On Fri, Mar 6, 2020 at 10:24 AM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > On Fri, Mar 6, 2020 at 9:52 AM William Roberts <bill.c.roberts@xxxxxxxxx> wrote: > > > > The libsepol/src/Makefile has the below lines for CFLAGS: > > > > CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-format-attribute -O2 > > > > override CFLAGS += -I. -I../include -D_GNU_SOURCE > > > > Does anyone have a preference where I add the -fno-semantic-interposition? > > > > I was thinking the conditional assignment because of the comment made > > about packagers overriding things on the selinux drop dso patch > > series. > > I am not a package maintainer but regardless of how this gets added > (and I think in the libselinux case > it ends up being part of the conditional assignment), we need to make > sure that maintainers are strongly > encouraged to add it to their builds to preserve existing behavior. Definitely. The same would go for libselinux, its on EXTRA_CFLAGS which eventually gets conditionally assigned to CFLAGS. I would imagine if you set custom CFLAGS when building a package, you better make sure it's perfect. You won't necessarily get a wrong lib, but you could get something undesirable for a host of reasons (hardening flags omitted, etc). I could definitely see an argument to add this no matter what for gcc builds (omit for clang) and make it non-override-able. But the package folks seemed to frown on that.
