Re: packaging suid files

Orion Poplawski writes: > This may help: > > https://fedoraproject.org/wiki/Changes/Harden_All_Packages Maybe... > I've done this for EL6: > > # _hardened_build not working for EL6, at least define > __global_ldflags for now > %{!?__global_ldflags: %global __global_ldflags

Re: packaging suid files

On 04/20/2016 08:12 AM, Dave Love wrote: I have a package to submit that has an suid binary. The packaging guidelines say in that case you must %global _hardened_build 1 and it turns on PIE/PIC. However, it doesn't do so on el6, at least. Should flags be added by hand and, if so, exactly

Re: packaging suid files

No most likely the suid file should be fine with SELInux. Only a confined user would be prevented from using it. On 04/20/2016 07:12 AM, Dave Love wrote: I have a package to submit that has an suid binary. The packaging guidelines say in that case you must %global _hardened_build 1 and it

packaging suid files

I have a package to submit that has an suid binary. The packaging guidelines say in that case you must %global _hardened_build 1 and it turns on PIE/PIC. However, it doesn't do so on el6, at least. Should flags be added by hand and, if so, exactly which? Also, does an suid binary require