glibc

USE флаги

• audit - Enable support for Linux audit subsystem using sys-process/audit
• caps - Use Linux capabilities library to control privilege
• cet - Enable Intel Control-flow Enforcement Technology (needs binutils 2.29 and gcc 8)
• clone3 - Enable the new clone3 syscall within glibc. Can be disabled to allow compatibility with older Electron applications.
• compile-locales - build *all* locales in src_install; this is generally meant for stage building only as it ignores /etc/locale.gen file and can be pretty slow
• crypt - build and install libcrypt and crypt.h
• custom-cflags - Build with user-specified CFLAGS (unsupported)
• debug - When USE=hardened, allow fortify/stack violations to dump core (SIGABRT) and not kill self (SIGKILL)
• doc - Add extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally
• experimental-loong - Add experimental LoongArch patchset
• gd - build memusage and memusagestat tools
• hash-sysv-compat - enable sysv linker hashes in glibc for compatibility with binary software (EAC via wine/proton)
• headers-only - Install only C headers instead of whole package. Mainly used by sys-devel/crossdev for toolchain bootstrap.
• multiarch - enable optimizations for multiple CPU architectures (detected at runtime)
• multilib - On 64bit systems, if you want to be able to compile 32bit and 64bit binaries
• multilib-bootstrap - Provide prebuilt libgcc.a and crt files if missing. Only needed for ABI switch.
• nscd - Build, and enable support for, the Name Service Cache Daemon
• perl - Install additional scripts written in Perl
• profile - Add support for software performance analysis (will likely vary from ebuild to ebuild)
• selinux - !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
• ssp - protect stack of glibc internals
• stack-realign - Realign the stack in the 32-bit build for compatibility with older binaries at some performance cost
• static-libs - Build static versions of dynamic libraries as well
• static-pie - Enable static PIE support (runtime files for -static-pie gcc option).
• suid - Make internal pt_chown helper setuid -- not needed if using Linux and have /dev/pts mounted with gid=5
• systemd - Enable use of systemd-specific libraries and features like socket activation or session tracking
• systemtap - enable systemtap static probe points
• test - Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
• vanilla - Do not add extra patches which change default behaviour; DO NOT USE THIS ON A GLOBAL SCALE as the severity of the meaning changes drastically

Советы по безопасности