Support for statically linked binaries #241
Comments
|
It's supported if you build libc with hardened_malloc as the malloc implementation. Not really clear what else we could do to make it easier to do. |
|
Maybe it'll help if I explain my usecase here too. I currently maintain hardened_malloc-rs. I made this because I would like to integrate hardened_malloc into Rust crates without relying on LD_PRELOAD and receiving all the benefits from Rust's compiler and linker optimisations which LD_PRELOAD does not provide, and be able to provide static binaries of my Rust crate with hardened_malloc in them (just like tikv-jemallocator does). The problem I faced was that the hardened_malloc Makefile links and performs LTO automatically, generally with This issue doesn't impact GCC users because the IR bitcode generated is compatible, but it's still unnecessary "double linking/LTO". My workaround was to create a (likely misleading) CONFIG_STATIC config option for hardened_malloc here: girlbossceo@dd52b42 This simply skips linking the object files and skips LTO from hardened_malloc. Then use those object files and CONFIG_STATIC when building hardened_malloc-rs with the And I can tell rustc to link the static archive file with if cfg!(feature = "light") {
println!("cargo:rustc-link-search={}", out_dir);
println!("cargo:rustc-link-lib=static=hardened_malloc-light");
} else {
println!("cargo:rustc-link-search={}", out_dir);
println!("cargo:rustc-link-lib=static=hardened_malloc");
}I also had to make this small chacha.c change that LTO would optimise out otherwise I'll get a build error: girlbossceo@67aea43 I could be totally approaching this the wrong way, but I was unable to figure out any other way and this is what's working right now. If this is the wrong way, do tell me a better way. |
|
T.: @thestinger Well, we don't know how one would go bout building an entire libc w a custom malloc, n whether it'd be possible LD preloading that within a container that was made w a different libc version (or entirely different libc). I understand documenting that might be outta scope for this project, but in that case, might be nice'f't linkeda appropriate third-party docs in the README. @girlbossceo As for ur thing
Sounds like that can't be preloaded at all, then? Like, we'd specifically want a binary that can be preloaded from within a n already existing container, rather than rebuilding all our containers ourselves. Startinga wonder whether that's possible at all. N I get Github issues're not intended for use as a support forum, but we don't know a better place for talking bout this (onea the GrapheneOS rooms on Matrix perhaps?). |
T.: We've been thinking bout using this within containers by mounting the file from the container host's FS, but that leadsa compatibility issues, e.g. a mismatch in glibc versions between host n container systems (n just mounting over the entire FS into the container's not that trivial nor desired necessarily, especially when ur host distro doesn't follow the FHS). 's adding support for building an entirely statically linked binary possible, so this n similar use cases would be enabled?
The text was updated successfully, but these errors were encountered: