Make rdcd run as user "rdc"

The rdc account will be created on installation if it does
not already exist. It will be a system account with no
home directory.

rdcd will be started as a systemd service, but change to
user "rdc". The rdc user will drop all priviliges except
CAP_DAC_OVERRIDE, permitted. This means the default mode
will have no special privileges, but have the ability to
gain write access (e.g., to sysfs) when needed.

rdc tests were being inadvertantly added to the
installation. This was adversely impacting the new
functionality, so it was corrected in this commit.

Also included are a few small formatting changes.

Change-Id: I9c6bb132fee28119fd3960594dfb97bd2e7b282a

CMakeLists.txt

@@ -28,6 +28,14 @@ cmake_minimum_required(VERSION 3.5.0)
 set(RSMI_INC_DIR ${ROCM_DIR}/rocm_smi/include)
 set(RSMI_LIB_DIR ${ROCM_DIR}/rocm_smi/lib)
 
+if (NOT DEFINED RDC_CLIENT_ROOT_PATH)
+    set(RDC_CLIENT_ROOT_PATH "/opt/rocm/")
+endif()
+
+if (NOT DEFINED RDC_SERVER_ROOT_PATH)
+    set(RDC_SERVER_ROOT_PATH "/")
+endif()
+
 ## Set default module path
 if(NOT DEFINED CMAKE_MODULE_PATH)
     set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake_modules/")
@@ -36,7 +44,6 @@ endif()
 include(utils)
 
 set(RDC "rdc")
-set(RDC_TARGET "${RDC}64")
 
 ################# Determine the library version #########################
 ## Setup the package version based on git tags.
@@ -64,12 +71,12 @@ set(CPACK_PACKAGING_INSTALL_PREFIX "/"
                                      CACHE STRING "Default packaging prefix.")
 set(CPACK_GENERATOR "DEB;RPM"  CACHE STRING "Default packaging generators.")
 
-project(${RDC_TARGET})
+project(${RDC})
 
 # Create a configure file to get version info from within library
 configure_file(
-  "${PROJECT_SOURCE_DIR}/src/${RDC_TARGET}Config.in"
-  "${PROJECT_SOURCE_DIR}/include/rdc/${RDC_TARGET}Config.h")
+  "${PROJECT_SOURCE_DIR}/src/${RDC}64Config.in"
+  "${PROJECT_SOURCE_DIR}/include/rdc/${RDC}64Config.h")
 
 if (NOT DEFINED CPACK_PACKAGE_VENDOR)
     set(CPACK_PACKAGE_VENDOR "AMD")
@@ -115,7 +122,7 @@ foreach(file ${PROTOB_DEF_SRC_FILES})
 
     execute_process(COMMAND
             protoc --proto_path=${PROTOB_SRC_DIR} --grpc_out=${PROTOB_OUT_DIR}
-            --plugin=protoc-gen-grpc=${GRPC_PLUGIN} ${file} 
+            --plugin=protoc-gen-grpc=${GRPC_PLUGIN} ${file}
             WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}
             RESULT_VARIABLE PROTOB_RESULT
             OUTPUT_VARIABLE PROTOB_OUT_VAR)
@@ -123,25 +130,46 @@ foreach(file ${PROTOB_DEF_SRC_FILES})
 
 endforeach()
 
+# define all the install component labels to install
+set(SERVER_CTRL_COMPONENT "server_ctrl")
+set(SERVER_BIN_COMPONENT "server_bin")
+set(CLIENT_LIB_COMPONENT "client_lib")
+set(CLIENT_HEADER_COMPONENT "client_header")
+set(GTEST_COMPONENT "rdc_gtest")
+set(EXAMPLE_COMPONENT "rdc_example")
+
 add_subdirectory("server")
 add_subdirectory("client")
-add_subdirectory("tests/example")
-add_subdirectory("tests/rdc_tests")
+
+# Turn on cmake "component install"
+set(CPACK_ARCHIVE_COMPONENT_INSTALL ON)
+set(CPACK_COMPONENTS_ALL ${SERVER_CTRL_COMPONENT}
+   ${SERVER_BIN_COMPONENT} ${CLIENT_LIB_COMPONENT} ${CLIENT_HEADER_COMPONENT})
+
+
+configure_file(
+  "${PROJECT_SOURCE_DIR}/src/DEBIAN_postinst.in"
+  "${PROJECT_SOURCE_DIR}/DEBIAN/postinst")
+configure_file(
+  "${PROJECT_SOURCE_DIR}/src/RPM_rpm_post.in"
+  "${PROJECT_SOURCE_DIR}/RPM/rpm_post")
+
+
 
 # TODO set(CPACK_DEBIAN_PACKAGE_HOMEPAGE <GITHUB URL> )
 set(CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA
     "${CMAKE_CURRENT_SOURCE_DIR}/DEBIAN/postinst;
-                                    ${CMAKE_CURRENT_SOURCE_DIR}/DEBIAN/prerm")
-set (CPACK_DEBIAN_PACKAGE_NAME  ${RDC_PACKAGE})
-set (CPACK_DEBIAN_PACKAGE_VERSION ${PKG_VERSION_STR})
+                    ${CMAKE_CURRENT_SOURCE_DIR}/DEBIAN/prerm")
+set(CPACK_DEBIAN_PACKAGE_NAME  ${RDC_PACKAGE})
+set(CPACK_DEBIAN_PACKAGE_VERSION ${PKG_VERSION_STR})
 
 # RPM package specific variables
 set(CPACK_RPM_PRE_INSTALL_SCRIPT_FILE
-                                   "${CMAKE_CURRENT_SOURCE_DIR}/RPM/rpm_post")
+                   "${CMAKE_CURRENT_SOURCE_DIR}/RPM/rpm_post")
 set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE
-                                 "${CMAKE_CURRENT_SOURCE_DIR}/RPM/rpm_postun")
-set (CPACK_RPM_PACKAGE_NAME  ${RDC_PACKAGE})
-set (CPACK_RPM_PACKAGE_VERSION ${PKG_VERSION_STR})
+                 "${CMAKE_CURRENT_SOURCE_DIR}/RPM/rpm_postun")
+set(CPACK_RPM_PACKAGE_NAME  ${RDC_PACKAGE})
+set(CPACK_RPM_PACKAGE_VERSION ${PKG_VERSION_STR})
 
 # Generate Doxygen documentation
 find_package(Doxygen)
@@ -158,3 +186,4 @@ endif(DOXYGEN_FOUND)
 
 ## Add the packaging directives
 include (CPack)
+

DEBIAN/control

@@ -1,9 +1,9 @@
-Package: rocm_smi_lib
+Package: rdc
 Architecture: amd64
 Maintainer: Advanced Micro Devices Inc.
 Priority: optional
 Version: MODULE_VERSION
-Depends: 
-Homepage: https://github.com/RadeonOpenCompute/rocm_smi_lib
-Description: System Management Interface Library for ROCm
+Depends:
+Homepage:
+Description: Radeon Data Center (RDC) Tools
 

DEBIAN/postinst

@@ -1,19 +0,0 @@
-#/bin/bash
-
-set -e
-
-do_ldconfig() {
-    echo /opt/rocm/rocm_smi/lib > /etc/ld.so.conf.d/x86_64-librocm_smi_lib.conf && ldconfig
-}
-
-case "$1" in
-   configure)
-       do_ldconfig
-   ;;
-   abort-upgrade|abort-remove|abort-deconfigure)
-       echo "$1"
-   ;;
-   *)
-       exit 0
-   ;;
-esac

DEBIAN/prerm

@@ -3,7 +3,7 @@
 set -e
 
 rm_ldconfig() {
-    rm -f /etc/ld.so.conf.d/x86_64-librocm_smi_lib.conf && ldconfig
+    rm -f /etc/ld.so.conf.d/x86_64-librdc_client.conf && ldconfig
 }
 
 case "$1" in

RPM/rpm_post

@@ -1,2 +0,0 @@
-echo -e "/opt/rocm/rocm_smi/lib\n/opt/rocm/rocm_smi/lib64" > /etc/ld.so.conf.d/x86_64-librocm_smi_lib.conf && ldconfig
-

RPM/rpm_postun

@@ -1,3 +1,3 @@
 if [ $1 -eq 0 ]; then
-    rm -f /etc/ld.so.conf.d/x86_64-librocm_smi_lib.conf && ldconfig
+    rm -f /etc/ld.so.conf.d/x86_64-librdc_client.conf && ldconfig
 fi

client/CMakeLists.txt

@@ -88,10 +88,10 @@ message("SOVERSION: ${SO_VERSION_STRING}")
 ##  RDC_lib-dev
 set(SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}
                    CACHE STRING "Location of RDC client library source code.")
-# set(CMAKE_INSTALL_PREFIX "/opt/rocm"
-#                                CACHE STRING "Default installation directory.")
-# set(CPACK_PACKAGING_INSTALL_PREFIX "/opt/rocm"
-#                                      CACHE STRING "Default packaging prefix.")
+set(CMAKE_INSTALL_PREFIX ${RDC_CLIENT_ROOT_PATH}
+                                CACHE STRING "Default installation directory.")
+set(CPACK_PACKAGING_INSTALL_PREFIX ${RDC_CLIENT_ROOT_PATH}
+                                      CACHE STRING "Default packaging prefix.")
 set(CPACK_GENERATOR "DEB;RPM"  CACHE STRING "Default packaging generators.")
 
 if (NOT DEFINED CPACK_PACKAGE_VENDOR)
@@ -159,9 +159,11 @@ endif ()
 
 ## Add the install directives for the runtime library.
 install(TARGETS ${CLIENT_LIB}
-          LIBRARY DESTINATION opt/rocm/rdc/lib COMPONENT ${CLIENT_LIB_COMPONENT})
+             LIBRARY DESTINATION ${RDC_CLIENT_ROOT_PATH}${RDC}/lib
+                                            COMPONENT ${CLIENT_LIB_COMPONENT})
 install(FILES ${SOURCE_DIR}/client/include/rdc/rdc_client.h
-                                        DESTINATION opt/rocm/rdc/include/rdc)
+                      DESTINATION ${RDC_CLIENT_ROOT_PATH}${RDC}/include/rdc
+                                         COMPONENT ${CLIENT_HEADER_COMPONENT})
 
 message("&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&")
 message("                    Finished Cmake Client Lib                      ")

server/CMakeLists.txt

@@ -73,6 +73,7 @@ include_directories(${CMAKE_CURRENT_SOURCE_DIR}/include
 set(SERVER_SRC_LIST "${SRC_DIR}/rdc_rsmi_service.cc")
 set(SERVER_SRC_LIST ${SERVER_SRC_LIST} "${SRC_DIR}/rdc_admin_service.cc")
 set(SERVER_SRC_LIST ${SERVER_SRC_LIST} "${SRC_DIR}/rdc_server_main.cc")
+set(SERVER_SRC_LIST ${SERVER_SRC_LIST} "${SRC_DIR}/rdc_server_utils.cc")
 set(SERVER_SRC_LIST ${SERVER_SRC_LIST} "${PROTOBUF_GENERATED_SRCS}")
 message("SERVER_SRC_LIST=${SERVER_SRC_LIST}")
 
@@ -85,14 +86,17 @@ add_executable(${SERVER_DAEMON_EXE} "${SERVER_SRC_LIST}")
 # target_include_directories(${SERVER_DAEMON_EXE} PUBLIC ${RSMI_INC_DIR})
 
 target_link_libraries(${SERVER_DAEMON_EXE} pthread rt grpc grpc++
-                                     grpc++_reflection dl protobuf rocm_smi64)
+                                 cap grpc++_reflection dl protobuf rocm_smi64)
 
 install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${SERVER_DAEMON_EXE}
-          PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
-                                                            DESTINATION usr/sbin)
+        PERMISSIONS OWNER_EXECUTE OWNER_READ OWNER_WRITE GROUP_READ
+        GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
+        DESTINATION ${RDC_SERVER_ROOT_PATH}usr/sbin
+                                            COMPONENT ${SERVER_BIN_COMPONENT})
 install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/${SERVICE_FILE_NAME}
-                                              DESTINATION lib/systemd/system)
+               DESTINATION ${RDC_SERVER_ROOT_PATH}lib/systemd/system
+                                           COMPONENT ${SERVER_CTRL_COMPONENT})
 
-message("&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&")
-message("                    Finished Cmake Server                                 ")
-message("&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&")
+message("&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&")
+message("                    Finished Cmake Server                          ")
+message("&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&")

server/include/rdc/rdc_server_utils.h

@@ -0,0 +1,30 @@
+/*
+Copyright (c) 2020 - present Advanced Micro Devices, Inc. All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+*/
+#ifndef SERVER_INCLUDE_RDC_RDC_SERVER_UTILS_H_
+#define SERVER_INCLUDE_RDC_RDC_SERVER_UTILS_H_
+
+#include <sys/capability.h>
+
+int GetCapability(cap_value_t cap, cap_flag_t cap_type, bool *enabled);
+int ModifyCapability(cap_value_t cap, cap_flag_t cap_type, bool enable);
+
+#endif  // SERVER_INCLUDE_RDC_RDC_SERVER_UTILS_H_

server/rdc.service

@@ -13,8 +13,14 @@ After=network.target
 #Requires=
 
 [Service]
+User=rdc
+Group=rdc
+
 Type=simple
 
+CapabilityBoundingSet=CAP_DAC_OVERRIDE
+AmbientCapabilities=CAP_DAC_OVERRIDE
+
 # If we need to start anything before rdcd, use this
 # ExecStartPre=
 
@@ -33,5 +39,8 @@ ExecStop=/bin/kill -15 $MAINPID
 #ExecStartPost=
 #ExecStopPost=
 
+# StandardOutput=journal
+# StandardError=inherit
+
 [Install]
 WantedBy= multi-user.target

server/src/rdc_admin_service.cc

@@ -51,5 +51,5 @@ RDCAdminServiceImpl::VerifyConnection(::grpc::ServerContext* context,
   return ::grpc::Status::OK;
 }
 
-}  // rdc
-}  // amd
+}  // namespace rdc
+}  // namespace amd

server/src/rdc_server_main.cc

@@ -28,6 +28,7 @@ THE SOFTWARE.
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <sys/capability.h>
 
 #include <iostream>
 #include <memory>
@@ -38,6 +39,7 @@ THE SOFTWARE.
 #include "rocm_smi/rocm_smi.h"
 #include "rdc/rdc_server_main.h"
 #include "rdc/rdc_rsmi_service.h"
+#include "rdc/rdc_server_utils.h"
 
 static bool sShutDownServer = false;
 static bool sRestartServer = false;
@@ -88,13 +90,13 @@ RDCServer::Run() {
   // std::unique_ptr<::grpc::Server> server(builder.BuildAndStart());
   server_ = builder.BuildAndStart();
 
-  std::cerr <<  "Server listening on " << server_address_.c_str() << std::endl;
+  std::cout <<  "Server listening on " << server_address_.c_str() << std::endl;
 
   server_->Wait();
 }
 
 static void HandleSignal(int sig) {
-  std::cerr <<  "Caught signal " << sig << std::endl;
+  std::cout <<  "Caught signal " << sig << std::endl;
 
   // For most signals, we will want to exit, so make that the default case
   // Handle the other signals specifically.
@@ -142,13 +144,13 @@ static void * ProcessSignalLoop(void *server_ptr) {
 
   while (1) {
     if (sShutDownServer) {
-      std::cerr <<  "Shutting down RDC Server." << std::endl;
+      std::cout <<  "Shutting down RDC Server." << std::endl;
       server->ShutDown();
       // We will need to add shutdown of any completion queues
       // here, when/if we add them
       break;
     } else if (sRestartServer) {
-      std::cerr <<  "Re-starting RDC Server." << std::endl;
+      std::cout <<  "Re-starting RDC Server." << std::endl;
       // We will need to add shutdown of any completion queues
       // here, when/if we add them
       server->ShutDown();
@@ -184,7 +186,7 @@ static void ExitIfAlreadyRunning(void) {
 
 static void
 MakeDaemon() {
-  int fd0, fd1, fd2;
+  int fd0;
   struct rlimit max_files;
 
   // RSMI, for one thing, will need to be able to read/write files
@@ -230,21 +232,15 @@ MakeDaemon() {
   if (max_files.rlim_max > 1024) {
     max_files.rlim_max = 1024;
   }
-  for (uint32_t i = 0; i < max_files.rlim_max; i++) {
+  close(0);  // close stdin; leave stdout and stderr open
+  for (uint32_t i = 3; i < max_files.rlim_max; i++) {
     close(i);
   }
 
-  // Direct stdin, stdout, stdout to /dev/null.
-
+  // Direct stdin to /dev/null.
   fd0 = open("/dev/null", O_RDWR);
-  fd1 = dup(0);
-  fd2 = dup(0);
-
-  // Set up log file
-  // openlog(kDaemonName, LOG_CONS|LOG_PID, LOG_DAEMON);
-  if (fd0 != 0 || fd1 != 1 || fd2 != 2) {
-      std::cerr << "unexpected fildes: " << fd0 << " " << fd1 <<
-                                                     " " << fd2 << std::endl;
+  if (fd0 != 0) {
+      std::cerr << "unexpected fildes: " << fd0 << std::endl;
       exit(1);
   }
 
@@ -255,6 +251,7 @@ MakeDaemon() {
 
 int main(int argc, char** argv) {
   RDCServer rdc_server;
+  int err;
 
   (void)argc;   // Ignore for now
   (void)argv;
@@ -263,6 +260,49 @@ int main(int argc, char** argv) {
 
   rdc_server.Initialize();
 
+  bool cap_enabled;
+
+  err = GetCapability(CAP_DAC_OVERRIDE, CAP_EFFECTIVE, &cap_enabled);
+  if (err) {
+    std::cerr << "Failed to get capability" << std::endl;
+    return 1;
+  }
+  if (!cap_enabled) {
+    std::cerr <<
+      "Expected CAP_DAC_OVERRIDE CAP_EFFECTIVE to be enabled, but it not." <<
+                                                                    std::endl;
+    return 1;
+  }
+
+  err = GetCapability(CAP_DAC_OVERRIDE, CAP_PERMITTED, &cap_enabled);
+  if (err) {
+    std::cerr << "Failed to get capability" << std::endl;
+    return 1;
+  }
+  if (!cap_enabled) {
+    std::cerr <<
+      "Expected CAP_DAC_OVERRIDE CAP_PERMITTED to be enabled, but it not." <<
+                                                                     std::endl;
+    return 1;
+  }
+
+  // Don't allow rwx access to all files to ever be inheritable. We may need
+  // relax this restriction if some new feature requires it.
+  err = ModifyCapability(CAP_DAC_OVERRIDE, CAP_INHERITABLE, false);
+  if (err) {
+    std::cerr << "Failed to disable CAP_DAC_OVERRIDE, CAP_INHERITABLE" <<
+                                                                    std::endl;
+    return 1;
+  }
+
+  // By default, disable CAP_DAC_OVERRIDE. Turn on, when needed.
+  err = ModifyCapability(CAP_DAC_OVERRIDE, CAP_EFFECTIVE, false);
+  if (err) {
+    std::cerr << "Failed to disable CAP_DAC_OVERRIDE, CAP_EFFECTIVE" <<
+                                                                    std::endl;
+    return 1;
+  }
+
   // Create a thread to handle signals to shutdown gracefully
   pthread_t sig_listen_thread;
   int thr_ret = pthread_create(&sig_listen_thread, NULL,
@@ -272,7 +312,6 @@ int main(int argc, char** argv) {
     std::cerr <<
     "Failed to create ProcessSignalLoop. pthread_create() returned " <<
                                                                       thr_ret;
-
     return 1;
   }
 
@@ -280,13 +319,10 @@ int main(int argc, char** argv) {
   rdc_server.set_start_rsmi_service(true);
   rdc_server.set_start_rdc_admin_service(true);
 
-  // rdc_server.set_secure_communications(false);
-  // rdc_server.set_address("0.0.0.0:50051")
-
   rdc_server.Run();
 
   if (sShutDownServer) {
-    std::cerr <<  "RDC server successfully shut down." << std::endl;
+    std::cout <<  "RDC server successfully shut down." << std::endl;
     return 0;
   } else {
     std::cerr << "RDC server failed to start." << std::endl;

server/src/rdc_server_utils.cc

@@ -0,0 +1,89 @@
+/*
+Copyright (c) 2020 - present Advanced Micro Devices, Inc. All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+*/
+
+#include <sys/capability.h>
+#include <errno.h>
+#include <assert.h>
+
+int GetCapability(cap_value_t cap, cap_flag_t cap_type, bool *enabled) {
+  cap_t caps;
+
+  assert(enabled != nullptr);
+
+  if (enabled == nullptr) {
+    return -1;
+  }
+
+  // Get process's current capabilities
+  caps = cap_get_proc();
+  if (caps == nullptr) {
+      return errno;
+  }
+
+  cap_flag_value_t val;
+
+  if (cap_get_flag(caps, cap, cap_type, &val) == -1) {
+    int ret = errno;
+    cap_free(caps);
+    return ret;
+  }
+
+  if (cap_free(caps) == -1) {
+      return errno;
+  }
+
+  *enabled = (val == CAP_SET ? true : false);
+
+  return 0;
+}
+
+// !enable means disable;
+int ModifyCapability(cap_value_t cap, cap_flag_t cap_type, bool enable) {
+  cap_t caps;
+  cap_value_t cap_list[1];
+
+  // Get process's current capabilities
+  caps = cap_get_proc();
+  if (caps == nullptr) {
+      return errno;
+  }
+
+  // the 1 in the call below is the size of the cap_list array
+  cap_list[0] = cap;
+  if (cap_set_flag(caps, cap_type, 1, cap_list, enable ? CAP_SET : CAP_CLEAR)
+                                                                       == -1) {
+    int ret = errno;
+    cap_free(caps);
+      return ret;
+  }
+
+  if (cap_set_proc(caps) == -1) {
+    int ret = errno;
+    cap_free(caps);
+    return ret;
+  }
+
+  if (cap_free(caps) == -1) {
+      return errno;
+  }
+  return 0;
+}

src/DEBIAN_postinst.in

@@ -0,0 +1,33 @@
+#/bin/bash
+
+RDC_LIB_DIR=@RDC_CLIENT_ROOT_PATH@rdc/lib
+
+# This will return 0 if an id is created and non-zero if
+# it already exists
+do_create_rdc_user() {
+    useradd -r -s /bin/nologin rdc
+}
+
+# librdc_client.so
+do_ldconfig() {
+    echo $RDC_LIB_DIR > /etc/ld.so.conf.d/x86_64-librdc_client.conf && ldconfig
+
+    do_create_rdc_user
+
+    # Make sure this doesn't return non-zero if an id already exists
+    return 0
+}
+
+case "$1" in
+   configure)
+       do_ldconfig
+       exit 0
+   ;;
+   abort-upgrade|abort-remove|abort-deconfigure)
+       echo "$1"
+   ;;
+   *)
+       exit 0
+   ;;
+esac
+

src/RPM_rpm_post.in

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+RDC_LIB_DIR=@RDC_CLIENT_ROOT_PATH@/rdc/lib
+do_create_rdc_user() {
+    useradd -r -s /bin/nologin rdc
+}
+
+do_create_rpc_user
+echo -e "${RDC_LIB_DIR}\n${RDC_LIB_DIR}64" > /etc/ld.so.conf.d/x86_64-librdc_client.conf && ldconfig
+

tests/rdc_tests/CMakeLists.txt

@@ -24,11 +24,8 @@ cmake_minimum_required(VERSION 3.5.0)
 #   2) Cd into build folder
 #   3) Run "cmake .."
 #   4) Run "make"
-#
-
 #
 # Currently support for Windows platform is not present
-#
 
 #############################
 # COMMON AREA
@@ -45,7 +42,7 @@ endif()
 # Required Defines first:
 
 set(RDC_INC_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../../client/include)
-set(RDC_LIB_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../../rdc/lib)
+set(RDC_LIB_DIR ${RDC_BUILD_DIR}/client)
 set(RSMI_INC_DIR ${ROCM_DIR}/rocm_smi/include)
 
 
@@ -123,7 +120,6 @@ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wextra")
 if(ISDEBUG)
   set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -ggdb -O0")
 endif()
-MESSAGE("ISDEBUG STEP:Done")
 
 set(RDCTST_ROOT ${CMAKE_CURRENT_SOURCE_DIR})
 
@@ -137,8 +133,8 @@ set(GOOGLE_TEST_FRWK_NAME "gtest")
 add_subdirectory(${RDCTST_ROOT}/gtest "${PROJECT_BINARY_DIR}/gtest")
 set (RDCTST_LIBS ${RDCTST_LIBS} ${GOOGLE_TEST_FRWK_NAME})
 
-#
-#
+set(RDCTST_LIBS ${RDCTST_LIBS} ${GOOGLE_TEST_FRWK_NAME})
+
 # Other source directories
 aux_source_directory(${RDCTST_ROOT}/functional functionalSources)
 
@@ -146,7 +142,7 @@ aux_source_directory(${RDCTST_ROOT}/functional functionalSources)
 # Specify the directory containing various libraries of ROCR
 # to be linked against for building ROC Perf applications
 #
-LINK_DIRECTORIES(${RDC_LIB_DIR})
+link_directories(${RDC_LIB_DIR})
 #
 # Source files for building rocrtst
 #
@@ -156,16 +152,10 @@ aux_source_directory(${RDCTST_ROOT} rdctstSources)
 add_executable(${RDCTST} ${rdctstSources} ${functionalSources})
 
 # Header file include path
-target_include_directories(${RDCTST} PRIVATE ${RDC_INC_DIR} 
+target_include_directories(${RDCTST} PRIVATE ${RDC_INC_DIR}
                                      PRIVATE ${RSMI_INC_DIR}
                                      PRIVATE ${RDCTST_ROOT}/..
                                      PRIVATE ${RDCTST_ROOT}/gtest/include)
 
-
 target_link_libraries(${RDCTST} ${RDCTST_LIBS} c stdc++ pthread)
 
-install(TARGETS ${RDCTST}
-        ARCHIVE DESTINATION ${PROJECT_BINARY_DIR}/lib
-        LIBRARY DESTINATION ${PROJECT_BINARY_DIR}/lib
-        RUNTIME DESTINATION ${PROJECT_BINARY_DIR}/bin)
-

tests/rdc_tests/run_build.sh

@@ -1,20 +0,0 @@
-#!/bin/bash
-
-
-
-# these are required:
-#ROCM_DIR=/home/cfreehil/github/rocm_smi_lib/build
-#ROCM_DIR=/opt/rocm
-ROCM_DIR=/opt/rocm
-mkdir -p build
-cd build
-
-cmake -DRDCTST_BLD_TYPE=$RDCTST_BLD_TYPE \
-    -DROCM_DIR=$ROCM_DIR \
-    -DROCRTST_BLD_TYPE="Debug" \
-    ..
-
-echo "Executing \"make\"..."
-make
-
-cd ..