Do not set (runtime_)library_dirs

Question

Do not set (runtime_)library_dirs

bigon opened this issue 6 years ago · 4 comments

Hi,

With the 4.2.0-beta release it seems that setools sets the RPATH (via runtime_library_dirs) to /usr/local/lib and .. In distributions like debian, this is usually discouraged, see https://wiki.debian.org/RpathIssue

Also, it seems that you are adding /usr/local/lib to both runtime_library_dirs and library_dirs, this is generally useless as AFAIK this is already added by default

Answer 1 · 2018-07-18T01:17:49.000Z

These are only used during compilation and unit tests, and must be set if the user is using a local SELinux userspace. This is the consequence of having a dynamic linked libsepol.

Answer 2 · 2018-07-18T09:44:42.000Z

runtime_library_dirs is definitely setting the rpath in the installed python module

Answer 3 · 2018-07-18T18:49:59.000Z

I agree with @bigon. When installing the library in production, the RUNPATH should not be defined (or it should be set by the packager), and adding . and /usr/local/lib in it looks strange.

For the "local SELinux userspace" use-case, in my experience it is usual to define $LD_LIBRARY_PATH (or even $LD_PRELOAD) when I want to specify where to look for some libraries instead of the ones installed system-wide. This approach does not seems to suit you, and in fact I have no strong argument against using the RUNPATH for this use-case (ie. I do not ask to remove the part which uses userspace_src = os.environ["USERSPACE_SRC"], only the default lib_dirs = ['.', '/usr/lib64', '/usr/lib', '/usr/local/lib']).

Answer 4 · 2018-07-18T20:41:07.000Z

Ok, points taken. I was trying to avoid the LD_* environmental variable stuff, but if the runtime_library_dirs are contaminating the install, then it'll have to be done some other way.