On Fri, Sep 20, 2019 at 3:02 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> On 9/20/19 7:50 AM, Ondrej Mosnacek wrote:
> > Check for the existence of the <bpf/bpf.h> header before enabling BPF
> > testing. Otherwise building the tests fails in an environment where
> > the kernel and policy support BPF, but the library is not installed.
> >
> > Fixes: 8f0f980a4ad5 ("selinux-testsuite: Add BPF tests")
> > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
> > ---
> > tests/Makefile | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/tests/Makefile b/tests/Makefile
> > index e5bdfff..e8cf008 100644
> > --- a/tests/Makefile
> > +++ b/tests/Makefile
> > @@ -43,10 +43,12 @@ endif
> >
> > ifeq ($(shell grep -q bpf $(POLDEV)/include/support/all_perms.spt && echo true),true)
> > ifneq ($(shell ./kvercmp $$(uname -r) 4.15),-1)
> > +ifneq (,$(wildcard $(INCLUDEDIR)/bpf/bpf.h))
> > SUBDIRS += bpf
> > export CFLAGS += -DHAVE_BPF
> > endif
> > endif
> > +endif
>
> I think Richard had something like this originally and I told him to
> take it out. The rationale was that he added libbpf-devel as a required
> dependency to the README and we don't want to silently skip tests
> because someone forgot to install some package; I'd rather it fail at
> build time.
OK, that makes sense. My motivation was the situation on RHEL-8, where
the kernel and policy matches the existing checks, but there is no
libbpf-devel available (not even in our internal repos or EPEL), but
there really doesn't seem to be any better way to handle that other
than excluding based on distro name/version. For now I'll just
conditionally exclude the test in our wrapper script. (There is a lot
of conditional tweaks already, I might try to upstream them one day so
that they are not split awkwardly between upstream and downstream...)
>
> >
> > ifeq ($(shell grep "^SELINUX_INFINIBAND_ENDPORT_TEST=" infiniband_endport/ibendport_test.conf | cut -d'=' -f 2),1)
> > SUBDIRS += infiniband_endport
> >
>
--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.
