| Message ID | 20190920115019.23144-1-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Rejected |
| Headers | show |
| Series | [testsuite] tests/Makefile: check if BPF library is installed | expand |
On 9/20/19 7:50 AM, Ondrej Mosnacek wrote: > Check for the existence of the <bpf/bpf.h> header before enabling BPF > testing. Otherwise building the tests fails in an environment where > the kernel and policy support BPF, but the library is not installed. > > Fixes: 8f0f980a4ad5 ("selinux-testsuite: Add BPF tests") > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > --- > tests/Makefile | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/tests/Makefile b/tests/Makefile > index e5bdfff..e8cf008 100644 > --- a/tests/Makefile > +++ b/tests/Makefile > @@ -43,10 +43,12 @@ endif > > ifeq ($(shell grep -q bpf $(POLDEV)/include/support/all_perms.spt && echo true),true) > ifneq ($(shell ./kvercmp $$(uname -r) 4.15),-1) > +ifneq (,$(wildcard $(INCLUDEDIR)/bpf/bpf.h)) > SUBDIRS += bpf > export CFLAGS += -DHAVE_BPF > endif > endif > +endif I think Richard had something like this originally and I told him to take it out. The rationale was that he added libbpf-devel as a required dependency to the README and we don't want to silently skip tests because someone forgot to install some package; I'd rather it fail at build time. > > ifeq ($(shell grep "^SELINUX_INFINIBAND_ENDPORT_TEST=" infiniband_endport/ibendport_test.conf | cut -d'=' -f 2),1) > SUBDIRS += infiniband_endport >
On Fri, Sep 20, 2019 at 3:02 PM Stephen Smalley <sds@tycho.nsa.gov> wrote: > On 9/20/19 7:50 AM, Ondrej Mosnacek wrote: > > Check for the existence of the <bpf/bpf.h> header before enabling BPF > > testing. Otherwise building the tests fails in an environment where > > the kernel and policy support BPF, but the library is not installed. > > > > Fixes: 8f0f980a4ad5 ("selinux-testsuite: Add BPF tests") > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > > --- > > tests/Makefile | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/tests/Makefile b/tests/Makefile > > index e5bdfff..e8cf008 100644 > > --- a/tests/Makefile > > +++ b/tests/Makefile > > @@ -43,10 +43,12 @@ endif > > > > ifeq ($(shell grep -q bpf $(POLDEV)/include/support/all_perms.spt && echo true),true) > > ifneq ($(shell ./kvercmp $$(uname -r) 4.15),-1) > > +ifneq (,$(wildcard $(INCLUDEDIR)/bpf/bpf.h)) > > SUBDIRS += bpf > > export CFLAGS += -DHAVE_BPF > > endif > > endif > > +endif > > I think Richard had something like this originally and I told him to > take it out. The rationale was that he added libbpf-devel as a required > dependency to the README and we don't want to silently skip tests > because someone forgot to install some package; I'd rather it fail at > build time. OK, that makes sense. My motivation was the situation on RHEL-8, where the kernel and policy matches the existing checks, but there is no libbpf-devel available (not even in our internal repos or EPEL), but there really doesn't seem to be any better way to handle that other than excluding based on distro name/version. For now I'll just conditionally exclude the test in our wrapper script. (There is a lot of conditional tweaks already, I might try to upstream them one day so that they are not split awkwardly between upstream and downstream...) > > > > > ifeq ($(shell grep "^SELINUX_INFINIBAND_ENDPORT_TEST=" infiniband_endport/ibendport_test.conf | cut -d'=' -f 2),1) > > SUBDIRS += infiniband_endport > > > -- Ondrej Mosnacek <omosnace at redhat dot com> Software Engineer, Security Technologies Red Hat, Inc.
diff --git a/tests/Makefile b/tests/Makefile index e5bdfff..e8cf008 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -43,10 +43,12 @@ endif ifeq ($(shell grep -q bpf $(POLDEV)/include/support/all_perms.spt && echo true),true) ifneq ($(shell ./kvercmp $$(uname -r) 4.15),-1) +ifneq (,$(wildcard $(INCLUDEDIR)/bpf/bpf.h)) SUBDIRS += bpf export CFLAGS += -DHAVE_BPF endif endif +endif ifeq ($(shell grep "^SELINUX_INFINIBAND_ENDPORT_TEST=" infiniband_endport/ibendport_test.conf | cut -d'=' -f 2),1) SUBDIRS += infiniband_endport
Check for the existence of the <bpf/bpf.h> header before enabling BPF testing. Otherwise building the tests fails in an environment where the kernel and policy support BPF, but the library is not installed. Fixes: 8f0f980a4ad5 ("selinux-testsuite: Add BPF tests") Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- tests/Makefile | 2 ++ 1 file changed, 2 insertions(+)