From 8919f86f573f5256283298415027b0a9052507e5 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Thu, 16 May 2024 17:18:38 +0200 Subject: mkosi: Sanitizer improvements - Let's set the environment on the kernel command line so it applies to initrd and main system. - Let's add the necessary wrappers that are also added in test-functions. Unlike test-functions we don't use gcc/clang to get the library path as that requires installing gcc/clang in the initrd. - Let's drop the hack to get journald writing to the console and have it write to kmsg instead. We'll get the output either way. - Stop removing libstdc++ and sanitizer libraries from Arch Linux initrds and other images as it's required by the sanitizer libraries. - Add a workaround for specifying extra meson options for opensuse - Add a leak sanitizer suppression file as a workaround for a false positive leak in verify_selinuxmnt() in libselinux. We do a soname match because the stacktrace can't be properly symbolized on Debian. --- mkosi.conf | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'mkosi.conf') diff --git a/mkosi.conf b/mkosi.conf index 300b86bf97..1c552a269e 100644 --- a/mkosi.conf +++ b/mkosi.conf @@ -10,13 +10,9 @@ MinimumVersion=23~devel @CacheDirectory=build/mkosi.cache [Content] -# Prevent ASAN warnings when building the image and ship the real ASAN options prefixed with MKOSI_. -Environment=ASAN_OPTIONS=verify_asan_link_order=false - MKOSI_ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1 - MKOSI_UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1 - # The kernel versions in CentOS Stream 9 and Ubuntu 22.04 don't support orphan_file, but later - # versions of mkfs.ext4 enabled it by default, so we disable it explicitly. - SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file" +# The kernel versions in CentOS Stream 9 and Ubuntu 22.04 don't support orphan_file, but later +# versions of mkfs.ext4 enabled it by default, so we disable it explicitly. +Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file" @SELinuxRelabel=no BuildSourcesEphemeral=yes -- cgit v1.2.3