diff --git a/configure.ac b/configure.ac index 0710c9bd2b..d6f5b43b1e 100644 --- a/configure.ac +++ b/configure.ac @@ -536,40 +536,9 @@ dnl Need to test if pkg-config exists PKG_PROG_PKG_CONFIG -LIBVIRT_ARG_WITH_ALT([SECDRIVER_SELINUX], [use SELinux security driver], [check]) - -if test "$with_selinux" != "yes" ; then - if test "$with_secdriver_selinux" = "check" ; then - with_secdriver_selinux=no - fi - if test "$with_secdriver_selinux" != "no"; then - AC_MSG_ERROR([You must install the libselinux development package and enable SELinux with the --with-selinux=yes in order to compile libvirt --with-secdriver-selinux=yes]) - fi -elif test "$with_secdriver_selinux" != "no"; then - old_CFLAGS="$CFLAGS" - old_LIBS="$LIBS" - CFLAGS="$CFLAGS $SELINUX_CFLAGS" - LIBS="$CFLAGS $SELINUX_LIBS" - - fail=0 - AC_CHECK_FUNC([selinux_virtual_domain_context_path], [], [fail=1]) - AC_CHECK_FUNC([selinux_virtual_image_context_path], [], [fail=1]) - AC_CHECK_FUNCS([selinux_lxc_contexts_path]) - CFLAGS="$old_CFLAGS" - LIBS="$old_LIBS" - - if test "$fail" = "1" ; then - if test "$with_secdriver_selinux" = "check" ; then - with_secdriver_selinux=no - else - AC_MSG_ERROR([You must install libselinux development package >= 2.0.82 in order to compile libvirt --with-secdriver-selinux=yes]) - fi - else - with_secdriver_selinux=yes - AC_DEFINE_UNQUOTED([WITH_SECDRIVER_SELINUX], 1, [whether SELinux security driver is available]) - fi -fi -AM_CONDITIONAL([WITH_SECDRIVER_SELINUX], [test "$with_secdriver_selinux" != "no"]) +dnl Security driver checks +LIBVIRT_SECDRIVER_ARG_SELINUX +LIBVIRT_SECDRIVER_CHECK_SELINUX LIBVIRT_ARG_WITH_ALT([SECDRIVER_APPARMOR], [use AppArmor security driver], [check]) @@ -1252,7 +1221,7 @@ AC_MSG_NOTICE([ ZFS: $with_storage_zfs]) AC_MSG_NOTICE([]) AC_MSG_NOTICE([Security Drivers]) AC_MSG_NOTICE([]) -AC_MSG_NOTICE([ SELinux: $with_secdriver_selinux ($SELINUX_MOUNT)]) +LIBVIRT_SECDRIVER_RESULT_SELINUX AC_MSG_NOTICE([AppArmor: $with_secdriver_apparmor (install profiles: $with_apparmor_profiles)]) AC_MSG_NOTICE([]) AC_MSG_NOTICE([Driver Loadable Modules]) diff --git a/m4/virt-secdriver-selinux.m4 b/m4/virt-secdriver-selinux.m4 new file mode 100644 index 0000000000..f7220cbecf --- /dev/null +++ b/m4/virt-secdriver-selinux.m4 @@ -0,0 +1,63 @@ +dnl The SElinux security driver +dnl +dnl Copyright (C) 2016 Red Hat, Inc. +dnl +dnl This library is free software; you can redistribute it and/or +dnl modify it under the terms of the GNU Lesser General Public +dnl License as published by the Free Software Foundation; either +dnl version 2.1 of the License, or (at your option) any later version. +dnl +dnl This library is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +dnl Lesser General Public License for more details. +dnl +dnl You should have received a copy of the GNU Lesser General Public +dnl License along with this library. If not, see +dnl . +dnl + +AC_DEFUN([LIBVIRT_SECDRIVER_ARG_SELINUX], [ + LIBVIRT_ARG_WITH_ALT([SECDRIVER_SELINUX], [use SELinux security driver], [check]) +]) + +AC_DEFUN([LIBVIRT_SECDRIVER_CHECK_SELINUX], [ + AC_REQUIRE([LIBVIRT_CHECK_SELINUX]) + + if test "$with_selinux" != "yes" ; then + if test "$with_secdriver_selinux" = "check" ; then + with_secdriver_selinux=no + fi + if test "$with_secdriver_selinux" != "no"; then + AC_MSG_ERROR([You must install the libselinux development package and enable SELinux with the --with-selinux=yes in order to compile libvirt --with-secdriver-selinux=yes]) + fi + elif test "$with_secdriver_selinux" != "no"; then + old_CFLAGS="$CFLAGS" + old_LIBS="$LIBS" + CFLAGS="$CFLAGS $SELINUX_CFLAGS" + LIBS="$CFLAGS $SELINUX_LIBS" + + fail=0 + AC_CHECK_FUNC([selinux_virtual_domain_context_path], [], [fail=1]) + AC_CHECK_FUNC([selinux_virtual_image_context_path], [], [fail=1]) + AC_CHECK_FUNCS([selinux_lxc_contexts_path]) + CFLAGS="$old_CFLAGS" + LIBS="$old_LIBS" + + if test "$fail" = "1" ; then + if test "$with_secdriver_selinux" = "check" ; then + with_secdriver_selinux=no + else + AC_MSG_ERROR([You must install libselinux development package >= 2.0.82 in order to compile libvirt --with-secdriver-selinux=yes]) + fi + else + with_secdriver_selinux=yes + AC_DEFINE_UNQUOTED([WITH_SECDRIVER_SELINUX], 1, [whether SELinux security driver is available]) + fi + fi + AM_CONDITIONAL([WITH_SECDRIVER_SELINUX], [test "$with_secdriver_selinux" != "no"]) +]) + +AC_DEFUN([LIBVIRT_SECDRIVER_RESULT_SELINUX], [ + LIBVIRT_RESULT([SELinux], [$with_secdriver_selinux]) +])