[pipeline] Set CAP_SYS_TIME for settimeofday ok in syncd test#1068
Merged
lguohan merged 3 commits intosonic-net:masterfrom Jun 22, 2022
Merged
[pipeline] Set CAP_SYS_TIME for settimeofday ok in syncd test#1068lguohan merged 3 commits intosonic-net:masterfrom
lguohan merged 3 commits intosonic-net:masterfrom
Conversation
Contributor
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Contributor
Author
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
kcudnik
reviewed
Jun 20, 2022
|
|
||
| tests_SOURCES = tests.cpp | ||
| tests_CXXFLAGS = $(DBGFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS_COMMON) | ||
| tests_LDFLAGS = -Wl,-rpath,$(top_srcdir)/lib/.libs -Wl,-rpath,$(top_srcdir)/meta/.libs |
Collaborator
There was a problem hiding this comment.
why this is required here ? those directories are already passed in below LDADD
Contributor
Author
There was a problem hiding this comment.
Running syncd/tests depends on env LD_LIBRARY_PATH:
+ LD_LIBRARY_PATH=/sonic/src/sonic-sairedis/lib/.libs:/sonic/src/sonic-sairedis/meta/.libs
+ export LD_LIBRARY_PATH
...
+ exec /sonic/src/sonic-sairedis/syncd/.libs/tests
After setting linux capability, for security reason, LD_LIBRARY_PATH is ignored, referring to man ld.so:
Secure-execution mode
For security reasons, if the dynamic linker determines that a binary should be run in secure-execution mode, the effects of some environment variables are voided or modified, and furthermore those environment variables are stripped from the environment, so that the program does not even see the definitions...
A binary is executed in secure-execution mode ...
* A process with a non-root user ID executed a binary that conferred capabilities to the process.
Then have to specify -rpath option for runtime linker to locate shared libraries libsairedis, libsaimetadata, etc.
kcudnik
approved these changes
Jun 20, 2022
qiluo-msft
pushed a commit
to sonic-net/sonic-swss-common
that referenced
this pull request
Jun 22, 2022
…s' (#633) Following sonic-net/sonic-sairedis#1067 and sonic-net/sonic-sairedis#1068, it fixes the below failure at `make check` of building syncd in step 'Compile sonic sairedis': ``` Making check in syncd make[2]: Entering directory '/__w/1/s/syncd' make check-TESTS make[3]: Entering directory '/__w/1/s/syncd' tests: tests.cpp:843: void test_watchdog_timer_clock_rollback(): Assertion `settimeofday(¤tTime, NULL) == 0' failed. /bin/bash: line 5: 13004 Aborted (core dumped) ${dir}$tst FAIL: tests ```
itamar-talmon
pushed a commit
to itamar-talmon/sonic-swss-common
that referenced
this pull request
Jul 19, 2022
…s' (sonic-net#633) Following sonic-net/sonic-sairedis#1067 and sonic-net/sonic-sairedis#1068, it fixes the below failure at `make check` of building syncd in step 'Compile sonic sairedis': ``` Making check in syncd make[2]: Entering directory '/__w/1/s/syncd' make check-TESTS make[3]: Entering directory '/__w/1/s/syncd' tests: tests.cpp:843: void test_watchdog_timer_clock_rollback(): Assertion `settimeofday(¤tTime, NULL) == 0' failed. /bin/bash: line 5: 13004 Aborted (core dumped) ${dir}$tst FAIL: tests ```
pettershao-ragilenetworks
pushed a commit
to pettershao-ragilenetworks/sonic-sairedis
that referenced
this pull request
Nov 18, 2022
…net#1068) The fix sonic-net#1067 is not enough. If docker user is non-root, set capability CAP_SYS_TIME for settimeofday success in syncd test, then test_watchdog_timer_clock_rollback can be run. Co-authored-by: junhuazhai <junhuazhai@contoso.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The fix #1067 is not enough. If docker user is non-root, set capability CAP_SYS_TIME for settimeofday success in syncd test, then
test_watchdog_timer_clock_rollbackcan be run.