Print this page
9139 check_rtime should be able to forbid libraries
9140 check_rtime should learn libnsl is safe now
9141 check_rtime exceptions could be cleaner
*** 61,75 ****
SKIP ^usr/lib/sysevent/modules/picl_slm.so$
# Objects that are allowed to have executable data segments
EXEC_DATA ^MACH(lib)/ld\.so\.1$
EXEC_DATA ^lib/libc\.so\.1$ # 6524709, 32-bit, needed for x86 only
! EXEC_DATA ^lib/amd64/libumem\.so\.1$ # ptcumem
! EXEC_DATA ^lib/libumem\.so\.1$ # ptcumem
EXEC_DATA ^opt/SUNWdtrt/tst/.*/ustack/tst\.helper\.exe$
EXEC_DATA ^platform/.*/MACH(kernel)/unix$
- EXEC_DATA ^platform/.*/multiboot$
# Objects that are allowed to have an executable stack
EXEC_STACK ^platform/.*/MACH(kernel)/unix$
EXEC_STACK ^platform/.*/multiboot$
EXEC_STACK ^opt/os-tests/tests/secflags/stacky$
--- 61,73 ----
SKIP ^usr/lib/sysevent/modules/picl_slm.so$
# Objects that are allowed to have executable data segments
EXEC_DATA ^MACH(lib)/ld\.so\.1$
EXEC_DATA ^lib/libc\.so\.1$ # 6524709, 32-bit, needed for x86 only
! EXEC_DATA ^MACH(lib)/libumem\.so\.1$ # ptcumem
EXEC_DATA ^opt/SUNWdtrt/tst/.*/ustack/tst\.helper\.exe$
EXEC_DATA ^platform/.*/MACH(kernel)/unix$
# Objects that are allowed to have an executable stack
EXEC_STACK ^platform/.*/MACH(kernel)/unix$
EXEC_STACK ^platform/.*/multiboot$
EXEC_STACK ^opt/os-tests/tests/secflags/stacky$
*** 94,115 ****
UNDEF_REF ^usr/lib/libnisdb\.so\.2$
# Objects allowed to have unused dependencies
UNUSED_DEPS ^usr/lib/picl/plugins/ # require devtree dependencies
- # libm.so.2 dependency
- UNUSED_OBJ unused object=.*MACH(libm)/libm_hwcap1\.so\.2
-
# libnetsnmphelpers.so is empty in some net-snmp versions
UNUSED_OBJ unused object=.*/libnetsnmphelpers\.so\..*
UNREF_OBJ unreferenced object=.*/libnetsnmphelpers\.so\..*
# Unused runpaths due to dlopen() use
UNUSED_RPATH /usr/lib/fs/autofs.*\ from\ .automountd
UNUSED_RPATH /etc/ppp/plugins.*\ from\ .*pppd
UNUSED_RPATH /usr/lib/inet/ppp.*\ from\ .*pppd
- UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libipsecutil\.so\.1
UNUSED_RPATH /usr/platform/.*rsmlib.*\ from\ .*librsm\.so\.2
UNUSED_RPATH \$ORIGIN.*\ from\ .*fcode.so
UNUSED_RPATH /opt/VRTSvxvm/lib.*\ from\ .*libdiskmgt\.so\.1
# Unused runpaths in picl code
--- 92,109 ----
*** 120,155 ****
# Unused runpaths in non-OSNET objects we can't change
UNUSED_RPATH /usr/lib/mps.*\ from\ .*libnss3\.so
UNUSED_RPATH /usr/lib/mps.*\ from\ .*libnssutil3\.so
UNUSED_RPATH /usr/lib/mps.*\ from\ .*libsmime3\.so
UNUSED_RPATH /usr/lib/mps.*\ from\ .*libssl3\.so
- UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libdbus-1\.so\.3
- UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libdbus-glib-1\.so\.2
- UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libglib-2\.0\.so\.0
- UNUSED_RPATH /usr/X11/lib.*\ from\ .*libglib-2\.0\.so\.0
- UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libgobject-2\.0\.so\.0
- UNUSED_RPATH /usr/X11/lib.*\ from\ .*libgobject-2\.0\.so\.0
- UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libgthread-2\.0\.so\.0
- UNUSED_RPATH /usr/X11/lib.*\ from\ .*libgthread-2\.0\.so\.0
- UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libcrypto\.so\.0\.9\.8
- UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libnetsnmp\.so\..*
- UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libgcc_s\.so\.1
- UNUSED_RPATH /usr/ccs/lib.*\ from\ .*libgcc_s\.so\.1
- UNUSED_RPATH /usr/lib.*\ from\ .*libgcc_s\.so\.1
- UNUSED_RPATH /usr/postgres/8.3/lib.*\ from\ .*libpq\.so\.5
- UNUSED_RPATH /usr/sfw/lib.*\ from\ .*libpq\.so\.5
UNUSED_RPATH /usr/lib.*\ from\ .*/usr/lib/mps
- UNUSED_RPATH /usr/ccs/lib.*\ from\ .*/usr/lib/mps
UNUSED_RPATH /usr/gnu/lib.*\ from\ .*/usr/lib/libpython2\..
UNUSED_RPATH /usr/gnu/lib.*\ from\ .*/usr/lib/64/libpython2\..
- UNUSED_RPATH /usr/snadm/lib.*\ from\ .*/usr/snadm/lib/libspmicommon\.so\.1
-
# Unused runpaths for reasons not captured above
UNUSED_RPATH /usr/lib/smbsrv.*\ from\ .*libsmb\.so\.1 # future needs
- UNUSED_RPATH /usr.*\ from\ .*tst\.gcc\.exe # gcc built
-
# Unreferenced objects of non-OSnet objects we can't change
UNREF_OBJ /lib.*\ of\ .*libcimapi\.so
UNREF_OBJ /lib.*\ of\ .*libdbus-1\.so\.3
UNREF_OBJ /lib.*\ of\ .*libdbus-glib-1\.so\.2
--- 114,129 ----
*** 209,237 ****
# not have duplicate addresses, since it takes assember or a "#pragma weak"
# to do such aliasing in C. C++ is different: The compiler generates aliases
# for implementation reasons, and the mangled names used to encode argument
# and return value types are difficult to handle well in mapfiles.
# Furthermore, the Sun compiler and gcc use different and incompatible
! # name mangling conventions. Since ON must be buildable by either, we
# would have to maintain two sets of mapfiles for each such object.
! # C++ use is rare in ON, so this is not worth pursuing.
#
NOSYMSORT opt/SUNWdtrt/tst/common/pid/tst.weak2.exe # DTrace test
- NOSYMSORT lib/amd64/libnsl\.so\.1 # C++
- NOSYMSORT lib/sparcv9/libnsl\.so\.1 # C++
- NOSYMSORT lib/sparcv9/libfru\.so\.1 # C++
- NOSYMSORT usr/lib/lms # C++
NOSYMSORT ld\.so\.1 # libc_pic.a user
! NOSYMSORT lib/libsun_fc\.so\.1 # C++
! NOSYMSORT lib/amd64/libsun_fc\.so\.1 # C++
! NOSYMSORT lib/sparcv9/libsun_fc\.so\.1 # C++
! NOSYMSORT usr/lib/amd64/libfru\.so\.1 # C++
# The libprtdiag_psr.so.1 objects built under usr/src/lib/libprtdiag_psr
# are a family, all built using the same makefile, targeted at different
# sparc hardware variants. There are a small number of cases where this
# one size fits all approach causes an object to be linked against an
# unneeded library.
UNREF_OBJ lib/(libdevinfo|libcfgadm)\.so\.1; .*\ of\ .*SUNW,Netra-CP2300/lib/libprtdiag_psr\.so\.1
-
-
--- 183,240 ----
# not have duplicate addresses, since it takes assember or a "#pragma weak"
# to do such aliasing in C. C++ is different: The compiler generates aliases
# for implementation reasons, and the mangled names used to encode argument
# and return value types are difficult to handle well in mapfiles.
# Furthermore, the Sun compiler and gcc use different and incompatible
! # name mangling conventions. Since illumos must be buildable by either, we
# would have to maintain two sets of mapfiles for each such object.
! # C++ use is rare in illumos, so this is not worth pursuing.
#
NOSYMSORT opt/SUNWdtrt/tst/common/pid/tst.weak2.exe # DTrace test
NOSYMSORT ld\.so\.1 # libc_pic.a user
! NOSYMSORT usr/MACH(lib)/libsun_fc\.so\.1 # C++
! NOSYMSORT usr/MACH(lib)/libfru\.so\.1 # C++
+ # The majority of illumos deliverables should not depend on the GCC runtime
+ # (any necessary runtime symbol should be provided by libc.so, instead).
+ # However, the GNU C++ runtime requires the GCC runtime, so certain objects
+ # must be excepted.
+ FORBIDDEN libgcc_s\.so
+ FORBIDDEN_DEP usr/bin/audioconvert # C++
+ FORBIDDEN_DEP usr/bin/make # C++
+ FORBIDDEN_DEP usr/MACH(lib)/libfru.so.1 # C++
+ FORBIDDEN_DEP usr/MACH(lib)/libsun_fc.so.1 # C++
+ FORBIDDEN_DEP usr/lib/netsvc/yp/rpc.yppasswdd # C++
+ FORBIDDEN_DEP usr/lib/netsvc/yp/ypserv # C++
+ FORBIDDEN_DEP usr/lib/netsvc/yp/ypxfr # C++
+ FORBIDDEN_DEP usr/lib/netsvc/yp/ypxfrd # C++
+
+ # libfakekernel is a test environment, not intended for general use
+ FORBIDDEN libfakekernel\.so
+ FORBIDDEN_DEP usr/MACH(lib)/libzpool.so.1
+ FORBIDDEN_DEP usr/bin/amd64/ztest
+ FORBIDDEN_DEP usr/bin/i86/ztest
+ FORBIDDEN_DEP usr/bin/sparcv7/ztest
+ FORBIDDEN_DEP usr/bin/sparcv9/ztest
+ FORBIDDEN_DEP usr/lib/MACH(smbsrv)/libfksmbsrv.so.1
+ FORBIDDEN_DEP usr/lib/smbsrv/fksmbd
+ FORBIDDEN_DEP usr/sbin/amd64/zdb
+ FORBIDDEN_DEP usr/sbin/i86/zdb
+ FORBIDDEN_DEP usr/sbin/sparcv7/zdb
+ FORBIDDEN_DEP usr/sbin/sparcv9/zdb
+
+ # libucb is intended for legacy compatibility, not general use
+ FORBIDDEN libucb\.so
+ FORBIDDEN_DEP usr/ucb/
+ FORBIDDEN_DEP usr/ucblib/
+
+ # Older versions of libraries only provided for binary compatibility
+ FORBIDDEN libm\.so\.1
+ FORBIDDEN libresolv\.so\.1
+ FORBIDDEN libxcurses\.so\.1
# The libprtdiag_psr.so.1 objects built under usr/src/lib/libprtdiag_psr
# are a family, all built using the same makefile, targeted at different
# sparc hardware variants. There are a small number of cases where this
# one size fits all approach causes an object to be linked against an
# unneeded library.
UNREF_OBJ lib/(libdevinfo|libcfgadm)\.so\.1; .*\ of\ .*SUNW,Netra-CP2300/lib/libprtdiag_psr\.so\.1