2005-11-02 12:50:21 +00:00
|
|
|
dnl Process this file with autoconf to produce a configure script.
|
2007-09-18 23:46:18 +00:00
|
|
|
|
2015-01-08 15:36:54 +01:00
|
|
|
dnl Copyright (C) 2005-2015 Red Hat, Inc.
|
2013-05-14 17:42:12 -06:00
|
|
|
dnl
|
|
|
|
dnl This library is free software; you can redistribute it and/or
|
|
|
|
dnl modify it under the terms of the GNU Lesser General Public
|
|
|
|
dnl License as published by the Free Software Foundation; either
|
|
|
|
dnl version 2.1 of the License, or (at your option) any later version.
|
|
|
|
dnl
|
|
|
|
dnl This library is distributed in the hope that it will be useful,
|
|
|
|
dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
dnl Lesser General Public License for more details.
|
|
|
|
dnl
|
|
|
|
dnl You should have received a copy of the GNU Lesser General Public
|
|
|
|
dnl License along with this library. If not, see
|
|
|
|
dnl <http://www.gnu.org/licenses/>.
|
2011-07-28 12:56:24 -06:00
|
|
|
|
2020-05-05 10:52:22 +02:00
|
|
|
AC_INIT([libvirt], [6.4.0], [libvir-list@redhat.com], [], [https://libvirt.org])
|
2019-11-06 15:55:12 +01:00
|
|
|
|
|
|
|
if test $srcdir = "."
|
|
|
|
then
|
|
|
|
AC_MSG_ERROR([Build directory must be different from source directory])
|
|
|
|
fi
|
|
|
|
|
2008-05-22 15:34:02 +00:00
|
|
|
AC_CONFIG_SRCDIR([src/libvirt.c])
|
|
|
|
AC_CONFIG_AUX_DIR([build-aux])
|
2010-01-25 16:00:43 +01:00
|
|
|
AC_CONFIG_HEADERS([config.h])
|
2013-10-10 13:09:08 +01:00
|
|
|
AH_BOTTOM([#include <config-post.h>])
|
2010-02-17 06:45:10 -07:00
|
|
|
AC_CONFIG_MACRO_DIR([m4])
|
2019-04-03 02:21:28 +02:00
|
|
|
dnl Make automake keep quiet about wildcards & other GNUmake-isms
|
2019-04-03 02:01:30 +02:00
|
|
|
AM_INIT_AUTOMAKE([
|
2019-04-03 02:29:03 +02:00
|
|
|
foreign
|
2019-04-03 02:01:30 +02:00
|
|
|
-Wno-portability
|
|
|
|
tar-pax
|
|
|
|
no-dist-gzip
|
|
|
|
dist-xz
|
|
|
|
subdir-objects
|
|
|
|
])
|
2015-06-02 09:17:43 -06:00
|
|
|
dnl older automake's default of ARFLAGS=cru is noisy on newer binutils;
|
|
|
|
dnl we don't really need the 'u' even in older toolchains. Then there is
|
|
|
|
dnl older libtool, which spelled it AR_FLAGS
|
|
|
|
m4_divert_text([DEFAULTS], [: "${ARFLAGS=cr} ${AR_FLAGS=cr}"])
|
2009-07-08 11:51:59 +02:00
|
|
|
|
2013-09-04 10:26:30 -06:00
|
|
|
# Default to using the silent-rules feature when possible. Formatting
|
|
|
|
# chosen to bypass 'grep' checks that cause older automake to warn.
|
|
|
|
# Users (include rpm) can still change the default at configure time.
|
|
|
|
m4_ifndef([AM_SILENT_RULES],
|
|
|
|
[m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes])
|
2009-07-08 11:51:59 +02:00
|
|
|
|
2005-11-02 12:50:21 +00:00
|
|
|
AC_CANONICAL_HOST
|
|
|
|
|
2020-01-22 11:40:42 +00:00
|
|
|
AC_USE_SYSTEM_EXTENSIONS
|
|
|
|
|
2012-08-10 18:39:41 +01:00
|
|
|
# First extract pieces from the version number string
|
2008-03-31 12:13:52 +00:00
|
|
|
LIBVIRT_MAJOR_VERSION=`echo $VERSION | awk -F. '{print $1}'`
|
|
|
|
LIBVIRT_MINOR_VERSION=`echo $VERSION | awk -F. '{print $2}'`
|
|
|
|
LIBVIRT_MICRO_VERSION=`echo $VERSION | awk -F. '{print $3}'`
|
2006-02-15 13:21:17 +00:00
|
|
|
LIBVIRT_VERSION=$LIBVIRT_MAJOR_VERSION.$LIBVIRT_MINOR_VERSION.$LIBVIRT_MICRO_VERSION$LIBVIRT_MICRO_VERSION_SUFFIX
|
|
|
|
LIBVIRT_VERSION_NUMBER=`expr $LIBVIRT_MAJOR_VERSION \* 1000000 + $LIBVIRT_MINOR_VERSION \* 1000 + $LIBVIRT_MICRO_VERSION`
|
2005-11-02 12:50:21 +00:00
|
|
|
|
2012-08-10 18:39:41 +01:00
|
|
|
# In libtool terminology we need to figure out:
|
|
|
|
#
|
|
|
|
# CURRENT
|
|
|
|
# The most recent interface number that this library implements.
|
|
|
|
#
|
|
|
|
# REVISION
|
|
|
|
# The implementation number of the CURRENT interface.
|
|
|
|
#
|
|
|
|
# AGE
|
|
|
|
# The difference between the newest and oldest interfaces that this
|
|
|
|
# library implements.
|
|
|
|
#
|
|
|
|
# In other words, the library implements all the interface numbers
|
|
|
|
# in the range from number `CURRENT - AGE' to `CURRENT'.
|
|
|
|
#
|
|
|
|
# Libtool assigns the soname version from `CURRENT - AGE', and we
|
|
|
|
# don't want that to ever change in libvirt. ie it must always be
|
|
|
|
# zero, to produce libvirt.so.0.
|
|
|
|
#
|
|
|
|
# We would, however, like the libvirt version number reflected
|
|
|
|
# in the so version'd symlinks, and this is based on AGE.REVISION
|
|
|
|
# eg libvirt.so.0.AGE.REVISION
|
|
|
|
#
|
|
|
|
# Assuming we do ever want to break soname version, this can
|
|
|
|
# toggled. But seriously, don't ever touch this.
|
|
|
|
LIBVIRT_SONUM=0
|
|
|
|
|
|
|
|
# The following examples show what libtool will do
|
|
|
|
#
|
|
|
|
# Input: 0.9.14 -> libvirt.so.0.9.14
|
|
|
|
# Input: 1.0.0 -> libvirt.so.0.1000.0
|
|
|
|
# Input: 2.5.8 -> libvirt.so.0.2005.8
|
|
|
|
#
|
|
|
|
AGE=`expr $LIBVIRT_MAJOR_VERSION '*' 1000 + $LIBVIRT_MINOR_VERSION`
|
|
|
|
REVISION=$LIBVIRT_MICRO_VERSION
|
|
|
|
CURRENT=`expr $LIBVIRT_SONUM + $AGE`
|
|
|
|
LIBVIRT_VERSION_INFO=$CURRENT:$REVISION:$AGE
|
|
|
|
|
2008-05-22 15:34:02 +00:00
|
|
|
AC_SUBST([LIBVIRT_MAJOR_VERSION])
|
|
|
|
AC_SUBST([LIBVIRT_MINOR_VERSION])
|
|
|
|
AC_SUBST([LIBVIRT_MICRO_VERSION])
|
2012-08-10 18:39:41 +01:00
|
|
|
AC_SUBST([LIBVIRT_SONUM])
|
2008-05-22 15:34:02 +00:00
|
|
|
AC_SUBST([LIBVIRT_VERSION])
|
|
|
|
AC_SUBST([LIBVIRT_VERSION_INFO])
|
|
|
|
AC_SUBST([LIBVIRT_VERSION_NUMBER])
|
2005-11-02 12:50:21 +00:00
|
|
|
|
2016-12-22 12:49:51 +01:00
|
|
|
LIBVIRT_ARG_WITH([PACKAGER], [Extra packager name], [no])
|
|
|
|
LIBVIRT_ARG_WITH([PACKAGER_VERSION], [Extra packager version], [no])
|
Imprint all logs with version + package build information
The logging functions are enhanced so that immediately prior to
the first log message being printed to any output channel, the
libvirt package version will be printed.
eg
$ LIBVIRT_DEBUG=1 virsh
18:13:28.013: 17536: info : libvirt version: 0.8.7
18:13:28.013: 17536: debug : virInitialize:361 : register drivers
...
The 'configure' script gains two new arguments which can be
used as
--with-packager="Fedora Project, x86-01.phx2.fedoraproject.org, 01-27-2011-18:00:10"
--with-packager-version="1.fc14"
to allow distros to append a custom string with package specific
data.
The RPM specfile is modified so that it appends the RPM version,
the build host, the build date and the packager name.
eg
$ LIBVIRT_DEBUG=1 virsh
18:14:52.086: 17551: info : libvirt version: 0.8.7, package: 1.fc13 (Fedora Project, x86-01.phx2.fedoraproject.org, 01-27-2011-18:00:10)
18:14:52.086: 17551: debug : virInitialize:361 : register drivers
Thus when distro packagers receive bug reports they can clearly
see what version was in use, even if the bug reporter mistakenly
or intentionally lies about version/builds
* src/util/logging.c: Output version data prior to first log message
* libvirt.spec.in: Include RPM release, date, hostname & packager
* configure.ac: Add --with-packager & --with-packager-version args
2011-01-27 18:11:16 +00:00
|
|
|
if test "x$with_packager" != "xno"
|
|
|
|
then
|
|
|
|
AC_DEFINE_UNQUOTED([PACKAGER], ["$with_packager"],
|
|
|
|
[Extra package name])
|
|
|
|
fi
|
|
|
|
if test "x$with_packager_version" != "xno"
|
|
|
|
then
|
|
|
|
AC_DEFINE_UNQUOTED([PACKAGER_VERSION], ["$with_packager_version"],
|
|
|
|
[Extra package version])
|
|
|
|
fi
|
|
|
|
|
2016-11-12 14:24:53 +01:00
|
|
|
dnl Where we look for daemons and admin binaries during configure
|
|
|
|
LIBVIRT_SBIN_PATH="$PATH:/sbin:/usr/sbin:/usr/local/sbin"
|
2007-09-19 01:56:55 +00:00
|
|
|
|
2007-11-29 17:41:57 +00:00
|
|
|
dnl Checks for C compiler.
|
2005-11-02 13:19:10 +00:00
|
|
|
AC_PROG_CC
|
|
|
|
AC_PROG_INSTALL
|
|
|
|
AC_PROG_CPP
|
2007-09-20 18:40:36 +00:00
|
|
|
|
2019-08-20 11:44:24 +01:00
|
|
|
dnl autoconf 2.70 adds a --runstatedir option so that downstreams
|
|
|
|
dnl can point to /run instead of the historic /var/run, but
|
|
|
|
dnl autoconf hasn't had a release since 2012.
|
2020-01-17 11:32:09 +00:00
|
|
|
if test "x$runstatedir" = x; then
|
|
|
|
AC_SUBST([runstatedir], ['${localstatedir}/run'])
|
|
|
|
fi
|
|
|
|
|
2019-08-20 11:44:24 +01:00
|
|
|
dnl we introduce --with-runstatedir and then overwrite the
|
2020-01-17 11:32:09 +00:00
|
|
|
dnl value of $runstatedir so configmake.h is more useful
|
2019-08-20 11:44:24 +01:00
|
|
|
AC_ARG_WITH(
|
|
|
|
[runstatedir],
|
|
|
|
[AS_HELP_STRING(
|
|
|
|
[--with-runstatedir],
|
|
|
|
[State directory for temporary sockets, pid files, etc])])
|
|
|
|
|
|
|
|
if test -n "$with_runstatedir"
|
|
|
|
then
|
|
|
|
runstatedir=$with_runstatedir
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
2020-01-17 11:26:26 +00:00
|
|
|
dnl get 64-int interfaces on 32-bit platforms
|
|
|
|
AC_SYS_LARGEFILE
|
|
|
|
|
2010-03-15 02:02:10 +01:00
|
|
|
AC_TYPE_UID_T
|
Use gnulib, starting with its physmem and getaddrinfo modules.
New files go into these directories:
gnulib/lib
gnulib/m4
gnulib/tests
* bootstrap: A wrapper around gnulib-tool.
* configure.in: Invoke gl_EARLY and gl_INIT, being careful to put gl_EARLY
before any macro that uses AC_COMPILE_IFELSE.
(AC_OUTPUT): Add lib/Makefile and gl-tests/Makefile. Remove m4/Makefile.
* Makefile.am (SUBDIRS): Add gnulib/lib and remove m4. Add gnulib/tests
early enough that those tests run before any libvirt unit tests.
* m4/Makefile.am: Remove file. Not needed.
* src/Makefile.am (INCLUDES): Add -I$(top_srcdir)/gnulib/lib -I../gnulib/lib.
(LDADDS, libvirt_la_LIBADD): Add ../gnulib/lib/libgnu.la.
* src/nodeinfo.c: Include "physmem.h".
* qemud/qemud.c, src/remote_internal.c: Include "getaddrinfo.h".
(MEMINFO_PATH, linuxNodeInfoMemPopulate): Remove definitions.
(virNodeInfoPopulate): Use physmem_total, not linuxNodeInfoMemPopulate.
* tests/Makefile.am (INCLUDES): Add -I$(top_srcdir)/gnulib/lib -I../gnulib/lib.
(LDADDS): Add ../gnulib/lib/libgnu.la.
* qemud/Makefile.am (libvirtd_LDADD): Add ../gnulib/lib/libgnu.la.
* tests/nodeinfotest.c (linuxTestCompareFiles): No longer read total
memory from a file.
Update expected output not to include "Memory: NNNN"
* tests/nodeinfodata/linux-nodeinfo-1.txt:
* tests/nodeinfodata/linux-nodeinfo-2.txt:
* tests/nodeinfodata/linux-nodeinfo-3.txt:
* tests/nodeinfodata/linux-nodeinfo-4.txt:
* tests/nodeinfodata/linux-nodeinfo-5.txt:
* tests/nodeinfodata/linux-nodeinfo-6.txt:
* src/test.c [WITH_TEST]: Remove definition of _GNU_SOURCE that
would conflict with the one now in "config.h".
* autogen.sh: Add -I gnulib/m4.
* src/conf.c, src/sexpr.c: Don't define _GNU_SOURCE.
Instead, include "config.h".
* qemud/qemud.c: Remove definition of _GNU_SOURCE.
* src/openvz_driver.c: Likewise.
* src/qemu_driver.c: Likewise.
* src/remote_internal.c: Likewise.
* configure.in: Use AC_CONFIG_AUX_DIR(build-aux), so that a bunch
of gettextize-generated files go into build-aux/, rather than in
the top-level directory.
* .cvsignore: Adjust.
* build-aux/.cvsignore: New file.
Author: Jim Meyering <meyering@redhat.com>
2007-12-05 21:31:07 +00:00
|
|
|
|
2007-11-29 17:41:57 +00:00
|
|
|
dnl Support building Win32 DLLs (must appear *before* AM_PROG_LIBTOOL)
|
|
|
|
AC_LIBTOOL_WIN32_DLL
|
|
|
|
|
2016-04-14 15:11:45 +02:00
|
|
|
AC_HEADER_MAJOR
|
|
|
|
|
2013-04-02 16:52:31 +01:00
|
|
|
m4_ifndef([LT_INIT], [
|
|
|
|
AM_PROG_LIBTOOL
|
|
|
|
], [
|
|
|
|
LT_INIT([shared disable-static])
|
|
|
|
])
|
2007-03-15 17:24:56 +00:00
|
|
|
AM_PROG_CC_C_O
|
2010-04-27 09:43:55 +02:00
|
|
|
AM_PROG_LD
|
2007-03-15 17:24:56 +00:00
|
|
|
|
Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-01 17:57:06 +01:00
|
|
|
AC_MSG_CHECKING([for how to mark DSO non-deletable at runtime])
|
|
|
|
LIBVIRT_NODELETE=
|
|
|
|
`$LD --help 2>&1 | grep -- "-z nodelete" >/dev/null` && \
|
|
|
|
LIBVIRT_NODELETE="-Wl,-z -Wl,nodelete"
|
|
|
|
AC_MSG_RESULT([$LIBVIRT_NODELETE])
|
|
|
|
AC_SUBST([LIBVIRT_NODELETE])
|
|
|
|
|
|
|
|
AC_MSG_CHECKING([for how to set DSO symbol versions])
|
2016-12-08 14:12:18 +01:00
|
|
|
case "$host" in
|
|
|
|
*-*-mingw* | *-*-msvc* )
|
|
|
|
# mingw's ld has the --version-script parameter, but it requires a .def file
|
|
|
|
# instead to work properly, therefore clear --version-script here and use
|
|
|
|
# -Wl, to pass the .def file to the linker
|
|
|
|
VERSION_SCRIPT_FLAGS="-Wl,"
|
|
|
|
;;
|
|
|
|
* )
|
|
|
|
VERSION_SCRIPT_FLAGS=-Wl,--version-script=
|
|
|
|
`$LD --help 2>&1 | grep -- --version-script >/dev/null` || \
|
|
|
|
VERSION_SCRIPT_FLAGS="-Wl,-M -Wl,"
|
|
|
|
;;
|
|
|
|
esac
|
Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-01 17:57:06 +01:00
|
|
|
AC_MSG_RESULT([$VERSION_SCRIPT_FLAGS])
|
2016-12-08 14:12:18 +01:00
|
|
|
AC_SUBST([VERSION_SCRIPT_FLAGS])
|
2008-12-17 21:39:41 +00:00
|
|
|
|
2013-09-17 10:25:42 -06:00
|
|
|
dnl Specify if we rely on ifconfig instead of iproute2 (e.g. in case
|
|
|
|
dnl we're working on BSD)
|
|
|
|
want_ifconfig=no
|
|
|
|
|
|
|
|
dnl Make some notes about which OS we're compiling for, as the lxc and qemu
|
|
|
|
dnl drivers require linux headers, and storage_mpath, dtrace, and nwfilter
|
|
|
|
dnl are also linux specific. The "network" and storage_fs drivers are known
|
2019-04-02 11:04:46 +02:00
|
|
|
dnl to not work on macOS presently, so we also make a note if compiling
|
2013-09-17 10:25:42 -06:00
|
|
|
dnl for that
|
|
|
|
|
2020-01-14 18:34:26 +00:00
|
|
|
with_linux=no with_macos=no with_freebsd=no with_win=no
|
2013-09-17 10:25:42 -06:00
|
|
|
case $host in
|
|
|
|
*-*-linux*) with_linux=yes ;;
|
2019-04-02 11:04:46 +02:00
|
|
|
*-*-darwin*) with_macos=yes ;;
|
2013-09-17 10:25:42 -06:00
|
|
|
*-*-freebsd*) with_freebsd=yes ;;
|
2014-04-28 13:30:36 +01:00
|
|
|
*-*-mingw* | *-*-msvc* ) with_win=yes ;;
|
2013-09-17 10:25:42 -06:00
|
|
|
esac
|
|
|
|
|
|
|
|
if test $with_linux = no; then
|
|
|
|
if test "x$with_lxc" != xyes
|
|
|
|
then
|
|
|
|
with_lxc=no
|
|
|
|
fi
|
|
|
|
with_dtrace=no
|
2017-03-05 18:17:22 +04:00
|
|
|
with_storage_scsi=no
|
2013-09-17 10:25:42 -06:00
|
|
|
fi
|
|
|
|
|
|
|
|
if test $with_freebsd = yes; then
|
2015-10-13 14:47:42 -06:00
|
|
|
want_ifconfig=yes
|
|
|
|
with_firewalld=no
|
|
|
|
fi
|
2013-09-17 10:25:42 -06:00
|
|
|
|
|
|
|
|
|
|
|
AM_CONDITIONAL([WITH_LINUX], [test "$with_linux" = "yes"])
|
|
|
|
AM_CONDITIONAL([WITH_FREEBSD], [test "$with_freebsd" = "yes"])
|
2019-08-21 19:13:19 +03:00
|
|
|
AM_CONDITIONAL([WITH_MACOS], [test "$with_macos" = "yes"])
|
2013-09-17 10:25:42 -06:00
|
|
|
|
2014-04-28 13:30:36 +01:00
|
|
|
if test "$with_win" = "yes" ; then
|
2020-01-14 17:38:59 +00:00
|
|
|
# We don't support the daemon yet
|
2014-04-28 13:30:36 +01:00
|
|
|
with_libvirtd=no
|
2020-01-14 17:38:59 +00:00
|
|
|
|
|
|
|
# For AI_ADDRCONFIG
|
|
|
|
AC_DEFINE([_WIN32_WINNT], [0x0600], [Win Vista / Server 2008])
|
|
|
|
AC_DEFINE([WINVER], [0x0600], [Win Vista / Server 2008])
|
2014-04-28 13:30:36 +01:00
|
|
|
fi
|
|
|
|
|
2013-09-27 17:09:20 -06:00
|
|
|
# The daemon requires remote support. Likewise, if we are not using
|
|
|
|
# RPC, we don't need several libraries.
|
|
|
|
if test "$with_remote" = "no" ; then
|
|
|
|
with_libvirtd=no
|
|
|
|
with_ssh2=no
|
|
|
|
with_sasl=no
|
2016-11-09 15:28:35 +01:00
|
|
|
with_libssh=no
|
2013-09-27 17:09:20 -06:00
|
|
|
fi
|
|
|
|
# Stateful drivers are useful only when building the daemon.
|
2013-09-17 10:25:42 -06:00
|
|
|
if test "$with_libvirtd" = "no" ; then
|
|
|
|
with_qemu=no
|
2013-09-27 17:09:20 -06:00
|
|
|
with_lxc=no
|
|
|
|
with_libxl=no
|
|
|
|
with_vbox=no
|
2013-09-17 10:25:42 -06:00
|
|
|
fi
|
|
|
|
|
|
|
|
# Check for compiler and library settings.
|
|
|
|
|
2012-03-27 16:47:11 +01:00
|
|
|
LIBVIRT_COMPILE_WARNINGS
|
2013-04-03 11:32:15 +01:00
|
|
|
LIBVIRT_COMPILE_PIE
|
2013-04-03 12:36:32 +01:00
|
|
|
LIBVIRT_LINKER_RELRO
|
2013-08-13 13:49:05 +02:00
|
|
|
LIBVIRT_LINKER_NO_INDIRECT
|
2018-01-25 09:35:58 +00:00
|
|
|
LIBVIRT_LINKER_NO_UNDEFINED
|
2007-03-01 16:18:55 +00:00
|
|
|
|
2016-12-12 18:11:51 +01:00
|
|
|
LIBVIRT_ARG_APPARMOR
|
|
|
|
LIBVIRT_ARG_ATTR
|
|
|
|
LIBVIRT_ARG_AUDIT
|
2017-11-02 14:41:53 +01:00
|
|
|
LIBVIRT_ARG_BASH_COMPLETION
|
2016-12-12 18:11:51 +01:00
|
|
|
LIBVIRT_ARG_BLKID
|
|
|
|
LIBVIRT_ARG_CAPNG
|
|
|
|
LIBVIRT_ARG_CURL
|
|
|
|
LIBVIRT_ARG_DBUS
|
2016-12-15 14:56:29 +01:00
|
|
|
LIBVIRT_ARG_FIREWALLD
|
configure: selectively install a firewalld 'libvirt' zone
In the past (when both libvirt and firewalld used iptables), if either
libvirt's rules *OR* firewalld's rules accepted a packet, it would
be accepted. This was because libvirt and firewalld rules were
processed during the same kernel hook, and a single ACCEPT result
would terminate the rule traversal and cause the packet to be
accepted.
But now firewalld can use nftables for its backend, while libvirt's
firewall rules are still using iptables; iptables rules are still
processed, but at a different time during packet processing
(i.e. during a different hook) than the firewalld nftables rules. The
result is that a packet must be accepted by *BOTH* the libvirt
iptables rules *AND* the firewalld nftable rules in order to be
accepted.
This causes pain because
1) libvirt always adds rules to permit DNS and DHCP (and sometimes
TFTP) from guests to the host network's bridge interface. But
libvirt's bridges are in firewalld's "default" zone (which is usually
the zone called "public"). The public zone allows ssh, but doesn't
allow DNS, DHCP, or TFTP. So even though libvirt's rules allow the
DHCP and DNS traffic, the firewalld rules (now processed during a
different hook) dont, thus guests connected to libvirt's bridges can't
acquire an IP address from DHCP, nor can they make DNS queries to the
DNS server libvirt has setup on the host. (This could be solved by
modifying the default firewalld zone to allow DNS and DHCP, but that
would open *all* interfaces in the default zone to those services,
which is most likely not what the host's admin wants.)
2) Even though libvirt adds iptables rules to allow forwarded traffic
to pass the iptables hook, firewalld's higher level "rich rules" don't
yet have the ability to configure the acceptance of forwarded traffic
(traffic that is going somewhere beyond the host), so any traffic that
needs to be forwarded from guests to the network beyond the host is
rejected during the nftables hook by the default zone's "default
reject" policy (which rejects all traffic in the zone not specifically
allowed by the rules in the zone, whether that traffic is destined to
be forwarded or locally received by the host).
libvirt can't send "direct" nftables rules (firewalld only supports
direct/passthrough rules for iptables), so we can't solve this problem
by just sending explicit nftables rules instead of explicit iptables
rules (which, if it could be done, would place libvirt's rules in the
same hook as firewalld's native rules, and thus eliminate the need for
packets to be accepted by both libvirt's and firewalld's own rules).
However, we can take advantage of a quirk in firewalld zones that have
a default policy of "accept" (meaning any packet that doesn't match a
specific rule in the zone will be *accepted*) - this default accept will
also accept forwarded traffic (not just traffic destined for the host).
Of course we don't want to modify firewalld's default zone in that
way, because that would affect the filtering of traffic coming into
the host from other interfaces using that zone. Instead, we will
create a new zone called "libvirt". The libvirt zone will have a
default policy of accept so that forwarded traffic can pass and list
specific services that will be allowed into the host from guests (DNS,
DHCP, SSH, and TFTP).
But the same default accept policy that fixes forwarded traffic also
causes *all* traffic from guest to host to be accepted. To close this
new hole, the libvirt zone can take advantage of a new feature in
firewalld (currently slated for firewalld-0.7.0) - priorities for rich
rules - to add a low priority rule that rejects all local traffic (but
leaves alone all forwarded traffic).
So, our new zone will start with a list of services that are allowed
(dhcp, dns, tftp, and ssh to start, but configurable via any firewalld
management application, or direct editing of the zone file in
/etc/firewalld/zones/libvirt.xml), followed by a low priority
<reject/> rule (to reject all other traffic from guest to host), and
finally with a default policy of accept (to allow forwarded traffic).
This patch only creates the zonefile for the new zone, and implements
a configure.ac option to selectively enable/disable installation of
the new zone. A separate patch contains the necessary code to actually
place bridge interfaces in the libvirt zone.
Why do we need a configure option to disable installation of the new
libvirt zone? It uses a new firewalld attribute that sets the priority
of a rich rule; this feature first appears in firewalld-0.7.0 (unless
it has been backported to am earlier firewalld by a downstream
maintainer). If the file were installed on a system with firewalld
that didn't support rule priorities, firewalld would log an error
every time it restarted, causing confusion and lots of extra bug
reports.
So we add two new configure.ac switches to avoid polluting the system
logs with this error on systems that don't support rule priorities -
"--with-firewalld-zone" and "--without-firewalld-zone". A package
builder can use these to include/exclude the libvirt zone file in the
installation. If firewalld is enabled (--with-firewalld), the default
is --with-firewalld-zone, but it can be disabled during configure
(using --without-firewalld-zone). Targets that are using a firewalld
version too old to support the rule priority setting in the libvirt
zone file can simply add --without-firewalld-zone to their configure
commandline.
These switches only affect whether or not the libvirt zone file is
*installed* in /usr/lib/firewalld/zones, but have no effect on whether
or not libvirt looks for a zone called libvirt and tries to use it.
NB: firewalld zones can only be added to the permanent config of
firewalld, and won't be loaded/enabled until firewalld is restarted,
so at package install/upgrade time we have to restart firewalld. For
rpm-based distros, this is done in the libvirt.spec file by calling
the %firewalld_restart rpm macro, which is a part of the
firewalld-filesystem package. (For distros that don't use rpm
packages, the command "firewalld-cmd --reload" will have the same
effect).
Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-01-25 23:52:37 -05:00
|
|
|
LIBVIRT_ARG_FIREWALLD_ZONE
|
2016-12-12 18:11:51 +01:00
|
|
|
LIBVIRT_ARG_FUSE
|
|
|
|
LIBVIRT_ARG_GLUSTER
|
|
|
|
LIBVIRT_ARG_HAL
|
2018-07-31 10:44:20 +02:00
|
|
|
LIBVIRT_ARG_LIBISCSI
|
2016-12-15 14:56:29 +01:00
|
|
|
LIBVIRT_ARG_LIBPCAP
|
2016-12-12 18:11:51 +01:00
|
|
|
LIBVIRT_ARG_LIBSSH
|
2016-12-15 14:56:29 +01:00
|
|
|
LIBVIRT_ARG_LIBXML
|
|
|
|
LIBVIRT_ARG_MACVTAP
|
2016-12-12 18:11:51 +01:00
|
|
|
LIBVIRT_ARG_NETCF
|
2018-04-03 16:39:17 +01:00
|
|
|
LIBVIRT_ARG_NLS
|
2016-12-12 18:11:51 +01:00
|
|
|
LIBVIRT_ARG_NSS
|
|
|
|
LIBVIRT_ARG_NUMACTL
|
|
|
|
LIBVIRT_ARG_OPENWSMAN
|
|
|
|
LIBVIRT_ARG_PCIACCESS
|
2016-12-15 14:56:29 +01:00
|
|
|
LIBVIRT_ARG_PM_UTILS
|
|
|
|
LIBVIRT_ARG_POLKIT
|
2016-12-12 18:11:51 +01:00
|
|
|
LIBVIRT_ARG_READLINE
|
|
|
|
LIBVIRT_ARG_SANLOCK
|
|
|
|
LIBVIRT_ARG_SASL
|
|
|
|
LIBVIRT_ARG_SELINUX
|
|
|
|
LIBVIRT_ARG_SSH2
|
|
|
|
LIBVIRT_ARG_UDEV
|
2016-12-15 14:56:29 +01:00
|
|
|
LIBVIRT_ARG_VIRTUALPORT
|
2016-12-12 18:11:51 +01:00
|
|
|
LIBVIRT_ARG_WIRESHARK
|
|
|
|
LIBVIRT_ARG_YAJL
|
|
|
|
|
2017-02-14 15:21:29 +01:00
|
|
|
LIBVIRT_CHECK_ACL
|
2012-09-20 13:28:45 +01:00
|
|
|
LIBVIRT_CHECK_APPARMOR
|
2012-09-19 14:00:34 +01:00
|
|
|
LIBVIRT_CHECK_ATTR
|
2012-09-20 13:12:40 +01:00
|
|
|
LIBVIRT_CHECK_AUDIT
|
2017-11-02 14:41:53 +01:00
|
|
|
LIBVIRT_CHECK_BASH_COMPLETION
|
2012-09-20 15:52:14 +01:00
|
|
|
LIBVIRT_CHECK_BLKID
|
2012-09-20 13:58:37 +01:00
|
|
|
LIBVIRT_CHECK_CAPNG
|
2013-01-08 21:31:58 +00:00
|
|
|
LIBVIRT_CHECK_CURL
|
2012-09-20 15:12:08 +01:00
|
|
|
LIBVIRT_CHECK_DBUS
|
2016-12-15 14:56:29 +01:00
|
|
|
LIBVIRT_CHECK_DEVMAPPER
|
|
|
|
LIBVIRT_CHECK_DLOPEN
|
|
|
|
LIBVIRT_CHECK_FIREWALLD
|
configure: selectively install a firewalld 'libvirt' zone
In the past (when both libvirt and firewalld used iptables), if either
libvirt's rules *OR* firewalld's rules accepted a packet, it would
be accepted. This was because libvirt and firewalld rules were
processed during the same kernel hook, and a single ACCEPT result
would terminate the rule traversal and cause the packet to be
accepted.
But now firewalld can use nftables for its backend, while libvirt's
firewall rules are still using iptables; iptables rules are still
processed, but at a different time during packet processing
(i.e. during a different hook) than the firewalld nftables rules. The
result is that a packet must be accepted by *BOTH* the libvirt
iptables rules *AND* the firewalld nftable rules in order to be
accepted.
This causes pain because
1) libvirt always adds rules to permit DNS and DHCP (and sometimes
TFTP) from guests to the host network's bridge interface. But
libvirt's bridges are in firewalld's "default" zone (which is usually
the zone called "public"). The public zone allows ssh, but doesn't
allow DNS, DHCP, or TFTP. So even though libvirt's rules allow the
DHCP and DNS traffic, the firewalld rules (now processed during a
different hook) dont, thus guests connected to libvirt's bridges can't
acquire an IP address from DHCP, nor can they make DNS queries to the
DNS server libvirt has setup on the host. (This could be solved by
modifying the default firewalld zone to allow DNS and DHCP, but that
would open *all* interfaces in the default zone to those services,
which is most likely not what the host's admin wants.)
2) Even though libvirt adds iptables rules to allow forwarded traffic
to pass the iptables hook, firewalld's higher level "rich rules" don't
yet have the ability to configure the acceptance of forwarded traffic
(traffic that is going somewhere beyond the host), so any traffic that
needs to be forwarded from guests to the network beyond the host is
rejected during the nftables hook by the default zone's "default
reject" policy (which rejects all traffic in the zone not specifically
allowed by the rules in the zone, whether that traffic is destined to
be forwarded or locally received by the host).
libvirt can't send "direct" nftables rules (firewalld only supports
direct/passthrough rules for iptables), so we can't solve this problem
by just sending explicit nftables rules instead of explicit iptables
rules (which, if it could be done, would place libvirt's rules in the
same hook as firewalld's native rules, and thus eliminate the need for
packets to be accepted by both libvirt's and firewalld's own rules).
However, we can take advantage of a quirk in firewalld zones that have
a default policy of "accept" (meaning any packet that doesn't match a
specific rule in the zone will be *accepted*) - this default accept will
also accept forwarded traffic (not just traffic destined for the host).
Of course we don't want to modify firewalld's default zone in that
way, because that would affect the filtering of traffic coming into
the host from other interfaces using that zone. Instead, we will
create a new zone called "libvirt". The libvirt zone will have a
default policy of accept so that forwarded traffic can pass and list
specific services that will be allowed into the host from guests (DNS,
DHCP, SSH, and TFTP).
But the same default accept policy that fixes forwarded traffic also
causes *all* traffic from guest to host to be accepted. To close this
new hole, the libvirt zone can take advantage of a new feature in
firewalld (currently slated for firewalld-0.7.0) - priorities for rich
rules - to add a low priority rule that rejects all local traffic (but
leaves alone all forwarded traffic).
So, our new zone will start with a list of services that are allowed
(dhcp, dns, tftp, and ssh to start, but configurable via any firewalld
management application, or direct editing of the zone file in
/etc/firewalld/zones/libvirt.xml), followed by a low priority
<reject/> rule (to reject all other traffic from guest to host), and
finally with a default policy of accept (to allow forwarded traffic).
This patch only creates the zonefile for the new zone, and implements
a configure.ac option to selectively enable/disable installation of
the new zone. A separate patch contains the necessary code to actually
place bridge interfaces in the libvirt zone.
Why do we need a configure option to disable installation of the new
libvirt zone? It uses a new firewalld attribute that sets the priority
of a rich rule; this feature first appears in firewalld-0.7.0 (unless
it has been backported to am earlier firewalld by a downstream
maintainer). If the file were installed on a system with firewalld
that didn't support rule priorities, firewalld would log an error
every time it restarted, causing confusion and lots of extra bug
reports.
So we add two new configure.ac switches to avoid polluting the system
logs with this error on systems that don't support rule priorities -
"--with-firewalld-zone" and "--without-firewalld-zone". A package
builder can use these to include/exclude the libvirt zone file in the
installation. If firewalld is enabled (--with-firewalld), the default
is --with-firewalld-zone, but it can be disabled during configure
(using --without-firewalld-zone). Targets that are using a firewalld
version too old to support the rule priority setting in the libvirt
zone file can simply add --without-firewalld-zone to their configure
commandline.
These switches only affect whether or not the libvirt zone file is
*installed* in /usr/lib/firewalld/zones, but have no effect on whether
or not libvirt looks for a zone called libvirt and tries to use it.
NB: firewalld zones can only be added to the permanent config of
firewalld, and won't be loaded/enabled until firewalld is restarted,
so at package install/upgrade time we have to restart firewalld. For
rpm-based distros, this is done in the libvirt.spec file by calling
the %firewalld_restart rpm macro, which is a part of the
firewalld-filesystem package. (For distros that don't use rpm
packages, the command "firewalld-cmd --reload" will have the same
effect).
Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-01-25 23:52:37 -05:00
|
|
|
LIBVIRT_CHECK_FIREWALLD_ZONE
|
2013-01-08 21:06:57 +00:00
|
|
|
LIBVIRT_CHECK_FUSE
|
2019-07-30 10:13:36 +01:00
|
|
|
LIBVIRT_CHECK_GLIB
|
2013-11-19 16:26:05 -07:00
|
|
|
LIBVIRT_CHECK_GLUSTER
|
2016-11-10 14:33:41 +01:00
|
|
|
LIBVIRT_CHECK_GNUTLS
|
2012-09-20 15:39:12 +01:00
|
|
|
LIBVIRT_CHECK_HAL
|
2018-07-31 10:44:20 +02:00
|
|
|
LIBVIRT_CHECK_LIBISCSI
|
2016-12-15 14:56:29 +01:00
|
|
|
LIBVIRT_CHECK_LIBNL
|
|
|
|
LIBVIRT_CHECK_LIBPARTED
|
|
|
|
LIBVIRT_CHECK_LIBPCAP
|
2016-11-09 15:28:35 +01:00
|
|
|
LIBVIRT_CHECK_LIBSSH
|
2016-12-15 14:56:29 +01:00
|
|
|
LIBVIRT_CHECK_LIBXML
|
|
|
|
LIBVIRT_CHECK_MACVTAP
|
2012-09-20 15:14:52 +01:00
|
|
|
LIBVIRT_CHECK_NETCF
|
2018-04-03 16:39:17 +01:00
|
|
|
LIBVIRT_CHECK_NLS
|
2012-09-20 13:47:23 +01:00
|
|
|
LIBVIRT_CHECK_NUMACTL
|
2016-12-06 16:00:41 +01:00
|
|
|
LIBVIRT_CHECK_NWFILTER
|
2013-01-08 22:08:53 +00:00
|
|
|
LIBVIRT_CHECK_OPENWSMAN
|
2012-09-20 15:34:13 +01:00
|
|
|
LIBVIRT_CHECK_PCIACCESS
|
2016-12-15 14:56:29 +01:00
|
|
|
LIBVIRT_CHECK_PM_UTILS
|
|
|
|
LIBVIRT_CHECK_POLKIT
|
|
|
|
LIBVIRT_CHECK_PTHREAD
|
2013-05-01 20:54:57 -06:00
|
|
|
LIBVIRT_CHECK_READLINE
|
2012-09-20 13:04:57 +01:00
|
|
|
LIBVIRT_CHECK_SANLOCK
|
2012-09-20 13:06:12 +01:00
|
|
|
LIBVIRT_CHECK_SASL
|
2012-09-20 13:21:48 +01:00
|
|
|
LIBVIRT_CHECK_SELINUX
|
2013-01-08 21:47:55 +00:00
|
|
|
LIBVIRT_CHECK_SSH2
|
2012-09-20 15:34:13 +01:00
|
|
|
LIBVIRT_CHECK_UDEV
|
2016-12-15 14:56:29 +01:00
|
|
|
LIBVIRT_CHECK_VIRTUALPORT
|
2015-03-16 12:52:13 +01:00
|
|
|
LIBVIRT_CHECK_WIRESHARK
|
2016-12-15 14:56:29 +01:00
|
|
|
LIBVIRT_CHECK_XDR
|
2012-09-20 13:03:27 +01:00
|
|
|
LIBVIRT_CHECK_YAJL
|
|
|
|
|
2011-05-30 12:58:57 +02:00
|
|
|
AC_CHECK_SIZEOF([long])
|
Adds CPU selection infrastructure
Each driver supporting CPU selection must fill in host CPU capabilities.
When filling them, drivers for hypervisors running on the same node as
libvirtd can use cpuNodeData() to obtain raw CPU data. Other drivers,
such as VMware, need to implement their own way of getting such data.
Raw data can be decoded into virCPUDefPtr using cpuDecode() function.
When implementing virConnectCompareCPU(), a hypervisor driver can just
call cpuCompareXML() function with host CPU capabilities.
For each guest for which a driver supports selecting CPU models, it must
set the appropriate feature in guest's capabilities:
virCapabilitiesAddGuestFeature(guest, "cpuselection", 1, 0)
Actions needed when a domain is being created depend on whether the
hypervisor understands raw CPU data (currently CPUID for i686, x86_64
architectures) or symbolic names has to be used.
Typical use by hypervisors which prefer CPUID (such as VMware and Xen):
- convert guest CPU configuration from domain's XML into a set of raw
data structures each representing one of the feature policies:
cpuEncode(conn, architecture, guest_cpu_config,
&forced_data, &required_data, &optional_data,
&disabled_data, &forbidden_data)
- create a mask or whatever the hypervisor expects to see and pass it
to the hypervisor
Typical use by hypervisors with symbolic model names (such as QEMU):
- get raw CPU data for a computed guest CPU:
cpuGuestData(conn, host_cpu, guest_cpu_config, &data)
- decode raw data into virCPUDefPtr with a possible restriction on
allowed model names:
cpuDecode(conn, guest, data, n_allowed_models, allowed_models)
- pass guest->model and guest->features to the hypervisor
* src/cpu/cpu.c src/cpu/cpu.h src/cpu/cpu_generic.c
src/cpu/cpu_generic.h src/cpu/cpu_map.c src/cpu/cpu_map.h
src/cpu/cpu_x86.c src/cpu/cpu_x86.h src/cpu/cpu_x86_data.h
* configure.in: check for CPUID instruction
* src/Makefile.am: glue the new files in
* src/libvirt_private.syms: add new private symbols
* po/POTFILES.in: add new cpu files containing translatable strings
2009-12-18 16:02:11 +01:00
|
|
|
|
2010-12-23 19:26:15 -07:00
|
|
|
dnl Availability of various common functions (non-fatal if missing),
|
|
|
|
dnl and various less common threadsafe functions
|
2018-09-25 15:49:33 +02:00
|
|
|
AC_CHECK_FUNCS_ONCE([\
|
|
|
|
fallocate \
|
2019-12-11 12:28:34 +01:00
|
|
|
getegid \
|
2018-09-25 15:49:33 +02:00
|
|
|
geteuid \
|
|
|
|
getgid \
|
2018-09-26 15:08:30 +02:00
|
|
|
getifaddrs \
|
2018-09-25 15:49:33 +02:00
|
|
|
getmntent_r \
|
|
|
|
getpwuid_r \
|
|
|
|
getrlimit \
|
|
|
|
getuid \
|
2019-08-08 10:16:48 +02:00
|
|
|
getutxid \
|
2018-09-25 15:49:33 +02:00
|
|
|
if_indextoname \
|
|
|
|
mmap \
|
|
|
|
newlocale \
|
|
|
|
posix_fallocate \
|
|
|
|
posix_memalign \
|
2020-01-24 15:21:00 +00:00
|
|
|
pipe2 \
|
2018-09-25 15:49:33 +02:00
|
|
|
prlimit \
|
|
|
|
sched_getaffinity \
|
2018-09-26 15:08:30 +02:00
|
|
|
sched_setscheduler \
|
2018-09-25 15:49:33 +02:00
|
|
|
setgroups \
|
|
|
|
setns \
|
|
|
|
setrlimit \
|
|
|
|
symlink \
|
|
|
|
sysctlbyname \
|
|
|
|
unshare \
|
|
|
|
])
|
2010-04-28 20:39:11 -06:00
|
|
|
|
2007-06-15 15:24:20 +00:00
|
|
|
dnl Availability of various common headers (non-fatal if missing).
|
2018-09-25 15:49:33 +02:00
|
|
|
AC_CHECK_HEADERS([\
|
2018-09-25 16:49:53 +02:00
|
|
|
ifaddrs.h \
|
|
|
|
libtasn1.h \
|
2020-01-07 16:19:52 +00:00
|
|
|
util.h \
|
|
|
|
libutil.h \
|
2018-09-25 16:49:53 +02:00
|
|
|
linux/magic.h \
|
|
|
|
mntent.h \
|
|
|
|
net/ethernet.h \
|
2020-01-22 11:48:45 +00:00
|
|
|
net/if.h \
|
2020-01-07 16:19:52 +00:00
|
|
|
pty.h \
|
2018-09-25 15:49:33 +02:00
|
|
|
pwd.h \
|
2018-09-25 16:49:53 +02:00
|
|
|
stdarg.h \
|
2018-09-25 15:49:33 +02:00
|
|
|
syslog.h \
|
2020-01-17 16:24:26 +00:00
|
|
|
sys/ioctl.h \
|
2018-09-25 16:49:53 +02:00
|
|
|
sys/mount.h \
|
2018-09-25 15:49:33 +02:00
|
|
|
sys/syscall.h \
|
|
|
|
sys/sysctl.h \
|
|
|
|
sys/ucred.h \
|
2020-01-27 10:59:19 +00:00
|
|
|
xlocale.h \
|
2018-09-25 15:49:33 +02:00
|
|
|
])
|
2012-10-01 16:38:56 -06:00
|
|
|
dnl Check whether endian provides handy macros.
|
|
|
|
AC_CHECK_DECLS([htole64], [], [], [[#include <endian.h>]])
|
virtestmock: Mock stat() properly
There is a lot to explain, but I try to make it as short as
possible. I'd start by pasting some parts of sys/stat.h:
extern int stat (const char *__restrict __file,
struct stat *__restrict __buf) __THROW __nonnull ((1, 2));
extern int __REDIRECT_NTH (stat, (const char *__restrict __file,
struct stat *__restrict __buf), stat64)
__nonnull ((1, 2));
__extern_inline int
__NTH (stat (const char *__path, struct stat *__statbuf))
{
return __xstat (_STAT_VER, __path, __statbuf);
}
Only one of these is effective at once, due to some usage of
the mess we are dealing with in here. So, basically, while
compiling or linking stat() in our code can be transformed into
some other func. Or a dragon.
Now, if you read stat(2) manpage, esp. "C library/kernel
differences" section, you'll learn that glibc uses some tricks
for older applications to work. I haven't gotten around actual
code that does this, but based on my observations, if 'stat'
symbol is found, glibc assumes it's dealing with ancient
application. Unfortunately, it can be just ours stat coming from
our mock. Therefore, calling stat() from a test will end up in
our mock. But since glibc is not exposing the symbol anymore, our
call of real_stat() will SIGSEGV immediately as the pointer to
function is NULL. Therefore, we should expose only those symbols
we know glibc has.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2016-05-17 16:26:53 +02:00
|
|
|
AC_CHECK_FUNCS([stat stat64 __xstat __xstat64 lstat lstat64 __lxstat __lxstat64])
|
2011-07-22 11:59:37 -06:00
|
|
|
|
2012-09-05 16:27:42 -06:00
|
|
|
AC_CHECK_TYPE([struct ifreq],
|
|
|
|
[AC_DEFINE([HAVE_STRUCT_IFREQ],[1],
|
|
|
|
[Defined if struct ifreq exists in net/if.h])],
|
|
|
|
[], [[#include <sys/socket.h>
|
|
|
|
#include <net/if.h>
|
|
|
|
]])
|
2011-12-01 13:31:18 +00:00
|
|
|
|
2016-01-08 00:31:17 +03:00
|
|
|
AC_CHECK_TYPE([struct sockpeercred],
|
|
|
|
[AC_DEFINE([HAVE_STRUCT_SOCKPEERCRED], [1],
|
|
|
|
[Defined if struct sockpeercred is available])],
|
|
|
|
[], [[#include <sys/socket.h>
|
|
|
|
]])
|
|
|
|
|
2015-03-10 17:00:15 +01:00
|
|
|
AC_CHECK_DECLS([ETH_FLAG_TXVLAN, ETH_FLAG_NTUPLE, ETH_FLAG_RXHASH, ETH_FLAG_LRO,
|
2017-04-07 17:38:06 +02:00
|
|
|
ETHTOOL_GGSO, ETHTOOL_GGRO, ETHTOOL_GFLAGS, ETHTOOL_GFEATURES,
|
|
|
|
ETHTOOL_SCOALESCE, ETHTOOL_GCOALESCE],
|
2015-03-10 17:00:15 +01:00
|
|
|
[], [], [[#include <linux/ethtool.h>
|
|
|
|
]])
|
|
|
|
|
2017-05-18 11:55:12 +02:00
|
|
|
AC_CHECK_DECLS([SEEK_HOLE], [], [],
|
|
|
|
[#include <sys/types.h>
|
|
|
|
#include <unistd.h>])
|
|
|
|
|
|
|
|
|
2011-07-22 11:59:37 -06:00
|
|
|
dnl Our only use of libtasn1.h is in the testsuite, and can be skipped
|
|
|
|
dnl if the header is not present. Assume -ltasn1 is present if the
|
|
|
|
dnl header could be found.
|
|
|
|
AM_CONDITIONAL([HAVE_LIBTASN1], [test "x$ac_cv_header_libtasn1_h" = "xyes"])
|
2007-06-15 15:24:20 +00:00
|
|
|
|
2008-09-05 12:03:45 +00:00
|
|
|
AC_CHECK_LIB([intl],[gettext],[])
|
2020-01-07 16:19:52 +00:00
|
|
|
AC_CHECK_LIB([util],[openpty],[])
|
2008-09-05 12:03:45 +00:00
|
|
|
|
2016-12-13 13:47:07 +01:00
|
|
|
|
|
|
|
dnl
|
|
|
|
dnl Check for external programs
|
|
|
|
dnl
|
|
|
|
|
|
|
|
LIBVIRT_CHECK_EXTERNAL_PROGRAMS
|
|
|
|
|
2007-11-27 14:39:42 +00:00
|
|
|
dnl if --prefix is /usr, don't use /usr/var for localstatedir
|
|
|
|
dnl or /usr/etc for sysconfdir
|
|
|
|
dnl as this makes a lot of things break in testing situations
|
|
|
|
|
2010-03-24 09:10:13 +01:00
|
|
|
if test "$prefix" = "/usr" && test "$localstatedir" = '${prefix}/var' ; then
|
2007-11-27 14:39:42 +00:00
|
|
|
localstatedir='/var'
|
|
|
|
fi
|
2010-03-24 09:10:13 +01:00
|
|
|
if test "$prefix" = "/usr" && test "$sysconfdir" = '${prefix}/etc' ; then
|
2007-11-27 14:39:42 +00:00
|
|
|
sysconfdir='/etc'
|
|
|
|
fi
|
|
|
|
|
2016-12-14 15:28:55 +01:00
|
|
|
dnl
|
|
|
|
dnl Virtualization drivers check
|
|
|
|
dnl
|
|
|
|
|
2016-12-08 10:35:30 +01:00
|
|
|
LIBVIRT_DRIVER_ARG_QEMU
|
2016-11-29 08:50:58 +01:00
|
|
|
LIBVIRT_DRIVER_ARG_OPENVZ
|
2016-11-29 08:54:02 +01:00
|
|
|
LIBVIRT_DRIVER_ARG_VMWARE
|
2016-12-12 16:18:02 +01:00
|
|
|
LIBVIRT_DRIVER_ARG_LIBXL
|
2016-12-12 18:19:21 +01:00
|
|
|
LIBVIRT_DRIVER_ARG_VBOX
|
2016-12-08 10:36:55 +01:00
|
|
|
LIBVIRT_DRIVER_ARG_LXC
|
2016-12-14 15:28:55 +01:00
|
|
|
LIBVIRT_DRIVER_ARG_VZ
|
|
|
|
LIBVIRT_DRIVER_ARG_BHYVE
|
2016-12-01 10:40:31 +01:00
|
|
|
LIBVIRT_DRIVER_ARG_ESX
|
2016-12-01 10:43:13 +01:00
|
|
|
LIBVIRT_DRIVER_ARG_HYPERV
|
2016-12-01 10:23:41 +01:00
|
|
|
LIBVIRT_DRIVER_ARG_TEST
|
2016-12-01 10:27:19 +01:00
|
|
|
LIBVIRT_DRIVER_ARG_REMOTE
|
2016-12-01 12:01:33 +01:00
|
|
|
LIBVIRT_DRIVER_ARG_LIBVIRTD
|
2016-12-14 15:28:55 +01:00
|
|
|
LIBVIRT_DRIVER_ARG_NETWORK
|
|
|
|
LIBVIRT_DRIVER_ARG_INTERFACE
|
|
|
|
|
|
|
|
LIBVIRT_DRIVER_CHECK_QEMU
|
|
|
|
LIBVIRT_DRIVER_CHECK_OPENVZ
|
|
|
|
LIBVIRT_DRIVER_CHECK_VMWARE
|
|
|
|
LIBVIRT_DRIVER_CHECK_LIBXL
|
|
|
|
LIBVIRT_DRIVER_CHECK_VBOX
|
|
|
|
LIBVIRT_DRIVER_CHECK_LXC
|
|
|
|
LIBVIRT_DRIVER_CHECK_VZ
|
|
|
|
LIBVIRT_DRIVER_CHECK_BHYVE
|
|
|
|
LIBVIRT_DRIVER_CHECK_ESX
|
|
|
|
LIBVIRT_DRIVER_CHECK_HYPERV
|
|
|
|
LIBVIRT_DRIVER_CHECK_TEST
|
|
|
|
LIBVIRT_DRIVER_CHECK_REMOTE
|
|
|
|
LIBVIRT_DRIVER_CHECK_LIBVIRTD
|
|
|
|
LIBVIRT_DRIVER_CHECK_NETWORK
|
|
|
|
LIBVIRT_DRIVER_CHECK_INTERFACE
|
|
|
|
|
2016-11-14 15:25:41 +01:00
|
|
|
|
2005-12-02 12:11:06 +00:00
|
|
|
dnl
|
2010-09-09 17:06:00 +02:00
|
|
|
dnl in case someone want to build static binaries
|
|
|
|
dnl STATIC_BINARIES="-static"
|
2005-12-02 12:11:06 +00:00
|
|
|
dnl
|
2010-09-09 17:06:00 +02:00
|
|
|
STATIC_BINARIES=
|
2008-05-22 15:34:02 +00:00
|
|
|
AC_SUBST([STATIC_BINARIES])
|
2005-12-02 12:11:06 +00:00
|
|
|
|
2016-12-15 15:04:23 +01:00
|
|
|
dnl
|
|
|
|
dnl Miscellaneous checks
|
|
|
|
dnl
|
2007-02-16 18:30:55 +00:00
|
|
|
|
2016-12-15 15:04:23 +01:00
|
|
|
LIBVIRT_ARG_DEBUG
|
|
|
|
LIBVIRT_ARG_DTRACE
|
|
|
|
LIBVIRT_ARG_NUMAD
|
2016-12-12 18:11:51 +01:00
|
|
|
LIBVIRT_ARG_INIT_SCRIPT
|
2016-12-15 15:04:23 +01:00
|
|
|
LIBVIRT_ARG_CHRDEV_LOCK_FILES
|
|
|
|
LIBVIRT_ARG_DEFAULT_EDITOR
|
|
|
|
LIBVIRT_ARG_LOADER_NVRAM
|
|
|
|
LIBVIRT_ARG_LOGIN_SHELL
|
|
|
|
LIBVIRT_ARG_HOST_VALIDATE
|
|
|
|
LIBVIRT_ARG_TLS_PRIORITY
|
2016-11-29 08:33:19 +01:00
|
|
|
LIBVIRT_ARG_SYSCTL_CONFIG
|
2016-12-15 15:04:23 +01:00
|
|
|
|
|
|
|
|
|
|
|
LIBVIRT_CHECK_DEBUG
|
|
|
|
LIBVIRT_CHECK_DTRACE
|
|
|
|
LIBVIRT_CHECK_NUMAD
|
|
|
|
LIBVIRT_CHECK_INIT_SCRIPT
|
|
|
|
LIBVIRT_CHECK_CHRDEV_LOCK_FILES
|
|
|
|
LIBVIRT_CHECK_DEFAULT_EDITOR
|
|
|
|
LIBVIRT_CHECK_LOADER_NVRAM
|
|
|
|
LIBVIRT_CHECK_LOGIN_SHELL
|
|
|
|
LIBVIRT_CHECK_HOST_VALIDATE
|
|
|
|
LIBVIRT_CHECK_TLS_PRIORITY
|
2016-11-29 08:33:19 +01:00
|
|
|
LIBVIRT_CHECK_SYSCTL_CONFIG
|
2016-12-25 13:42:42 +01:00
|
|
|
LIBVIRT_CHECK_NSS
|
2012-04-04 11:16:34 +01:00
|
|
|
|
2010-03-25 13:46:12 -04:00
|
|
|
|
2005-11-02 13:19:10 +00:00
|
|
|
|
2011-03-29 20:39:18 +08:00
|
|
|
|
2008-09-17 14:07:49 +00:00
|
|
|
dnl
|
|
|
|
dnl check for kvm headers
|
2008-09-18 08:54:23 +00:00
|
|
|
dnl
|
2008-09-17 14:07:49 +00:00
|
|
|
AC_CHECK_HEADERS([linux/kvm.h])
|
|
|
|
|
2009-08-05 11:59:58 +01:00
|
|
|
|
|
|
|
dnl
|
|
|
|
dnl check for kernel headers required by src/bridge.c
|
|
|
|
dnl
|
2012-12-12 11:44:21 +04:00
|
|
|
if test "$with_linux" = "yes"; then
|
2013-09-13 10:11:26 -06:00
|
|
|
# Various kernel versions have headers that are not self-standing, but
|
|
|
|
# yet are incompatible with the corresponding glibc headers. In order
|
|
|
|
# to guarantee compilation across a wide range of versions (from RHEL 5
|
|
|
|
# to rawhide), we first have to probe whether glibc and kernel can be
|
|
|
|
# used in tandem; and if not, provide workarounds that ensure that
|
|
|
|
# ABI-compatible IPv6 types are present for use by the kernel headers.
|
|
|
|
# These probes mirror the usage in virnetdevbridge.c
|
|
|
|
AC_CACHE_CHECK(
|
|
|
|
[whether <linux/*.h> and <netinet/*.h> headers are compatible],
|
|
|
|
[lv_cv_netinet_linux_compatible],
|
|
|
|
[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <linux/in6.h>
|
|
|
|
]])],
|
|
|
|
[lv_cv_netinet_linux_compatible=yes],
|
|
|
|
[lv_cv_netinet_linux_compatible=no])])
|
|
|
|
if test "x$lv_cv_netinet_linux_compatible" != xyes; then
|
|
|
|
AC_DEFINE([NETINET_LINUX_WORKAROUND], [1],
|
|
|
|
[define to 1 if Linux kernel headers require a workaround to avoid
|
|
|
|
compilation errors when mixed with glibc netinet headers])
|
|
|
|
fi
|
2012-12-12 11:44:21 +04:00
|
|
|
AC_CHECK_HEADERS([linux/param.h linux/sockios.h linux/if_bridge.h linux/if_tun.h],,
|
2013-01-14 09:54:25 -07:00
|
|
|
[AC_MSG_ERROR([You must install kernel-headers in order to compile libvirt with QEMU or LXC support])],
|
2013-09-13 10:11:26 -06:00
|
|
|
[[#include <netinet/in.h>
|
|
|
|
#if NETINET_LINUX_WORKAROUND
|
|
|
|
# define in6_addr in6_addr_
|
|
|
|
# define sockaddr_in6 sockaddr_in6_
|
|
|
|
# define ipv6_mreq ipv6_mreq_
|
|
|
|
# define in6addr_any in6addr_any_
|
|
|
|
# define in6addr_loopback in6addr_loopback_
|
|
|
|
#endif
|
2013-08-07 10:34:08 -06:00
|
|
|
#include <linux/in6.h>
|
2013-01-14 09:54:25 -07:00
|
|
|
]])
|
2009-08-05 11:59:58 +01:00
|
|
|
fi
|
|
|
|
|
2009-08-05 10:52:14 +02:00
|
|
|
|
2009-09-10 14:21:10 +01:00
|
|
|
dnl Need to test if pkg-config exists
|
|
|
|
PKG_PROG_PKG_CONFIG
|
|
|
|
|
2009-05-25 11:56:00 +00:00
|
|
|
|
2016-12-12 18:20:45 +01:00
|
|
|
dnl Security driver checks
|
|
|
|
LIBVIRT_SECDRIVER_ARG_SELINUX
|
2016-12-01 12:08:20 +01:00
|
|
|
LIBVIRT_SECDRIVER_ARG_APPARMOR
|
2009-10-08 16:34:22 +02:00
|
|
|
|
2016-12-01 12:08:20 +01:00
|
|
|
LIBVIRT_SECDRIVER_CHECK_SELINUX
|
|
|
|
LIBVIRT_SECDRIVER_CHECK_APPARMOR
|
2009-10-08 16:34:22 +02:00
|
|
|
|
2009-09-14 13:31:23 +01:00
|
|
|
|
2016-12-22 12:49:51 +01:00
|
|
|
LIBVIRT_ARG_WITH_FEATURE([SECRETS], [local secrets management driver], [yes])
|
2011-05-24 13:21:51 +02:00
|
|
|
|
2009-09-14 13:31:23 +01:00
|
|
|
if test "$with_libvirtd" = "no"; then
|
|
|
|
with_secrets=no
|
|
|
|
fi
|
|
|
|
if test "$with_secrets" = "yes" ; then
|
|
|
|
AC_DEFINE_UNQUOTED([WITH_SECRETS], 1, [whether local secrets management driver is available])
|
|
|
|
fi
|
|
|
|
AM_CONDITIONAL([WITH_SECRETS], [test "$with_secrets" = "yes"])
|
|
|
|
|
|
|
|
|
2016-12-13 10:36:14 +01:00
|
|
|
dnl
|
|
|
|
dnl Storage driver checks
|
|
|
|
dnl
|
|
|
|
|
2016-12-07 08:46:51 +01:00
|
|
|
LIBVIRT_STORAGE_ARG_DIR
|
2016-12-07 10:16:19 +01:00
|
|
|
LIBVIRT_STORAGE_ARG_FS
|
2016-12-07 10:22:05 +01:00
|
|
|
LIBVIRT_STORAGE_ARG_LVM
|
2016-12-07 13:12:31 +01:00
|
|
|
LIBVIRT_STORAGE_ARG_ISCSI
|
2018-07-31 10:44:21 +02:00
|
|
|
LIBVIRT_STORAGE_ARG_ISCSI_DIRECT
|
2016-12-07 13:13:00 +01:00
|
|
|
LIBVIRT_STORAGE_ARG_SCSI
|
2016-12-12 18:21:11 +01:00
|
|
|
LIBVIRT_STORAGE_ARG_MPATH
|
2016-12-12 18:21:51 +01:00
|
|
|
LIBVIRT_STORAGE_ARG_DISK
|
2016-12-07 15:44:08 +01:00
|
|
|
LIBVIRT_STORAGE_ARG_RBD
|
2016-12-07 15:48:37 +01:00
|
|
|
LIBVIRT_STORAGE_ARG_SHEEPDOG
|
2016-12-07 15:52:39 +01:00
|
|
|
LIBVIRT_STORAGE_ARG_GLUSTER
|
2016-12-07 15:59:19 +01:00
|
|
|
LIBVIRT_STORAGE_ARG_ZFS
|
2017-01-17 17:10:55 +03:00
|
|
|
LIBVIRT_STORAGE_ARG_VSTORAGE
|
2008-02-20 15:42:30 +00:00
|
|
|
|
2008-09-05 12:03:45 +00:00
|
|
|
if test "$with_libvirtd" = "no"; then
|
|
|
|
with_storage_dir=no
|
|
|
|
with_storage_fs=no
|
|
|
|
with_storage_lvm=no
|
|
|
|
with_storage_iscsi=no
|
2018-07-31 10:44:21 +02:00
|
|
|
with_storage_iscsi_direct=no
|
2009-04-01 16:03:22 +00:00
|
|
|
with_storage_scsi=no
|
2009-09-08 15:47:45 +02:00
|
|
|
with_storage_mpath=no
|
2008-09-05 12:03:45 +00:00
|
|
|
with_storage_disk=no
|
2012-05-14 11:06:42 +02:00
|
|
|
with_storage_rbd=no
|
2012-07-18 20:06:58 +01:00
|
|
|
with_storage_sheepdog=no
|
2013-11-19 16:26:05 -07:00
|
|
|
with_storage_gluster=no
|
2014-07-21 18:38:42 +04:00
|
|
|
with_storage_zfs=no
|
2017-01-17 17:10:55 +03:00
|
|
|
with_storage_vstorage=no
|
2008-09-05 12:03:45 +00:00
|
|
|
fi
|
2016-12-07 08:46:51 +01:00
|
|
|
|
2019-04-02 11:04:46 +02:00
|
|
|
dnl storage-fs does not work on macOS
|
2010-10-05 12:31:05 +11:00
|
|
|
|
2019-04-02 11:04:46 +02:00
|
|
|
if test "$with_macos" = "yes"; then
|
2010-10-05 12:31:05 +11:00
|
|
|
with_storage_fs=no
|
|
|
|
fi
|
2008-09-05 12:03:45 +00:00
|
|
|
|
2016-12-13 10:36:14 +01:00
|
|
|
LIBVIRT_STORAGE_CHECK_DIR
|
2016-12-07 10:16:19 +01:00
|
|
|
LIBVIRT_STORAGE_CHECK_FS
|
2016-12-07 10:22:05 +01:00
|
|
|
LIBVIRT_STORAGE_CHECK_LVM
|
2016-12-07 13:12:31 +01:00
|
|
|
LIBVIRT_STORAGE_CHECK_ISCSI
|
2018-07-31 10:44:21 +02:00
|
|
|
LIBVIRT_STORAGE_CHECK_ISCSI_DIRECT
|
2016-12-07 13:13:00 +01:00
|
|
|
LIBVIRT_STORAGE_CHECK_SCSI
|
2016-12-12 18:21:11 +01:00
|
|
|
LIBVIRT_STORAGE_CHECK_MPATH
|
2016-12-13 10:36:14 +01:00
|
|
|
LIBVIRT_STORAGE_CHECK_DISK
|
2016-12-07 15:44:08 +01:00
|
|
|
LIBVIRT_STORAGE_CHECK_RBD
|
2016-12-07 15:48:37 +01:00
|
|
|
LIBVIRT_STORAGE_CHECK_SHEEPDOG
|
2016-12-07 15:52:39 +01:00
|
|
|
LIBVIRT_STORAGE_CHECK_GLUSTER
|
2016-12-07 15:59:19 +01:00
|
|
|
LIBVIRT_STORAGE_CHECK_ZFS
|
2017-01-17 17:10:55 +03:00
|
|
|
LIBVIRT_STORAGE_CHECK_VSTORAGE
|
2008-02-20 15:45:33 +00:00
|
|
|
|
2012-06-05 10:28:52 -06:00
|
|
|
with_storage=no
|
2018-07-31 10:44:21 +02:00
|
|
|
for backend in dir fs lvm iscsi iscsi_direct scsi mpath rbd disk; do
|
2012-06-05 10:28:52 -06:00
|
|
|
if eval test \$with_storage_$backend = yes; then
|
|
|
|
with_storage=yes
|
|
|
|
break
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
if test $with_storage = yes; then
|
|
|
|
AC_DEFINE([WITH_STORAGE], [1],
|
|
|
|
[Define to 1 if at least one storage backend is in use])
|
|
|
|
fi
|
|
|
|
AM_CONDITIONAL([WITH_STORAGE], [test "$with_storage" = "yes"])
|
|
|
|
|
2015-01-23 18:22:34 +08:00
|
|
|
dnl
|
|
|
|
dnl check for kernel headers required by btrfs ioctl
|
|
|
|
dnl
|
|
|
|
if test "$with_linux" = "yes"; then
|
|
|
|
AC_CHECK_HEADERS([linux/btrfs.h])
|
|
|
|
fi
|
|
|
|
|
2018-07-06 10:43:00 -03:00
|
|
|
dnl
|
|
|
|
dnl check for xfs dev headers required by xfs ioctl
|
|
|
|
dnl
|
|
|
|
if test "$with_linux" = "yes"; then
|
|
|
|
AC_CHECK_HEADERS([xfs/xfs.h])
|
|
|
|
fi
|
|
|
|
|
2017-08-21 05:19:53 -04:00
|
|
|
dnl
|
2017-09-18 13:21:47 -04:00
|
|
|
dnl check for DEVLINK_CMD_ESWITCH_GET
|
|
|
|
dnl
|
|
|
|
dnl Assume DEVLINK_ESWITCH_MODE_SWITCHDEV is also
|
|
|
|
dnl available, as it was introudced in kernel 4.8
|
|
|
|
dnl along with the original spelling of this constant
|
|
|
|
dnl (DEVLINK_CMD_ESWITCH_MODE_GET, not supported by libvirt)
|
2017-08-21 05:19:53 -04:00
|
|
|
dnl
|
|
|
|
if test "$with_linux" = "yes"; then
|
|
|
|
AC_CHECK_HEADERS([linux/devlink.h])
|
2017-09-18 13:21:47 -04:00
|
|
|
AC_CHECK_DECLS([DEVLINK_CMD_ESWITCH_GET], [], [],
|
2017-08-21 05:19:53 -04:00
|
|
|
[[#include <linux/devlink.h>]])
|
|
|
|
fi
|
|
|
|
|
2018-05-22 15:52:52 +02:00
|
|
|
dnl
|
|
|
|
dnl check for VHOST_VSOCK_SET_GUEST_CID
|
|
|
|
dnl
|
|
|
|
if test "$with_linux" = "yes"; then
|
|
|
|
AC_CHECK_DECLS([VHOST_VSOCK_SET_GUEST_CID], [], [],
|
|
|
|
[[#include <linux/vhost.h>]])
|
|
|
|
fi
|
|
|
|
|
2013-11-22 16:42:22 +00:00
|
|
|
dnl Allow perl/python overrides
|
2019-12-03 16:29:12 +00:00
|
|
|
AC_PATH_PROGS([PYTHON], [python3])
|
2017-05-08 11:35:17 +01:00
|
|
|
if test -z "$PYTHON"; then
|
2019-12-03 16:29:12 +00:00
|
|
|
AC_MSG_ERROR(['python3' binary is required to build libvirt])
|
2017-05-08 11:35:17 +01:00
|
|
|
fi
|
2019-12-09 09:30:10 -05:00
|
|
|
AC_DEFINE_UNQUOTED([PYTHON], "$PYTHON", [path to python binary])
|
2019-09-18 12:19:43 +08:00
|
|
|
AC_PATH_PROG([FLAKE8], [flake8])
|
|
|
|
if test -z "$FLAKE8"; then
|
|
|
|
AC_MSG_WARN(['flake8' binary is required to check python code style])
|
|
|
|
fi
|
2019-09-05 16:45:27 +01:00
|
|
|
|
|
|
|
dnl Python3 < 3.7 treats the C locale as 7-bit only.
|
|
|
|
dnl We must force env vars so it treats it as UTF-8
|
|
|
|
dnl regardless of the user's locale.
|
|
|
|
RUNUTF8="LC_ALL= LANG=C LC_CTYPE=en_US.UTF-8"
|
|
|
|
AC_SUBST(RUNUTF8)
|
|
|
|
|
|
|
|
|
2012-05-29 15:49:13 -06:00
|
|
|
AC_PATH_PROG([PERL], [perl])
|
2014-08-14 11:37:45 +08:00
|
|
|
if test -z "$PERL"; then
|
2017-05-08 11:35:17 +01:00
|
|
|
AC_MSG_ERROR(['perl' binary is required to build libvirt])
|
2014-08-14 11:37:45 +08:00
|
|
|
fi
|
2012-05-29 15:49:13 -06:00
|
|
|
|
2016-12-22 12:49:51 +01:00
|
|
|
LIBVIRT_ARG_WITH([TEST_SUITE], [build test suite by default], [check])
|
2016-11-14 15:25:41 +01:00
|
|
|
case "$with_test_suite" in
|
|
|
|
yes|no|check) ;;
|
|
|
|
*) AC_MSG_ERROR([bad value ${withval} for tests option]) ;;
|
|
|
|
esac
|
2012-03-27 16:35:01 +01:00
|
|
|
|
|
|
|
AC_MSG_CHECKING([Whether to build test suite by default])
|
2016-11-14 15:25:41 +01:00
|
|
|
if test "$with_test_suite" = "check" ; then
|
2012-03-27 16:35:01 +01:00
|
|
|
if test -d $srcdir/.git ; then
|
2016-11-14 15:25:41 +01:00
|
|
|
with_test_suite=yes
|
2012-03-27 16:35:01 +01:00
|
|
|
else
|
2016-11-14 15:25:41 +01:00
|
|
|
with_test_suite=no
|
2012-03-27 16:35:01 +01:00
|
|
|
fi
|
|
|
|
fi
|
2016-11-14 15:25:41 +01:00
|
|
|
AC_MSG_RESULT([$with_test_suite])
|
|
|
|
AM_CONDITIONAL([WITH_TESTS], [test "$with_test_suite" = "yes"])
|
2012-03-27 16:35:01 +01:00
|
|
|
|
2016-12-13 13:34:42 +01:00
|
|
|
LIBVIRT_ARG_ENABLE([EXPENSIVE_TESTS],
|
|
|
|
[set the default for enabling expensive tests ]
|
2020-01-17 16:00:27 +00:00
|
|
|
[(long timeouts), use VIR_TEST_EXPENSIVE to ]
|
2016-12-13 13:34:42 +01:00
|
|
|
[override during make],
|
|
|
|
[check])
|
|
|
|
case "$enable_expensive_tests" in
|
|
|
|
0|no) VIR_TEST_EXPENSIVE_DEFAULT=0 ;;
|
|
|
|
1|yes) VIR_TEST_EXPENSIVE_DEFAULT=1 ;;
|
|
|
|
check) ;;
|
|
|
|
*) AC_MSG_ERROR([bad value ${enable_expensive_tests} for enable-expensive-tests option]) ;;
|
|
|
|
esac
|
|
|
|
if test "$enable_expensive_tests" = check; then
|
build: add configure option to disable gnulib tests
The gnulib testsuite is relatively stable - the only times it is
likely to have a test change from pass to fail is on a gnulib
submodule update or a major system change (such as moving from
Fedora 18 to 19, or other large change to libc). While it is an
important test for end users on arbitrary machines (to make sure
that the portability glue works for their machine), it mostly
wastes time for development testing (as most developers aren't
making any of the major changes that would cause gnulib tests
to alter behavior). Thus, it pays to make the tests optional
at configure time, defaulting to off for development, on for
tarballs, with autobuilders requesting it to be on. It also
helps to allow a make-time override, via VIR_TEST_EXPENSIVE=[01]
(much the way automake sets up V=[01] for overriding the configure
time default of how verbose to be).
Automake has some pretty hard-coded magic with regards to the
TESTS variable; I had quite a job figuring out how to keep
'make distcheck' passing regardless of the configure option
setting in use, while still disabling the tests at runtime
when I did not configure them on and did not use the override
variable. Thankfully, we require GNU make, which lets me
hide some information from Automake's magic handling of TESTS.
* bootstrap.conf (bootstrap_epilogue): Munge gnulib test variable.
* configure.ac (--enable-expensive-tests): Add new enable switch.
(VIR_TEST_EXPENSIVE_DEFAULT, WITH_EXPENSIVE_TESTS): Set new
witnesses.
* gnulib/tests/Makefile.am (TESTS): Make tests conditional on
configure settings and the VIR_TEST_EXPENSIVE variable.
* tests/Makefile.am (TESTS_ENVIRONMENT): Expose VIR_TEST_EXPENSIVE
to all tests.
* autobuild.sh: Enable all tests during autobuilds.
* libvirt.spec.in (%configure): Likewise.
* mingw-libvirt.spec.in (%mingw_configure): Likewise.
* docs/hacking.html.in: Document the option.
* HACKING: Regenerate.
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-31 07:18:58 -06:00
|
|
|
if test -d $srcdir/.git ; then
|
|
|
|
VIR_TEST_EXPENSIVE_DEFAULT=0
|
|
|
|
else
|
|
|
|
VIR_TEST_EXPENSIVE_DEFAULT=1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
AC_SUBST([VIR_TEST_EXPENSIVE_DEFAULT])
|
|
|
|
AM_CONDITIONAL([WITH_EXPENSIVE_TESTS], [test $VIR_TEST_EXPENSIVE_DEFAULT = 1])
|
|
|
|
|
2019-08-02 13:05:37 +02:00
|
|
|
LIBVIRT_ARG_ENABLE([TEST_COVERAGE], [turn on code coverage instrumentation], [no])
|
|
|
|
case "$enable_test_coverage" in
|
|
|
|
yes|no) ;;
|
|
|
|
*) AC_MSG_ERROR([bad value ${enable_test_coverga} for test-coverage option]) ;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
if test "$enable_test_coverage" = yes; then
|
|
|
|
save_WARN_CFLAGS=$WARN_CFLAGS
|
|
|
|
WARN_CFLAGS=
|
|
|
|
gl_WARN_ADD([-fprofile-arcs])
|
|
|
|
gl_WARN_ADD([-ftest-coverage])
|
|
|
|
COVERAGE_FLAGS=$WARN_CFLAGS
|
|
|
|
AC_SUBST([COVERAGE_CFLAGS], [$COVERAGE_FLAGS])
|
|
|
|
AC_SUBST([COVERAGE_LDFLAGS], [$COVERAGE_FLAGS])
|
|
|
|
WARN_CFLAGS=$save_WARN_CFLAGS
|
|
|
|
fi
|
|
|
|
|
2020-01-14 18:34:26 +00:00
|
|
|
dnl MinGW checks
|
2016-12-15 11:48:38 +01:00
|
|
|
LIBVIRT_WIN_CHECK_COMMON
|
2016-12-06 13:55:50 +01:00
|
|
|
LIBVIRT_WIN_CHECK_MINGW
|
2016-12-06 13:56:38 +01:00
|
|
|
LIBVIRT_WIN_CHECK_SYMBOLS
|
2016-12-06 13:57:12 +01:00
|
|
|
LIBVIRT_WIN_CHECK_WINDRES
|
2016-12-15 11:48:38 +01:00
|
|
|
|
|
|
|
|
2016-11-14 15:34:04 +01:00
|
|
|
dnl Driver-Modules library support
|
|
|
|
LIBVIRT_ARG_DRIVER_MODULES
|
|
|
|
LIBVIRT_CHECK_DRIVER_MODULES
|
2008-11-21 12:16:08 +00:00
|
|
|
|
|
|
|
|
2008-02-28 17:07:37 +00:00
|
|
|
# Set LV_LIBTOOL_OBJDIR to "." or $lt_cv_objdir, depending on whether
|
|
|
|
# we're building shared libraries. This is the name of the directory
|
|
|
|
# in which .o files will be created.
|
|
|
|
test "$enable_shared" = no && lt_cv_objdir=.
|
|
|
|
LV_LIBTOOL_OBJDIR=${lt_cv_objdir-.}
|
2008-05-22 15:34:02 +00:00
|
|
|
AC_SUBST([LV_LIBTOOL_OBJDIR])
|
2008-02-28 17:07:37 +00:00
|
|
|
|
2008-11-21 12:27:11 +00:00
|
|
|
|
|
|
|
with_nodedev=no;
|
2010-03-24 15:31:31 -06:00
|
|
|
if test "$with_hal" = "yes" || test "$with_udev" = "yes";
|
2008-11-21 12:27:11 +00:00
|
|
|
then
|
|
|
|
with_nodedev=yes
|
|
|
|
AC_DEFINE_UNQUOTED([WITH_NODE_DEVICES], 1, [with node device driver])
|
|
|
|
fi
|
|
|
|
AM_CONDITIONAL([WITH_NODE_DEVICES], [test "$with_nodedev" = "yes"])
|
|
|
|
|
2014-02-10 16:08:26 +02:00
|
|
|
dnl GET_VLAN_VID_CMD is required for virNetDevGetVLanID
|
|
|
|
AC_CHECK_DECLS([GET_VLAN_VID_CMD], [], [], [[#include <linux/if_vlan.h>]])
|
2010-02-12 18:03:07 +01:00
|
|
|
|
2013-04-27 19:50:19 +04:00
|
|
|
# Check for Linux vs. BSD ifreq members
|
|
|
|
AC_CHECK_MEMBERS([struct ifreq.ifr_newname,
|
|
|
|
struct ifreq.ifr_ifindex,
|
2014-10-29 21:20:47 +03:00
|
|
|
struct ifreq.ifr_index,
|
|
|
|
struct ifreq.ifr_hwaddr],
|
2013-04-27 19:50:19 +04:00
|
|
|
[], [],
|
|
|
|
[#include <sys/socket.h>
|
|
|
|
#include <net/if.h>
|
|
|
|
])
|
2013-07-17 20:02:17 +02:00
|
|
|
|
2013-05-03 17:35:20 +04:00
|
|
|
# Check for BSD approach for setting MAC addr
|
2013-07-17 20:02:17 +02:00
|
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM(
|
|
|
|
[[
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <net/if_dl.h>
|
|
|
|
]],
|
|
|
|
[[
|
2013-07-24 17:02:00 +04:00
|
|
|
link_addr(0, 0)]])],
|
2013-07-17 20:02:17 +02:00
|
|
|
[AC_DEFINE([HAVE_DECL_LINK_ADDR],
|
|
|
|
[1],
|
|
|
|
[whether link_addr is available])])
|
2013-05-03 17:35:20 +04:00
|
|
|
|
2013-06-19 20:47:31 +04:00
|
|
|
# Check for BSD approach for bridge management
|
|
|
|
AC_CHECK_DECLS([BRDGSFD, BRDGADD, BRDGDEL],
|
|
|
|
[AC_DEFINE([HAVE_BSD_BRIDGE_MGMT],
|
|
|
|
[1],
|
|
|
|
[whether BSD style bridge management is available])],
|
|
|
|
[],
|
2013-07-10 13:38:06 +04:00
|
|
|
[#include <stdint.h>
|
|
|
|
#include <net/if.h>
|
2013-06-19 20:47:31 +04:00
|
|
|
#include <net/ethernet.h>
|
|
|
|
#include <net/if_bridgevar.h>
|
|
|
|
])
|
|
|
|
|
2014-01-29 22:31:44 +04:00
|
|
|
# Check for BSD CPU affinity availability
|
|
|
|
AC_CHECK_DECLS([cpuset_getaffinity],
|
|
|
|
[AC_DEFINE([HAVE_BSD_CPU_AFFINITY],
|
|
|
|
[1],
|
|
|
|
[whether BSD CPU affinity management is available])],
|
|
|
|
[],
|
|
|
|
[#include <sys/param.h>
|
|
|
|
#include <sys/cpuset.h>
|
|
|
|
])
|
|
|
|
|
2014-04-21 14:59:58 +04:00
|
|
|
# Check for BSD kvm (kernel memory interface)
|
|
|
|
if test $with_freebsd = yes; then
|
|
|
|
AC_CHECK_LIB([kvm], [kvm_getprocs], [],
|
|
|
|
[AC_MSG_ERROR([BSD kernel memory interface library is required to build on FreeBSD])]
|
|
|
|
)
|
|
|
|
fi
|
|
|
|
|
2014-07-06 13:53:40 +04:00
|
|
|
# FreeBSD 10-STABLE requires _IFI_OQDROPS to be defined for if_data.ifi_oqdrops
|
|
|
|
# field be available
|
|
|
|
old_CFLAGS="$CFLAGS"
|
|
|
|
CFLAGS="$CFLAGS -D_IFI_OQDROPS"
|
|
|
|
|
|
|
|
AC_CHECK_MEMBERS([struct if_data.ifi_oqdrops],
|
|
|
|
[],
|
|
|
|
[CFLAGS="$old_CFLAGS"],
|
|
|
|
[#include <net/if.h>
|
|
|
|
])
|
|
|
|
|
2016-11-19 20:42:27 +03:00
|
|
|
AC_CHECK_DECLS([clock_serv_t, host_get_clock_service, clock_get_time],
|
|
|
|
[AC_DEFINE([HAVE_MACH_CLOCK_ROUTINES],
|
|
|
|
[1],
|
|
|
|
[whether Mach clock routines are available])],
|
|
|
|
[],
|
|
|
|
[#include <mach/clock.h>
|
|
|
|
#include <mach/mach.h>
|
|
|
|
])
|
|
|
|
|
2019-09-09 09:37:32 +02:00
|
|
|
# Check if we have new enough kernel to support BPF devices for cgroups v2
|
|
|
|
if test "$with_linux" = "yes"; then
|
2019-09-09 09:40:06 +02:00
|
|
|
AC_CHECK_DECLS([BPF_PROG_QUERY, BPF_CGROUP_DEVICE],
|
|
|
|
[], [], [#include <linux/bpf.h>])
|
2019-09-09 09:37:32 +02:00
|
|
|
fi
|
|
|
|
|
2013-08-11 17:54:48 +04:00
|
|
|
# Check if we need to look for ifconfig
|
|
|
|
if test "$want_ifconfig" = "yes"; then
|
|
|
|
AC_PATH_PROG([IFCONFIG_PATH], [ifconfig])
|
|
|
|
if test -z "$IFCONFIG_PATH"; then
|
|
|
|
AC_MSG_ERROR([Failed to find ifconfig.])
|
|
|
|
fi
|
|
|
|
AC_DEFINE_UNQUOTED([IFCONFIG_PATH], "$IFCONFIG_PATH", [path to ifconfig binary])
|
|
|
|
fi
|
|
|
|
|
2010-04-07 17:02:25 +02:00
|
|
|
# Detect when running under the clang static analyzer's scan-build driver
|
|
|
|
# or Coverity-prevent's cov-build. Define STATIC_ANALYSIS accordingly.
|
2011-08-02 12:25:58 -06:00
|
|
|
AC_CACHE_CHECK([whether this build is done by a static analysis tool],
|
|
|
|
[lv_cv_static_analysis], [
|
|
|
|
lv_cv_static_analysis=no
|
|
|
|
if test -n "${CCC_ANALYZER_ANALYSIS+set}" || \
|
|
|
|
test -n "$COVERITY_BUILD_COMMAND$COVERITY_LD_PRELOAD"; then
|
|
|
|
lv_cv_static_analysis=yes
|
|
|
|
fi
|
|
|
|
])
|
2011-06-03 13:43:15 -06:00
|
|
|
t=0
|
2011-08-02 12:25:58 -06:00
|
|
|
test "x$lv_cv_static_analysis" = xyes && t=1
|
2010-04-07 17:02:25 +02:00
|
|
|
AC_DEFINE_UNQUOTED([STATIC_ANALYSIS], [$t],
|
|
|
|
[Define to 1 when performing static analysis.])
|
|
|
|
|
2019-10-02 17:04:31 +01:00
|
|
|
GNUmakefile=GNUmakefile
|
|
|
|
m4_if(m4_version_compare([2.61a.100],
|
|
|
|
m4_defn([m4_PACKAGE_VERSION])), [1], [],
|
|
|
|
[AC_CONFIG_LINKS([$GNUmakefile:$GNUmakefile], [],
|
|
|
|
[GNUmakefile=$GNUmakefile])])
|
|
|
|
|
2012-09-14 10:08:54 +01:00
|
|
|
AC_CONFIG_FILES([run],
|
|
|
|
[chmod +x,-w run])
|
2013-07-31 14:52:16 -06:00
|
|
|
AC_CONFIG_FILES([\
|
makefile: Move include/Makefile.am to include/libvirt/Makefile.am
The reason for this is to fix the automatic rebuild of libvirt-common.h.in.
All *.in files should be automatically rebuilt each time they're modified.
It works well for makefiles and pkgconfig files, since they do have a valid
dependency in the top-level Makefile. However, with libvirt-common.h.in
there is no dependency in the top-level Makefile and there's no need for it
either, so this rule
include/libvirt/libvirt-common.h: $(top_builddir)/config.status \
$(top_srcdir)/include/libvirt/libvirt-common.h.in
cd $(top_builddir) && $(SHELL) ./config.status $@
is never hit and should be moved to include/Makefile, but that's automake's
job. According to GNU automake docs:
"Files created by AC_CONFIG_FILES, be they
Automake Makefiles or not, are all removed by ‘make distclean’. Their inputs
are automatically distributed, unless they are the output of prior
AC_CONFIG_FILES commands. Finally, rebuild rules are generated in the Automake
Makefile existing in the subdirectory of the output file, if there is one, or
in the top-level Makefile otherwise."
Which means that if we want to have the rule for libvirt-common.h automatically
generated by automake, the include/Makefile.am needs to be moved into libvirt/
subdirectory and $SUBDIRS in the top-level Makefile need to be adjusted as
well. This patch moves Makefile.am from include/ to include/libvirt, adjusting
the prefixes accordingly as well as updates the top-level Makefile $SUBDIRS to
properly hint automake to generate all rules at proper places.
Best way to see the changes, use -M with 'git show'.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
2016-04-05 21:04:06 +02:00
|
|
|
Makefile src/Makefile include/libvirt/Makefile docs/Makefile \
|
2017-04-21 16:05:19 +02:00
|
|
|
.color_coded \
|
2017-04-21 16:47:02 +02:00
|
|
|
.ycm_extra_conf.py \
|
2014-06-20 17:47:15 +01:00
|
|
|
libvirt.pc \
|
|
|
|
libvirt-qemu.pc \
|
|
|
|
libvirt-lxc.pc \
|
2015-04-15 16:16:24 +02:00
|
|
|
libvirt-admin.pc \
|
2014-06-20 17:48:12 +01:00
|
|
|
src/libvirt.pc \
|
|
|
|
src/libvirt-qemu.pc \
|
|
|
|
src/libvirt-lxc.pc \
|
2014-06-20 17:47:15 +01:00
|
|
|
libvirt.spec mingw-libvirt.spec \
|
2018-04-03 16:39:17 +01:00
|
|
|
po/Makefile \
|
2016-01-10 14:36:13 -05:00
|
|
|
include/libvirt/libvirt-common.h \
|
2016-01-09 18:03:56 -05:00
|
|
|
examples/Makefile \
|
2013-07-31 14:52:16 -06:00
|
|
|
tests/Makefile \
|
2016-01-10 15:35:36 -05:00
|
|
|
tools/Makefile])
|
2013-07-31 14:52:16 -06:00
|
|
|
AC_OUTPUT
|
2007-09-18 23:36:30 +00:00
|
|
|
|
|
|
|
AC_MSG_NOTICE([])
|
|
|
|
AC_MSG_NOTICE([Configuration summary])
|
|
|
|
AC_MSG_NOTICE([=====================])
|
|
|
|
AC_MSG_NOTICE([])
|
|
|
|
AC_MSG_NOTICE([Drivers])
|
|
|
|
AC_MSG_NOTICE([])
|
2016-12-08 10:35:30 +01:00
|
|
|
LIBVIRT_DRIVER_RESULT_QEMU
|
2016-11-29 08:50:58 +01:00
|
|
|
LIBVIRT_DRIVER_RESULT_OPENVZ
|
2016-11-29 08:54:02 +01:00
|
|
|
LIBVIRT_DRIVER_RESULT_VMWARE
|
2016-12-12 18:19:21 +01:00
|
|
|
LIBVIRT_DRIVER_RESULT_VBOX
|
2016-12-12 16:18:02 +01:00
|
|
|
LIBVIRT_DRIVER_RESULT_LIBXL
|
2016-12-08 10:36:55 +01:00
|
|
|
LIBVIRT_DRIVER_RESULT_LXC
|
2016-12-01 10:40:31 +01:00
|
|
|
LIBVIRT_DRIVER_RESULT_ESX
|
2016-12-01 10:43:13 +01:00
|
|
|
LIBVIRT_DRIVER_RESULT_HYPERV
|
2015-07-10 17:32:00 +03:00
|
|
|
LIBVIRT_DRIVER_RESULT_VZ
|
2014-02-18 14:08:10 +04:00
|
|
|
LIBVIRT_DRIVER_RESULT_BHYVE
|
2016-12-01 10:23:41 +01:00
|
|
|
LIBVIRT_DRIVER_RESULT_TEST
|
2016-12-01 10:27:19 +01:00
|
|
|
LIBVIRT_DRIVER_RESULT_REMOTE
|
2016-12-01 12:02:30 +01:00
|
|
|
LIBVIRT_DRIVER_RESULT_NETWORK
|
2016-12-01 12:01:33 +01:00
|
|
|
LIBVIRT_DRIVER_RESULT_LIBVIRTD
|
2016-12-01 15:50:59 +01:00
|
|
|
LIBVIRT_DRIVER_RESULT_INTERFACE
|
2007-09-18 23:36:30 +00:00
|
|
|
AC_MSG_NOTICE([])
|
2008-02-20 15:42:30 +00:00
|
|
|
AC_MSG_NOTICE([Storage Drivers])
|
|
|
|
AC_MSG_NOTICE([])
|
2016-12-07 08:46:51 +01:00
|
|
|
LIBVIRT_STORAGE_RESULT_DIR
|
2016-12-07 10:16:19 +01:00
|
|
|
LIBVIRT_STORAGE_RESULT_FS
|
2016-12-07 10:22:05 +01:00
|
|
|
LIBVIRT_STORAGE_RESULT_LVM
|
2016-12-07 13:12:31 +01:00
|
|
|
LIBVIRT_STORAGE_RESULT_ISCSI
|
2018-07-31 10:44:21 +02:00
|
|
|
LIBVIRT_STORAGE_RESULT_ISCSI_DIRECT
|
2016-12-07 13:13:00 +01:00
|
|
|
LIBVIRT_STORAGE_RESULT_SCSI
|
2016-12-12 18:21:11 +01:00
|
|
|
LIBVIRT_STORAGE_RESULT_MPATH
|
2016-12-12 18:21:51 +01:00
|
|
|
LIBVIRT_STORAGE_RESULT_DISK
|
2016-12-07 15:44:08 +01:00
|
|
|
LIBVIRT_STORAGE_RESULT_RBD
|
2016-12-07 15:48:37 +01:00
|
|
|
LIBVIRT_STORAGE_RESULT_SHEEPDOG
|
2016-12-07 15:52:39 +01:00
|
|
|
LIBVIRT_STORAGE_RESULT_GLUSTER
|
2016-12-07 15:59:19 +01:00
|
|
|
LIBVIRT_STORAGE_RESULT_ZFS
|
2017-01-17 17:10:55 +03:00
|
|
|
LIBVIRT_STORAGE_RESULT_VSTORAGE
|
2008-02-20 15:42:30 +00:00
|
|
|
AC_MSG_NOTICE([])
|
2009-03-03 10:06:49 +00:00
|
|
|
AC_MSG_NOTICE([Security Drivers])
|
|
|
|
AC_MSG_NOTICE([])
|
2016-12-12 18:20:45 +01:00
|
|
|
LIBVIRT_SECDRIVER_RESULT_SELINUX
|
2016-12-01 12:08:20 +01:00
|
|
|
LIBVIRT_SECDRIVER_RESULT_APPARMOR
|
2009-03-03 10:06:49 +00:00
|
|
|
AC_MSG_NOTICE([])
|
2008-11-21 12:16:08 +00:00
|
|
|
AC_MSG_NOTICE([Driver Loadable Modules])
|
|
|
|
AC_MSG_NOTICE([])
|
2016-11-14 15:34:04 +01:00
|
|
|
LIBVIRT_RESULT_DRIVER_MODULES
|
2009-08-05 10:43:37 +02:00
|
|
|
AC_MSG_NOTICE([])
|
|
|
|
AC_MSG_NOTICE([Libraries])
|
|
|
|
AC_MSG_NOTICE([])
|
2017-02-14 15:21:29 +01:00
|
|
|
LIBVIRT_RESULT_ACL
|
2012-09-20 13:28:45 +01:00
|
|
|
LIBVIRT_RESULT_APPARMOR
|
2012-09-19 14:00:34 +01:00
|
|
|
LIBVIRT_RESULT_ATTR
|
2012-09-20 13:12:40 +01:00
|
|
|
LIBVIRT_RESULT_AUDIT
|
2017-11-02 14:41:53 +01:00
|
|
|
LIBVIRT_RESULT_BASH_COMPLETION
|
2012-09-20 15:52:14 +01:00
|
|
|
LIBVIRT_RESULT_BLKID
|
2012-09-20 13:58:37 +01:00
|
|
|
LIBVIRT_RESULT_CAPNG
|
2013-01-08 21:31:58 +00:00
|
|
|
LIBVIRT_RESULT_CURL
|
2012-09-20 15:12:08 +01:00
|
|
|
LIBVIRT_RESULT_DBUS
|
2016-11-12 00:20:21 +01:00
|
|
|
LIBVIRT_RESULT_DLOPEN
|
2016-11-14 15:34:40 +01:00
|
|
|
LIBVIRT_RESULT_FIREWALLD
|
configure: selectively install a firewalld 'libvirt' zone
In the past (when both libvirt and firewalld used iptables), if either
libvirt's rules *OR* firewalld's rules accepted a packet, it would
be accepted. This was because libvirt and firewalld rules were
processed during the same kernel hook, and a single ACCEPT result
would terminate the rule traversal and cause the packet to be
accepted.
But now firewalld can use nftables for its backend, while libvirt's
firewall rules are still using iptables; iptables rules are still
processed, but at a different time during packet processing
(i.e. during a different hook) than the firewalld nftables rules. The
result is that a packet must be accepted by *BOTH* the libvirt
iptables rules *AND* the firewalld nftable rules in order to be
accepted.
This causes pain because
1) libvirt always adds rules to permit DNS and DHCP (and sometimes
TFTP) from guests to the host network's bridge interface. But
libvirt's bridges are in firewalld's "default" zone (which is usually
the zone called "public"). The public zone allows ssh, but doesn't
allow DNS, DHCP, or TFTP. So even though libvirt's rules allow the
DHCP and DNS traffic, the firewalld rules (now processed during a
different hook) dont, thus guests connected to libvirt's bridges can't
acquire an IP address from DHCP, nor can they make DNS queries to the
DNS server libvirt has setup on the host. (This could be solved by
modifying the default firewalld zone to allow DNS and DHCP, but that
would open *all* interfaces in the default zone to those services,
which is most likely not what the host's admin wants.)
2) Even though libvirt adds iptables rules to allow forwarded traffic
to pass the iptables hook, firewalld's higher level "rich rules" don't
yet have the ability to configure the acceptance of forwarded traffic
(traffic that is going somewhere beyond the host), so any traffic that
needs to be forwarded from guests to the network beyond the host is
rejected during the nftables hook by the default zone's "default
reject" policy (which rejects all traffic in the zone not specifically
allowed by the rules in the zone, whether that traffic is destined to
be forwarded or locally received by the host).
libvirt can't send "direct" nftables rules (firewalld only supports
direct/passthrough rules for iptables), so we can't solve this problem
by just sending explicit nftables rules instead of explicit iptables
rules (which, if it could be done, would place libvirt's rules in the
same hook as firewalld's native rules, and thus eliminate the need for
packets to be accepted by both libvirt's and firewalld's own rules).
However, we can take advantage of a quirk in firewalld zones that have
a default policy of "accept" (meaning any packet that doesn't match a
specific rule in the zone will be *accepted*) - this default accept will
also accept forwarded traffic (not just traffic destined for the host).
Of course we don't want to modify firewalld's default zone in that
way, because that would affect the filtering of traffic coming into
the host from other interfaces using that zone. Instead, we will
create a new zone called "libvirt". The libvirt zone will have a
default policy of accept so that forwarded traffic can pass and list
specific services that will be allowed into the host from guests (DNS,
DHCP, SSH, and TFTP).
But the same default accept policy that fixes forwarded traffic also
causes *all* traffic from guest to host to be accepted. To close this
new hole, the libvirt zone can take advantage of a new feature in
firewalld (currently slated for firewalld-0.7.0) - priorities for rich
rules - to add a low priority rule that rejects all local traffic (but
leaves alone all forwarded traffic).
So, our new zone will start with a list of services that are allowed
(dhcp, dns, tftp, and ssh to start, but configurable via any firewalld
management application, or direct editing of the zone file in
/etc/firewalld/zones/libvirt.xml), followed by a low priority
<reject/> rule (to reject all other traffic from guest to host), and
finally with a default policy of accept (to allow forwarded traffic).
This patch only creates the zonefile for the new zone, and implements
a configure.ac option to selectively enable/disable installation of
the new zone. A separate patch contains the necessary code to actually
place bridge interfaces in the libvirt zone.
Why do we need a configure option to disable installation of the new
libvirt zone? It uses a new firewalld attribute that sets the priority
of a rich rule; this feature first appears in firewalld-0.7.0 (unless
it has been backported to am earlier firewalld by a downstream
maintainer). If the file were installed on a system with firewalld
that didn't support rule priorities, firewalld would log an error
every time it restarted, causing confusion and lots of extra bug
reports.
So we add two new configure.ac switches to avoid polluting the system
logs with this error on systems that don't support rule priorities -
"--with-firewalld-zone" and "--without-firewalld-zone". A package
builder can use these to include/exclude the libvirt zone file in the
installation. If firewalld is enabled (--with-firewalld), the default
is --with-firewalld-zone, but it can be disabled during configure
(using --without-firewalld-zone). Targets that are using a firewalld
version too old to support the rule priority setting in the libvirt
zone file can simply add --without-firewalld-zone to their configure
commandline.
These switches only affect whether or not the libvirt zone file is
*installed* in /usr/lib/firewalld/zones, but have no effect on whether
or not libvirt looks for a zone called libvirt and tries to use it.
NB: firewalld zones can only be added to the permanent config of
firewalld, and won't be loaded/enabled until firewalld is restarted,
so at package install/upgrade time we have to restart firewalld. For
rpm-based distros, this is done in the libvirt.spec file by calling
the %firewalld_restart rpm macro, which is a part of the
firewalld-filesystem package. (For distros that don't use rpm
packages, the command "firewalld-cmd --reload" will have the same
effect).
Signed-off-by: Laine Stump <laine@laine.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2019-01-25 23:52:37 -05:00
|
|
|
LIBVIRT_RESULT_FIREWALLD_ZONE
|
2013-01-08 21:06:57 +00:00
|
|
|
LIBVIRT_RESULT_FUSE
|
2019-07-30 10:13:36 +01:00
|
|
|
LIBVIRT_RESULT_GLIB
|
2013-11-19 16:26:05 -07:00
|
|
|
LIBVIRT_RESULT_GLUSTER
|
2016-11-10 14:33:41 +01:00
|
|
|
LIBVIRT_RESULT_GNUTLS
|
2012-09-20 15:39:12 +01:00
|
|
|
LIBVIRT_RESULT_HAL
|
2018-07-31 10:44:20 +02:00
|
|
|
LIBVIRT_RESULT_LIBISCSI
|
2016-12-12 10:07:24 +01:00
|
|
|
LIBVIRT_RESULT_LIBNL
|
2016-12-09 11:01:47 +01:00
|
|
|
LIBVIRT_RESULT_LIBPCAP
|
2016-11-09 15:28:35 +01:00
|
|
|
LIBVIRT_RESULT_LIBSSH
|
2016-12-12 16:18:02 +01:00
|
|
|
LIBVIRT_RESULT_LIBXL
|
2016-12-19 15:11:06 +01:00
|
|
|
LIBVIRT_RESULT_LIBXML
|
2016-12-12 09:59:15 +01:00
|
|
|
LIBVIRT_RESULT_MACVTAP
|
2012-09-20 15:14:52 +01:00
|
|
|
LIBVIRT_RESULT_NETCF
|
2018-04-03 16:39:17 +01:00
|
|
|
LIBVIRT_RESULT_NLS
|
2016-11-10 14:33:41 +01:00
|
|
|
LIBVIRT_RESULT_NSS
|
2012-09-20 13:47:23 +01:00
|
|
|
LIBVIRT_RESULT_NUMACTL
|
2013-01-08 22:08:53 +00:00
|
|
|
LIBVIRT_RESULT_OPENWSMAN
|
2012-09-20 15:34:13 +01:00
|
|
|
LIBVIRT_RESULT_PCIACCESS
|
2016-12-12 10:12:13 +01:00
|
|
|
LIBVIRT_RESULT_PM_UTILS
|
2016-12-12 08:05:18 +01:00
|
|
|
LIBVIRT_RESULT_POLKIT
|
2016-12-07 15:44:08 +01:00
|
|
|
LIBVIRT_RESULT_RBD
|
2013-05-01 20:54:57 -06:00
|
|
|
LIBVIRT_RESULT_READLINE
|
2012-09-20 13:04:57 +01:00
|
|
|
LIBVIRT_RESULT_SANLOCK
|
2012-09-20 13:06:12 +01:00
|
|
|
LIBVIRT_RESULT_SASL
|
2012-09-20 13:21:48 +01:00
|
|
|
LIBVIRT_RESULT_SELINUX
|
2013-01-08 21:47:55 +00:00
|
|
|
LIBVIRT_RESULT_SSH2
|
2012-09-20 15:34:13 +01:00
|
|
|
LIBVIRT_RESULT_UDEV
|
2016-12-13 12:40:48 +01:00
|
|
|
LIBVIRT_RESULT_VIRTUALPORT
|
2016-12-13 12:40:30 +01:00
|
|
|
LIBVIRT_RESULT_XDR
|
2012-09-20 13:03:27 +01:00
|
|
|
LIBVIRT_RESULT_YAJL
|
2016-12-15 11:48:38 +01:00
|
|
|
AC_MSG_NOTICE([])
|
|
|
|
AC_MSG_NOTICE([Windows])
|
|
|
|
AC_MSG_NOTICE([])
|
|
|
|
LIBVIRT_WIN_RESULT_COMMON
|
2016-12-06 13:57:12 +01:00
|
|
|
LIBVIRT_WIN_RESULT_WINDRES
|
2007-09-18 23:36:30 +00:00
|
|
|
AC_MSG_NOTICE([])
|
2008-05-29 15:13:07 +00:00
|
|
|
AC_MSG_NOTICE([Test suite])
|
|
|
|
AC_MSG_NOTICE([])
|
2019-09-07 12:44:31 +02:00
|
|
|
LIBVIRT_RESULT([Coverage], [$enable_test_coverage])
|
2008-05-29 15:13:07 +00:00
|
|
|
AC_MSG_NOTICE([])
|
2007-09-18 23:36:30 +00:00
|
|
|
AC_MSG_NOTICE([Miscellaneous])
|
|
|
|
AC_MSG_NOTICE([])
|
2016-12-13 13:39:36 +01:00
|
|
|
LIBVIRT_RESULT_DEBUG
|
2019-09-07 12:44:31 +02:00
|
|
|
LIBVIRT_RESULT([Use -Werror], [$enable_werror])
|
|
|
|
LIBVIRT_RESULT([Warning Flags], [$WARN_CFLAGS])
|
2016-11-30 14:34:57 +01:00
|
|
|
LIBVIRT_RESULT_DTRACE
|
2016-12-12 13:54:35 +01:00
|
|
|
LIBVIRT_RESULT_NUMAD
|
2016-05-02 13:27:47 +02:00
|
|
|
LIBVIRT_RESULT_INIT_SCRIPT
|
2016-12-13 13:45:25 +01:00
|
|
|
LIBVIRT_RESULT_CHRDEV_LOCK_FILES
|
2016-12-09 11:04:33 +01:00
|
|
|
LIBVIRT_RESULT_DEFAULT_EDITOR
|
2016-12-15 13:39:21 +01:00
|
|
|
LIBVIRT_RESULT_LOADER_NVRAM
|
2016-12-14 16:51:30 +01:00
|
|
|
LIBVIRT_RESULT_LOGIN_SHELL
|
|
|
|
LIBVIRT_RESULT_HOST_VALIDATE
|
2016-12-14 16:33:57 +01:00
|
|
|
LIBVIRT_RESULT_TLS_PRIORITY
|
2007-09-18 23:36:30 +00:00
|
|
|
AC_MSG_NOTICE([])
|
2014-01-16 02:06:58 +09:00
|
|
|
AC_MSG_NOTICE([Developer Tools])
|
|
|
|
AC_MSG_NOTICE([])
|
2016-12-13 12:40:05 +01:00
|
|
|
LIBVIRT_RESULT_WIRESHARK
|
2014-01-16 02:06:58 +09:00
|
|
|
AC_MSG_NOTICE([])
|
2009-07-15 22:25:01 +01:00
|
|
|
AC_MSG_NOTICE([Privileges])
|
|
|
|
AC_MSG_NOTICE([])
|
2016-12-12 15:35:07 +01:00
|
|
|
LIBVIRT_RESULT_QEMU_PRIVILEGES
|
2009-07-24 16:17:06 +02:00
|
|
|
AC_MSG_NOTICE([])
|