Ticket History #8605: OS X SIP breaks some tests in "make check"

By default, OS X 10.11 enables a hardening feature called System
Integrity Protection. One of the consequences of SIP is that each
/bin/sh process unsets the DYLD_LIBRARY_PATH variable.

We have a few tests in make check which are implemented as shell
scripts, including (but probably not limited to) lib/krb5/krb/transit-
tests and lib/krb5/krb/walktree-tests. These test scripts will not
correctly find libraries in the build tree with SIP turned on. A
workaround is to run "make install" before "make check", but we should
try to work around the SIP protections, either by setting
DYLD_LIBRARY_PATH from within testing shell scripts or by avoiding the
use of shell scripts in make check.

t_iprop.py also hangs in this version of macOS with SIP enabled, right
after starting the first kpropd process and waiting for sync:

*** [20] Started with pid 32658
*** Waiting for sync from kpropd
kpropd: Incremental propagation enabled
kpropd: waiting for a kprop connection
kpropd: Initializing kadm5 as client kiprop/localhost@KRBTEST.COM
kpropd: kadm5 initialization succeeded
kpropd: Calling iprop_get_updates_1 (sno=1 sec=1502837269 usec=765479)
kpropd: Full resync needed
kpropd: Full resync request granted
kpropd: Waiting for 600 seconds before checking for updates again

A possible theory is that the listener child is unable to signal its
parent that the dump completed. Most likely we will need to find a
way to detect this restriction and skip t_iprop.py if it is in force,
since rearchitecting kpropd and its tests not to use signals would be
a tall order.