security_flags: Add comment about what it does and who uses it

author Richard Purdie <richard.purdie@linuxfoundation.org>

Fri, 29 May 2015 13:16:50 +0000 (14:16 +0100)

committer Richard Purdie <richard.purdie@linuxfoundation.org>

Sat, 30 May 2015 21:25:10 +0000 (22:25 +0100)
author Richard Purdie <richard.purdie@linuxfoundation.org>
Fri, 29 May 2015 13:16:50 +0000 (14:16 +0100)
committer Richard Purdie <richard.purdie@linuxfoundation.org>
Sat, 30 May 2015 21:25:10 +0000 (22:25 +0100)
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc

index 0ee38140efb5a7c81d55cb10405afb33ee83b1e5..9608c7f06914157df9eddccb2da454e71db60234 100644 (file)
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -1,3 +1,10 @@
+# Setup extra CFLAGS and LDFLAGS which have 'security' benefits. These 
+# don't work universally, there are recipes which can't use one, the other
+# or both so a blacklist is maintained here. The idea would be over
+# time to reduce this list to nothing.
+# From a Yocto Project perspective, this file is included and tested
+# in the DISTRO="poky-lsb" configuration.
+
  SECURITY_CFLAGS ?= "-fstack-protector-all -pie -fpie -D_FORTIFY_SOURCE=2"
  SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-all -D_FORTIFY_SOURCE=2"
  SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"
author	Richard Purdie <richard.purdie@linuxfoundation.org>
	Fri, 29 May 2015 13:16:50 +0000 (14:16 +0100)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Sat, 30 May 2015 21:25:10 +0000 (22:25 +0100)