diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-05-16 17:18:38 +0200 |
|---|---|---|
| committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-05-31 17:26:13 +0200 |
| commit | 8919f86f573f5256283298415027b0a9052507e5 (patch) | |
| tree | ce65de176546874ca4f3e20d7fa2bee1b449f085 /mkosi.conf.d | |
| parent | mkosi: Add note about kernel command line limit (diff) | |
| download | systemd-8919f86f573f5256283298415027b0a9052507e5.tar.xz systemd-8919f86f573f5256283298415027b0a9052507e5.zip | |
mkosi: Sanitizer improvements
- Let's set the environment on the kernel command line so it applies
to initrd and main system.
- Let's add the necessary wrappers that are also added in test-functions.
Unlike test-functions we don't use gcc/clang to get the library path as
that requires installing gcc/clang in the initrd.
- Let's drop the hack to get journald writing to the console and have
it write to kmsg instead. We'll get the output either way.
- Stop removing libstdc++ and sanitizer libraries from Arch Linux
initrds and other images as it's required by the sanitizer libraries.
- Add a workaround for specifying extra meson options for opensuse
- Add a leak sanitizer suppression file as a workaround for a false
positive leak in verify_selinuxmnt() in libselinux. We do a soname match
because the stacktrace can't be properly symbolized on Debian.
Diffstat (limited to 'mkosi.conf.d')
| -rw-r--r-- | mkosi.conf.d/20-sanitizers.conf | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/mkosi.conf.d/20-sanitizers.conf b/mkosi.conf.d/20-sanitizers.conf new file mode 100644 index 0000000000..235b233e1a --- /dev/null +++ b/mkosi.conf.d/20-sanitizers.conf @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Match] +Environment=SANITIZERS + +[Content] +# Set verify_asan_link_order=0 to prevent ASAN warnings when building the image and make sure the real ASAN +# options are set when booting the image. +# Set intercept_tls_get_addr=0 to work around leak sanitizer segmentation fault in test-dlopen-so on CentOS +# Stream 9. +# TODO: Drop intercept_tls_get_addr=0 when we remove CentOS Stream 9 builds. +Environment=ASAN_OPTIONS=verify_asan_link_order=0:intercept_tls_get_addr=0 +KernelCommandLine= + ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1 + systemd.setenv=ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1 + UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 + systemd.setenv=UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 + LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions + systemd.setenv=LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions |