static;
> >>> vendor preset: enabled)
> >>> Active: failed (Result: core-dump) since Mon 2018-09-24 19:05:04
> >>> UTC; 2 days ago
> >>> Docs: man:ldconfig(8)
> >>> Process: 136 ExecStart=/sbin/ldconfig -X (code=dumped, signal=SEGV)
> >>> Main PID: 136 (code=dumped, signal=SEGV)
> >>>
> >>> Sep 24 19:05:04 raspberrypi3 systemd[1]: Starting Rebuild Dynamic
> >>> Linker Cache...
> >>> Sep 24 19:05:04 raspberrypi3 systemd[1]: ldconfig.service: Main
> >>> process exited, code=dumped, status=11/SEGV
> >>> Sep 24 19:05:04 raspberrypi3 systemd[1]: ldconfig.service: Failed with
> >>> result 'core-dump'.
> >>> Sep 24 19:05:04 raspberrypi3 systemd[1]: Failed to start Rebuild
> >>> Dynamic Linker Cache.
> >>>
> >>> Again somebody else seeing similar / remembers a fix?
> >>
> >>
> >> I see similar issue in sumo as well
> >> I do use security flags too and was not sure if that was the reason I
> >> think its a good data point
> >> Sadly I don’t yet have looked into the issue in detail
> >
> >
> > GCC 7 and glibc don't play well together with static PIE. The real solution
> > is to use GCC 8, but Ross made a workaround for this issue:
> >
> > http://git.openembedded.org/openembedded-core/commit/?id=5f64946b8740a5d944f48ec430470265703bfe5e
> It seems I can confirm this: Debugging shows that the crash happens in
> dl-relocate_static-pie.c _dl_relocate_static_pie line 41.
>
> Will send this to sumo as soon as tested.
>
> Andreas
More information about the Openembedded-core
mailing list