StarMirror
/
sandboxed-api
mirror of https://github.com/google/sandboxed-api
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update/simplify linker flags for testcases 

- Bazel: Use "incompatible" flag to fix fully static linking. The flag will
  become the default in Bazel 4.0.
- Bazel: Deduplicate features into `FULLY_STATIC_FEATURES` variable
- CMake: Remove the testcase properties. `sapi::base` already sets
  `POSITION_INDEPENDENT_CODE`. Note that `-pie` is incompatible with `-static`
  and `-static-pie` requires GCC 8 and GLIBC 2.27.

PiperOrigin-RevId: 346952478
Change-Id: I7a317c90a3bec9691b13df1a00e3fddf4481df4d
pull/75/head
Christian Blichmann 2020-12-11 01:11:38 -08:00 committed by Copybara-Service
parent 81a68382d8
commit 2a9320dbac
3 changed files with 37 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.bazelrc
View File

@ -1,2 +1,6 @@
# Build in C++17 mode without a custom CROSSTOOL
build --cxxopt=-std=c++17
# TODO(https://github.com/bazelbuild/bazel/issues/8672): Remove this workaround
# This will become the default in Bazel 4.0
build --incompatible_linkopts_to_linklibs

123
sandboxed_api/sandbox2/testcases/BUILD.bazel
View File

@ -28,24 +28,11 @@ package(default_visibility = [
"//sandboxed_api/sandbox2:__subpackages__",
])
licenses(["notice"]) # Apache 2.0
licenses(["notice"])
STATIC_LINKOPTS = [
# Necessary for linking pthread statically into the binary. See the
# answer to https://stackoverflow.com/questions/35116327/ for context.
# The odd '-Wl,' prefix before '-lpthread' is a workaround for Bazel's
# behavior when constructing the final linker command line.
"-Wl,--whole-archive",
"-Wl,-lpthread",
"-Wl,--no-whole-archive",
]
# TODO(https://github.com/bazelbuild/bazel/issues/8672): Remove this workaround
# Change is scheduled for Bazel 4.0. Specifying
# `--incompatible_linkopts_to_linklibs` also works
EXTRA_FULLY_STATIC_LINKOPTS = [
"-l:libstdc++.a",
"-l:libm.a",
FULLY_STATIC_FEATURES = [
"-pie",
"fully_static_link", # link libc statically
]
cc_binary(
@ -62,11 +49,8 @@ cc_binary(
testonly = 1,
srcs = ["add_policy_on_syscalls.cc"],
copts = sapi_platform_copts(),
features = [
"-pie",
"fully_static_link", # link libc statically
],
linkstatic = 1, # prefer static libraries
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
)
# security: disable=cc-static-no-pie
@ -75,12 +59,8 @@ cc_binary(
testonly = 1,
srcs = ["buffer.cc"],
copts = sapi_platform_copts(),
features = [
"-pie",
"fully_static_link", # link libc statically
],
linkopts = STATIC_LINKOPTS + EXTRA_FULLY_STATIC_LINKOPTS,
linkstatic = 1, # prefer static libraries
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
deps = [
"//sandboxed_api/sandbox2:buffer",
"//sandboxed_api/sandbox2:comms",
@ -107,12 +87,8 @@ cc_binary(
testonly = 1,
srcs = ["malloc.cc"],
copts = sapi_platform_copts(),
features = [
"-pie",
"fully_static_link", # link libc statically
],
linkopts = EXTRA_FULLY_STATIC_LINKOPTS,
linkstatic = 1, # prefer static libraries
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
)
cc_binary(
@ -128,11 +104,8 @@ cc_binary(
testonly = 1,
srcs = ["minimal.cc"],
copts = sapi_platform_copts(),
features = [
"-pie",
"fully_static_link", # link libc statically
],
linkstatic = 1, # prefer static libraries
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
)
# security: disable=cc-static-no-pie
@ -141,11 +114,8 @@ cc_binary(
testonly = 1,
srcs = ["personality.cc"],
copts = sapi_platform_copts(),
features = [
"-pie",
"fully_static_link", # link libc statically
],
linkstatic = 1, # prefer static libraries
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
)
# security: disable=cc-static-no-pie
@ -154,12 +124,8 @@ cc_binary(
testonly = 1,
srcs = ["pidcomms.cc"],
copts = sapi_platform_copts(),
features = [
"-pie",
"fully_static_link", # link libc statically
],
linkopts = STATIC_LINKOPTS + EXTRA_FULLY_STATIC_LINKOPTS,
linkstatic = 1, # prefer static libraries
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
deps = [
"//sandboxed_api/sandbox2:client",
"//sandboxed_api/sandbox2:comms",
@ -173,11 +139,8 @@ cc_binary(
testonly = 1,
srcs = ["policy.cc"],
copts = sapi_platform_copts(),
features = [
"-pie",
"fully_static_link", # link libc statically
],
linkstatic = 1, # prefer static libraries
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
deps = ["//sandboxed_api/sandbox2:config"],
)
@ -187,11 +150,8 @@ cc_binary(
testonly = 1,
srcs = ["print_fds.cc"],
copts = sapi_platform_copts(),
features = [
"-pie",
"fully_static_link", # link libc statically
],
linkstatic = 1, # prefer static libraries
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
)
# security: disable=cc-static-no-pie
@ -200,11 +160,8 @@ cc_binary(
testonly = 1,
srcs = ["sanitizer.cc"],
copts = sapi_platform_copts(),
features = [
"-pie",
"fully_static_link", # link libc statically
],
linkstatic = 1, # prefer static libraries
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
)
# security: disable=cc-static-no-pie
@ -213,11 +170,8 @@ cc_binary(
testonly = 1,
srcs = ["sleep.cc"],
copts = sapi_platform_copts(),
features = [
"-pie",
"fully_static_link", # link libc statically
],
linkstatic = 1, # prefer static libraries
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
)
# security: disable=cc-static-no-pie
@ -226,12 +180,8 @@ cc_binary(
testonly = 1,
srcs = ["symbolize.cc"],
copts = sapi_platform_copts(),
features = [
"-pie",
"fully_static_link", # link libc statically
],
linkopts = EXTRA_FULLY_STATIC_LINKOPTS,
linkstatic = 1, # prefer static libraries
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
deps = [
"//sandboxed_api/sandbox2/util:temp_file",
"//sandboxed_api/util:raw_logging",
@ -263,11 +213,8 @@ cc_binary(
testonly = 1,
srcs = ["hostname.cc"],
copts = sapi_platform_copts(),
features = [
"-pie",
"fully_static_link", # link libc statically
],
linkstatic = 1, # prefer static libraries
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
)
cc_binary(
@ -275,11 +222,8 @@ cc_binary(
testonly = 1,
srcs = ["limits.cc"],
copts = sapi_platform_copts(),
features = [
"-pie",
"fully_static_link", # link libc statically
],
linkstatic = 1, # prefer static libraries
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
)
cc_binary(
@ -287,9 +231,6 @@ cc_binary(
testonly = 1,
srcs = ["namespace.cc"],
copts = sapi_platform_copts(),
features = [
"-pie",
"fully_static_link", # link libc statically
],
linkstatic = 1, # prefer static libraries
features = FULLY_STATIC_FEATURES,
linkstatic = 1,
)

61
sandboxed_api/sandbox2/testcases/CMakeLists.txt
View File

@ -12,18 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
set(_sandbox2_testcase_properties
POSITION_INDEPENDENT_CODE ON
)
set(_sandbox2_fully_static_linkopts
-static
# Necessary for linking pthread statically into the binary. See the
# answer to https://stackoverflow.com/questions/35116327/ for context.
# The BUILD.bazel file in this directory also implements this.
-Wl,--whole-archive
-lpthread
-Wl,--no-whole-archive
)
set(_sandbox2_fully_static_linkopts -static)
# sandboxed_api/sandbox2/testcases:abort
add_executable(abort
@ -41,9 +30,6 @@ add_executable(add_policy_on_syscalls
)
add_executable(sandbox2::testcase_add_policy_on_syscalls
ALIAS add_policy_on_syscalls)
set_target_properties(add_policy_on_syscalls PROPERTIES
${_sandbox2_testcase_properties}
)
target_link_libraries(add_policy_on_syscalls PRIVATE
${_sandbox2_fully_static_linkopts}
)
@ -53,9 +39,6 @@ add_executable(buffer
buffer.cc
)
add_executable(sandbox2::testcase_buffer ALIAS buffer)
set_target_properties(buffer PROPERTIES
${_sandbox2_testcase_properties}
)
target_link_libraries(buffer PRIVATE
absl::str_format
sandbox2::buffer
@ -86,9 +69,6 @@ add_executable(malloc_system
malloc.cc
)
add_executable(sandbox2::testcase_malloc_system ALIAS malloc_system)
set_target_properties(malloc_system PROPERTIES
${_sandbox2_testcase_properties}
)
target_link_libraries(malloc_system PRIVATE
sapi::base
${_sandbox2_fully_static_linkopts}
@ -108,9 +88,6 @@ add_executable(minimal
minimal.cc
)
add_executable(sandbox2::testcase_minimal ALIAS minimal)
set_target_properties(minimal PROPERTIES
${_sandbox2_testcase_properties}
)
target_link_libraries(minimal PRIVATE
sapi::base
${_sandbox2_fully_static_linkopts}
@ -121,9 +98,6 @@ add_executable(personality
personality.cc
)
add_executable(sandbox2::testcase_personality ALIAS personality)
set_target_properties(personality PROPERTIES
${_sandbox2_testcase_properties}
)
target_link_libraries(personality PRIVATE
sapi::base
${_sandbox2_fully_static_linkopts}
@ -134,9 +108,6 @@ add_executable(pidcomms
pidcomms.cc
)
add_executable(sandbox2::testcase_pidcomms ALIAS pidcomms)
set_target_properties(pidcomms PROPERTIES
${_sandbox2_testcase_properties}
)
target_link_libraries(pidcomms PRIVATE
-Wl,--whole-archive
gflags::gflags
@ -154,9 +125,6 @@ add_executable(policy
policy.cc
)
add_executable(sandbox2::testcase_policy ALIAS policy)
set_target_properties(policy PROPERTIES
${_sandbox2_testcase_properties}
)
target_link_libraries(policy PRIVATE
sapi::base
sandbox2::config
@ -168,9 +136,6 @@ add_executable(print_fds
print_fds.cc
)
add_executable(sandbox2::testcase_print_fds ALIAS print_fds)
set_target_properties(print_fds PROPERTIES
${_sandbox2_testcase_properties}
)
target_link_libraries(print_fds PRIVATE
sapi::base
${_sandbox2_fully_static_linkopts}
@ -181,9 +146,6 @@ add_executable(sanitizer
sanitizer.cc
)
add_executable(sandbox2::testcase_sanitizer ALIAS sanitizer)
set_target_properties(sanitizer PROPERTIES
${_sandbox2_testcase_properties}
)
target_link_libraries(sanitizer PRIVATE
sapi::base
${_sandbox2_fully_static_linkopts}
@ -194,9 +156,6 @@ add_executable(sleep
sleep.cc
)
add_executable(sandbox2::testcase_sleep ALIAS sleep)
set_target_properties(sleep PROPERTIES
${_sandbox2_testcase_properties}
)
target_link_libraries(sleep PRIVATE
sapi::base
${_sandbox2_fully_static_linkopts}
@ -207,9 +166,6 @@ add_executable(symbolize
symbolize.cc
)
add_executable(sandbox2::testcase_symbolize ALIAS symbolize)
set_target_properties(symbolize PROPERTIES
${_sandbox2_testcase_properties}
)
target_link_libraries(symbolize PRIVATE
absl::core_headers
absl::strings
@ -224,9 +180,6 @@ add_executable(starve
starve.cc
)
add_executable(sandbox2::testcase_starve ALIAS starve)
set_target_properties(starve PROPERTIES
${_sandbox2_testcase_properties}
)
target_link_libraries(starve PRIVATE
sapi::base
)
@ -237,9 +190,6 @@ add_executable(tsync
tsync.cc
)
add_executable(sandbox2::testcase_tsync ALIAS tsync)
set_target_properties(tsync PROPERTIES
${_sandbox2_testcase_properties}
)
target_link_libraries(tsync PRIVATE
-Wl,--whole-archive
gflags::gflags
@ -256,9 +206,6 @@ add_executable(hostname
hostname.cc
)
add_executable(sandbox2::testcase_hostname ALIAS hostname)
set_target_properties(hostname PROPERTIES
${_sandbox2_testcase_properties}
)
target_link_libraries(hostname PRIVATE
sapi::base
${_sandbox2_fully_static_linkopts}
@ -269,9 +216,6 @@ add_executable(limits
limits.cc
)
add_executable(sandbox2::testcase_limits ALIAS limits)
set_target_properties(limits PROPERTIES
${_sandbox2_testcase_properties}
)
target_link_libraries(limits PRIVATE
sapi::base
${_sandbox2_fully_static_linkopts}
@ -282,9 +226,6 @@ add_executable(namespace
namespace.cc
)
add_executable(sandbox2::testcase_namespace ALIAS namespace)
set_target_properties(namespace PROPERTIES
${_sandbox2_testcase_properties}
)
target_link_libraries(namespace PRIVATE
sapi::base
${_sandbox2_fully_static_linkopts}