[Bug 1824384] [NEW] libapparmor not built with -fPIC

Maciej Borzecki Thu, 11 Apr 2019 08:25:52 -0700

Public bug reported:

Attempted to build snap-confine with DEB_BUILD_MAINT_OPTIONS =
hardening=+pie. The build fails with:


mv -f snap-confine/.deps/snap_confine_snap_confine-user-support.Tpo 
snap-confine/.deps/snap_confine_snap_confine-user-support.Po                    
                         
gcc -Wall -Wextra -Wmissing-prototypes -Wstrict-prototypes 
-Wno-missing-field-initializers -Wno-unused-parameter -Werror  
-DLIBEXECDIR=\"/usr/lib/snapd\" -DNATIVE_LIBDIR=\"/usr/lib\"     -g -O2 -fPIE 
-fstack-protector-strong -Wformat -Werror=format-security   
-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -o snap-confine/snap-confine 
snap-confine/snap_confine_snap_confine-cookie-support.o 
snap-confine/snap_confine_snap_confine-mount-support-nvidia.o 
snap-confine/snap_confine_snap_confine-mount-support.o 
snap-confine/snap_confine_snap_confine-ns-support.o 
snap-confine/snap_confine_snap_confine-seccomp-support-ext.o 
snap-confine/snap_confine_snap_confine-seccomp-support.o 
snap-confine/snap_confine_snap_confine-snap-confine-args.o 
snap-confine/snap_confine_snap_confine-snap-confine-invocation.o 
snap-confine/snap_confine_snap_confine-snap-confine.o 
snap-confine/snap_confine_snap_confine-udev-support.o 
snap-confine/snap_confine_snap_confine-user-support.o  
libsnap-confine-private.a -ludev    -Wl,-Bstatic -lcap -lapparmor  
-Wl,-Bdynamic -pthread
/usr/bin/ld: /lib/x86_64-linux-gnu/libapparmor.a(kernel.o): relocation 
R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared 
object; recompile with -fPIC
/lib/x86_64-linux-gnu/libapparmor.a: error adding symbols: Bad value
collect2: error: ld returned 1 exit status

By default, because of snapd reexec support on Ubuntu (and some other
distros), snap-confine will try to link a static version libapparmor. It
appears that libapparmor object files are built without -fPIC though.

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1824384

Title:
  libapparmor not built with -fPIC

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1824384/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1824384] [NEW] libapparmor not built with -fPIC

Reply via email to