From 4de58a4f53938463e8dacfb6e67f872442245193 Mon Sep 17 00:00:00 2001
From: Alexey Gladkov <legion@altlinux.org>
Date: Fri, 14 Oct 2016 01:17:05 +0300
Subject: [PATCH 02/24] OPENSUSE Compile the sandbox with -fPIE settings

---
 sandbox/linux/BUILD.gn | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn
index 6f43c6cb60b..f4ca3b37078 100644
--- a/sandbox/linux/BUILD.gn
+++ b/sandbox/linux/BUILD.gn
@@ -306,37 +306,38 @@ if (is_linux) {
     sources = [
       "suid/common/sandbox.h",
       "suid/common/suid_unsafe_environment_variables.h",
       "suid/process_util.h",
       "suid/process_util_linux.c",
       "suid/sandbox.c",
     ]
 
     cflags = [
       # For ULLONG_MAX
-      "-std=gnu99",
+      "-std=gnu99", "-fPIE",
 
       # These files have a suspicious comparison.
       # TODO fix this and re-enable this warning.
       "-Wno-sign-compare",
     ]
+    ldflags = [ "-pie" ]
 
     import("//build/config/compiler/compiler.gni")
     import("//build/config/sanitizers/sanitizers.gni")
     if (is_component_build || using_sanitizer) {
       # WARNING! We remove this config so that we don't accidentally
       # pick up the //build/config:rpath_for_built_shared_libraries
       # sub-config. However, this means that we need to duplicate any
       # other flags that executable_config might have.
       configs -= [ "//build/config:executable_config" ]
       if (!use_gold) {
-        ldflags = [ "-Wl,--disable-new-dtags" ]
+        ldflags += [ "-Wl,--disable-new-dtags" ]
       }
     }
 
     # We also do not want to pick up any of the other sanitizer
     # flags (i.e. we do not want to build w/ the sanitizers at all).
     # This is safe to delete unconditionally, because it is part of the
     # default configs and empty when not using the sanitizers.
     configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ]
   }
 }
-- 
2.17.1