diff --git a/config.mk.in b/config.mk.in
index 253b86435a5..a7f66fbb525 100644
--- a/config.mk.in
+++ b/config.mk.in
@@ -91,7 +91,7 @@ COMMON_CFLAGS = \
 	-ggdb -O2 -DVERSION='"$(VERSION)"' \
 	-Wall -Wextra $(HAVE_FATAL_WARNINGS) \
 	-Wformat -Wformat-security \
-	-fstack-protector-all -D_FORTIFY_SOURCE=2 \
+	-fstack-protector-all \
 	-DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' \
 	-DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' \
 	-DVARDIR='"/var/lib/firejail"'
diff --git a/configure b/configure
index 61c025a200b..348c02cbbb4 100755
--- a/configure
+++ b/configure
@@ -3506,6 +3506,49 @@ else $as_nop
 fi
 
 
+as_CACHEVAR=`printf "%s\n" "ax_cv_check_cflags_$CFLAGS $CPPFLAGS -Werror_-D_FORTIFY_SOURCE=2" | $as_tr_sh`
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -D_FORTIFY_SOURCE=2" >&5
+printf %s "checking whether C compiler accepts -D_FORTIFY_SOURCE=2... " >&6; }
+if eval test \${$as_CACHEVAR+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+
+  ax_check_save_flags=$CFLAGS
+  CFLAGS="$CFLAGS $CFLAGS $CPPFLAGS -Werror -D_FORTIFY_SOURCE=2"
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  eval "$as_CACHEVAR=yes"
+else $as_nop
+  eval "$as_CACHEVAR=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+  CFLAGS=$ax_check_save_flags
+fi
+eval ac_res=\$$as_CACHEVAR
+	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+if eval test \"x\$"$as_CACHEVAR"\" = x"yes"
+then :
+
+	EXTRA_CFLAGS="$EXTRA_CFLAGS -D_FORTIFY_SOURCE=2"
+
+else $as_nop
+  :
+fi
+
+
 HAVE_SPECTRE="no"
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mindirect-branch=thunk" >&5
 printf %s "checking whether C compiler accepts -mindirect-branch=thunk... " >&6; }
diff --git a/configure.ac b/configure.ac
index 2762c2ef0d9..73bd334f8f3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -30,6 +30,10 @@ AX_CHECK_COMPILE_FLAG([-MMD -MP], [
 	DEPS_CFLAGS="$DEPS_CFLAGS -MMD -MP"
 ])
 
+AX_CHECK_COMPILE_FLAG([-D_FORTIFY_SOURCE=2], [
+	EXTRA_CFLAGS="$EXTRA_CFLAGS -D_FORTIFY_SOURCE=2"
+], [], [$CFLAGS $CPPFLAGS -Werror])
+
 HAVE_SPECTRE="no"
 AX_CHECK_COMPILE_FLAG([-mindirect-branch=thunk], [
 	HAVE_SPECTRE="yes"