I have a package to submit that has an suid binary.  The packaging
guidelines say in that case you must

%global _hardened_build 1

and it turns on PIE/PIC.  However, it doesn't do so on el6, at least.
Should flags be added by hand and, if so, exactly which?

Also, does an suid binary require something to be done for selinux?  (I
know embarrassingly little about it, mainly working on HPC systems, for
which the instructions generally and unfortunately start with "turn off
selinx".)
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org

Reply via email to