How to work with the missing LD_LIBRARY_PATH after setcap?

[kc-eos]

Hello:

I am trying to run my project with libvma as non-root user, it is fine to run the sample sockperf with libvma after setting up the necessary permission with setuid and setcap mentioned in the user guide.

However, when I try to run it with my project, I found that LD_LIBRARY_PATH is missing / ignored by LD linker as it is running in a "secure-execution" mode after granting the capabilities to the executable. My project is in a structure where the executable has to link with several inhouse-built library, e.g.

 my_gateway -> libmy-core.so , libmy-network.so, libmy-util.so
 my_engine -> libmy-core.so , libmy-network.so, libmy-util.so
...

Then, without the LD_LIBRARY_PATH, I cannot start up my application due to ... : error while loading shared libraries: ....

I wonder

1. is there any recommendation to workaround this security-protection; and
2. will it be possible to run libvma with a wrapper script such that I don't need to run setcap on all the executables

PS1. Tried to bind rpath during compilation, but it is not perfect as the same .so will be deployed to different account without a consistent path. PS2. It is running on RHEL 7.4