-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Build android binaries with PIE support #7
Comments
Very interested by this too ! |
A patch against the lxc-ci branch to tweak the Android build to use PIE would be appreciated. |
Any updates on this? |
Nobody appears to be interested in providing a patch or a branch for this, so no. |
I want to do this but I have absolutely no idea how LXC build system works
|
I worked on this, and i could have a arm 32 bit lxc with PIE support enabled. I couldn't do it by just modifying LXC-CI, so i modified LXC build system to do so. I don't know if my change can be included directly in lxc (because maybe there is a better way to do so). You can find arm 32 binaries with PIE support on this thread (second post) : Hope it will help everyone :) |
Does something like http://paste.ubuntu.com/18897690/ and passing --enable-hardening work? |
If you use an NDK with a later API (instead of 9 in build script) it comes with PIE support by default. I believe it's API's after 10. |
I'd be fine moving to kitkat and higher, so that'd be API level 19. Can you send a branch to change it? |
Hi @stgraber , I tried modifying build-android for use with NDK build script and I wasn't able to get it to play nice. I'm not sure if it was just me but the sysroot didn't work with NDK. I did end up building it manually using a toolchain and testing it on the Nexus 5 (binaries ran): https://gist.github.com/binkybear/18dab6ef15bfb8052f15c12c6b7777f3 |
I just bumped our builds to use API level 21 and we've fixed the one build issue in the way. There's a build in progress right now on Jenkins which will hopefully succeed and give you binaries that hopefully have PIE enabled. |
Thanks @stgraber |
I'm assuming that this bug has been resolved now. If this still doesn't work on recent Android we'll look into whatever bits are missing. |
Tried the latest build and it only contains /data. It's missing system libs and binaries. |
Officially lxc provides binary and all only in /data.. see /data/lxc/lxc/ |
@bhush9 - Thanks for clearing that up. I assumed from the build script it copied over some of the files to system. I just gave it a run on marshmallow: root@hammerhead:/data/lxc/lxc/bin # ./lxc-info
error: only position independent executables (PIE) are supported.
1|root@hammerhead:/data/lxc/lxc/bin # ./lxc-start
error: only position independent executables (PIE) are supported.
1|root@hammerhead:/data/lxc/lxc/bin # md5sum lxc-info
154254d9b354d9f207c345547cc48db0 lxc-info |
Hmm. right so.. build still have non PIE executable.. it seems? |
still built without -fPIE ... WHY 😱 |
Getting the same error with LineageOS 14.1 (Android 7.1.1, kernel 3.18.31) on gemini. |
Yes, whatever the NDK used, the only solution is to fix the makefile (as i did in my previous comment) |
Oh, I see now. Wondering why It isn't default configuration, there's no much pre-lollipop devices on the market now. |
With the pkg-config change we merged a while back, it should be possible to convince the configure script to enable PIE without it breaking half the build. |
Is there an update on this? The builds are still performed without PIE |
Hi, upstream android builds are not compiling with -fPIE, the issue is still present. I will try to fix it at configure.ac file as a "--enable-android-pie" and give a pull request. Stephane, that sounds good? |
So that one don't have to patch bionic,
The text was updated successfully, but these errors were encountered: