| Message ID | 20240808151621.GA10025@asgard.redhat.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | selftests/sched/Makefile: remove relative rpath usage | expand |
On 8/8/24 09:16, Eugene Syromiatnikov wrote: > The relative RPATH ("./") supplied to linker options in CFLAGS is resolved > relative to current working directory and not the executable directory, > which will lead in incorrect resolution when the test executables are run > from elsewhere. However, the sole sched test (cs_prctl_test) > does not require any locally-built libraries to run, so the RPATH > directive can be removed. > > Discovered by the /usr/lib/rpm/check-rpaths script[1][2] that checks > for insecure RPATH/RUNPATH[3], such as containing relative directories, > during an attempt to package BPF selftests for later use in CI: > > ERROR 0004: file '/usr/libexec/kselftests/bpf/urandom_read' contains an insecure runpath '.' in [.] > > [1] https://github.com/rpm-software-management/rpm/blob/master/scripts/check-rpaths > [2] https://github.com/rpm-software-management/rpm/blob/master/scripts/check-rpaths-worker > [3] https://cwe.mitre.org/data/definitions/426.html > > Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com> > --- > tools/testing/selftests/sched/Makefile | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/tools/testing/selftests/sched/Makefile b/tools/testing/selftests/sched/Makefile > index 099ee9213557..0e4581ded9d6 100644 > --- a/tools/testing/selftests/sched/Makefile > +++ b/tools/testing/selftests/sched/Makefile > @@ -4,8 +4,7 @@ ifneq ($(shell $(CC) --version 2>&1 | head -n 1 | grep clang),) > CLANG_FLAGS += -no-integrated-as > endif > > -CFLAGS += -O2 -Wall -g -I./ $(KHDR_INCLUDES) -Wl,-rpath=./ \ > - $(CLANG_FLAGS) > +CFLAGS += -O2 -Wall -g -I./ $(KHDR_INCLUDES) $(CLANG_FLAGS) > LDLIBS += -lpthread > > TEST_GEN_FILES := cs_prctl_test Wouldn't make sense to fix fix this in selftests main Makefile instead of changing the all the test makefiles Same comment on all other files. It would be easier to send these as series - please mentioned the tests run as well after this change. thanks, -- Shuah
diff --git a/tools/testing/selftests/sched/Makefile b/tools/testing/selftests/sched/Makefile index 099ee9213557..0e4581ded9d6 100644 --- a/tools/testing/selftests/sched/Makefile +++ b/tools/testing/selftests/sched/Makefile @@ -4,8 +4,7 @@ ifneq ($(shell $(CC) --version 2>&1 | head -n 1 | grep clang),) CLANG_FLAGS += -no-integrated-as endif -CFLAGS += -O2 -Wall -g -I./ $(KHDR_INCLUDES) -Wl,-rpath=./ \ - $(CLANG_FLAGS) +CFLAGS += -O2 -Wall -g -I./ $(KHDR_INCLUDES) $(CLANG_FLAGS) LDLIBS += -lpthread TEST_GEN_FILES := cs_prctl_test
The relative RPATH ("./") supplied to linker options in CFLAGS is resolved relative to current working directory and not the executable directory, which will lead in incorrect resolution when the test executables are run from elsewhere. However, the sole sched test (cs_prctl_test) does not require any locally-built libraries to run, so the RPATH directive can be removed. Discovered by the /usr/lib/rpm/check-rpaths script[1][2] that checks for insecure RPATH/RUNPATH[3], such as containing relative directories, during an attempt to package BPF selftests for later use in CI: ERROR 0004: file '/usr/libexec/kselftests/bpf/urandom_read' contains an insecure runpath '.' in [.] [1] https://github.com/rpm-software-management/rpm/blob/master/scripts/check-rpaths [2] https://github.com/rpm-software-management/rpm/blob/master/scripts/check-rpaths-worker [3] https://cwe.mitre.org/data/definitions/426.html Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com> --- tools/testing/selftests/sched/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)