If one typically only boots full disk-images, one wouldn't necessaraly
want to statically link glibc, for the guest-init feature of the
kvmtool. As statically linked glibc triggers haevy security
maintainance.
Signed-off-by: Dimitri John Ledkov <dimitri.j.ledkov@xxxxxxxxx>
---
Changes since v1:
- rename CONFIG_HAS_LIBC to CONFIG_GUEST_INIT for clarity
- use more ifdefs, instead of runtime check of _binary_guest_init_size==0
Makefile | 11 ++++++-----
builtin-run.c | 6 ++++++
builtin-setup.c | 6 ++++++
3 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/Makefile b/Makefile
index 1534e6f..bc6059c 100644
--- a/Makefile
+++ b/Makefile
@@ -34,8 +34,6 @@ bindir_SQ = $(subst ','\'',$(bindir))
PROGRAM := lkvm
PROGRAM_ALIAS := vm
-GUEST_INIT := guest/init
-
OBJS += builtin-balloon.o
OBJS += builtin-debug.o
OBJS += builtin-help.o
@@ -279,8 +277,12 @@ ifeq ($(LTO),1)
endif
endif
-ifneq ($(call try-build,$(SOURCE_STATIC),,-static),y)
- $(error No static libc found. Please install glibc-static package.)
+ifeq ($(call try-build,$(SOURCE_STATIC),,-static),y)
+ CFLAGS += -DCONFIG_GUEST_INIT
+ GUEST_INIT := guest/init
+ GUEST_OBJS = guest/guest_init.o
+else
+ NOTFOUND += static-libc
endif
ifeq (y,$(ARCH_WANT_LIBFDT))
@@ -356,7 +358,6 @@ c_flags = -Wp,-MD,$(depfile) $(CFLAGS)
# $(OTHEROBJS) are things that do not get substituted like this.
#
STATIC_OBJS = $(patsubst %.o,%.static.o,$(OBJS) $(OBJS_STATOPT))
-GUEST_OBJS = guest/guest_init.o
$(PROGRAM)-static: $(STATIC_OBJS) $(OTHEROBJS) $(GUEST_INIT)
$(E) " LINK " $@
diff --git a/builtin-run.c b/builtin-run.c
index 1ee75ad..e27acd6 100644
--- a/builtin-run.c
+++ b/builtin-run.c
@@ -59,8 +59,10 @@ static int kvm_run_wrapper;
bool do_debug_print = false;
+#ifdef CONFIG_GUEST_INIT
extern char _binary_guest_init_start;
extern char _binary_guest_init_size;
+#endif
static const char * const run_usage[] = {
"lkvm run [<options>] [<kernel image>]",
@@ -347,6 +349,7 @@ void kvm_run_help(void)
static int kvm_setup_guest_init(struct kvm *kvm)
{
+#ifdef CONFIG_GUEST_INIT
const char *rootfs = kvm->cfg.custom_rootfs_name;
char tmp[PATH_MAX];
size_t size;
@@ -367,6 +370,9 @@ static int kvm_setup_guest_init(struct kvm *kvm)
close(fd);
return 0;
+#else
+ die("Guest init not compiled");
+#endif
}
static int kvm_run_set_sandbox(struct kvm *kvm)
diff --git a/builtin-setup.c b/builtin-setup.c
index 8b45c56..ff796c3 100644
--- a/builtin-setup.c
+++ b/builtin-setup.c
@@ -16,8 +16,10 @@
#include <sys/mman.h>
#include <fcntl.h>
+#ifdef CONFIG_GUEST_INIT
extern char _binary_guest_init_start;
extern char _binary_guest_init_size;
+#endif
static const char *instance_name;
@@ -126,6 +128,7 @@ static const char *guestfs_symlinks[] = {
static int copy_init(const char *guestfs_name)
{
+#ifdef CONFIG_GUEST_INIT
char path[PATH_MAX];
size_t size;
int fd, ret;
@@ -144,6 +147,9 @@ static int copy_init(const char *guestfs_name)
close(fd);
return 0;
+#else
+ die("Guest init not compiled");
+#endif
}
static int copy_passwd(const char *guestfs_name)
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
