The relative RPATH ("./") supplied to linker options in CFLAGS is resolved relative to current working directory and not the executable directory, which will lead in incorrect resolution when the test executables are run from elsewhere. However, the sole sched test (cs_prctl_test) does not require any locally-built libraries to run, so the RPATH directive can be removed.
Discovered by the /usr/lib/rpm/check-rpaths script[1][2] that checks for insecure RPATH/RUNPATH[3], such as containing relative directories, during an attempt to package BPF selftests for later use in CI:
ERROR 0004: file '/usr/libexec/kselftests/bpf/urandom_read' contains an insecure runpath '.' in [.]
[1] https://github.com/rpm-software-management/rpm/blob/master/scripts/check-rpa... [2] https://github.com/rpm-software-management/rpm/blob/master/scripts/check-rpa... [3] https://cwe.mitre.org/data/definitions/426.html
Signed-off-by: Eugene Syromiatnikov esyr@redhat.com --- tools/testing/selftests/sched/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/tools/testing/selftests/sched/Makefile b/tools/testing/selftests/sched/Makefile index 099ee9213557..0e4581ded9d6 100644 --- a/tools/testing/selftests/sched/Makefile +++ b/tools/testing/selftests/sched/Makefile @@ -4,8 +4,7 @@ ifneq ($(shell $(CC) --version 2>&1 | head -n 1 | grep clang),) CLANG_FLAGS += -no-integrated-as endif
-CFLAGS += -O2 -Wall -g -I./ $(KHDR_INCLUDES) -Wl,-rpath=./ \ - $(CLANG_FLAGS) +CFLAGS += -O2 -Wall -g -I./ $(KHDR_INCLUDES) $(CLANG_FLAGS) LDLIBS += -lpthread
TEST_GEN_FILES := cs_prctl_test
On 8/8/24 09:16, Eugene Syromiatnikov wrote:
The relative RPATH ("./") supplied to linker options in CFLAGS is resolved relative to current working directory and not the executable directory, which will lead in incorrect resolution when the test executables are run from elsewhere. However, the sole sched test (cs_prctl_test) does not require any locally-built libraries to run, so the RPATH directive can be removed.
Discovered by the /usr/lib/rpm/check-rpaths script[1][2] that checks for insecure RPATH/RUNPATH[3], such as containing relative directories, during an attempt to package BPF selftests for later use in CI:
ERROR 0004: file '/usr/libexec/kselftests/bpf/urandom_read' contains an insecure runpath '.' in [.][1] https://github.com/rpm-software-management/rpm/blob/master/scripts/check-rpa... [2] https://github.com/rpm-software-management/rpm/blob/master/scripts/check-rpa... [3] https://cwe.mitre.org/data/definitions/426.html
Signed-off-by: Eugene Syromiatnikov esyr@redhat.com
tools/testing/selftests/sched/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/tools/testing/selftests/sched/Makefile b/tools/testing/selftests/sched/Makefile index 099ee9213557..0e4581ded9d6 100644 --- a/tools/testing/selftests/sched/Makefile +++ b/tools/testing/selftests/sched/Makefile @@ -4,8 +4,7 @@ ifneq ($(shell $(CC) --version 2>&1 | head -n 1 | grep clang),) CLANG_FLAGS += -no-integrated-as endif -CFLAGS += -O2 -Wall -g -I./ $(KHDR_INCLUDES) -Wl,-rpath=./ \
$(CLANG_FLAGS)+CFLAGS += -O2 -Wall -g -I./ $(KHDR_INCLUDES) $(CLANG_FLAGS) LDLIBS += -lpthread TEST_GEN_FILES := cs_prctl_test
Wouldn't make sense to fix fix this in selftests main Makefile instead of changing the all the test makefiles
Same comment on all other files. It would be easier to send these as series - please mentioned the tests run as well after this change.
thanks, -- Shuah
linux-kselftest-mirror@lists.linaro.org
-
Eugene Syromiatnikov -
Shuah Khan