mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-08-28 03:21:19 +00:00
Convert apparmor check to use LIBVIRT_CHECK_LIB
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
parent
98de5f3e5d
commit
766ace80d6
70
configure.ac
70
configure.ac
@ -155,6 +155,7 @@ AC_MSG_RESULT([$VERSION_SCRIPT_FLAGS])
|
|||||||
|
|
||||||
LIBVIRT_COMPILE_WARNINGS
|
LIBVIRT_COMPILE_WARNINGS
|
||||||
|
|
||||||
|
LIBVIRT_CHECK_APPARMOR
|
||||||
LIBVIRT_CHECK_AUDIT
|
LIBVIRT_CHECK_AUDIT
|
||||||
LIBVIRT_CHECK_SANLOCK
|
LIBVIRT_CHECK_SANLOCK
|
||||||
LIBVIRT_CHECK_SASL
|
LIBVIRT_CHECK_SASL
|
||||||
@ -1286,46 +1287,6 @@ fi
|
|||||||
AM_CONDITIONAL([WITH_SECDRIVER_SELINUX], [test "$with_secdriver_selinux" != "no"])
|
AM_CONDITIONAL([WITH_SECDRIVER_SELINUX], [test "$with_secdriver_selinux" != "no"])
|
||||||
|
|
||||||
|
|
||||||
dnl AppArmor
|
|
||||||
AC_ARG_WITH([apparmor],
|
|
||||||
AC_HELP_STRING([--with-apparmor], [use AppArmor to manage security @<:@default=check@:>@]),
|
|
||||||
[],
|
|
||||||
[with_apparmor=check])
|
|
||||||
|
|
||||||
APPARMOR_CFLAGS=
|
|
||||||
APPARMOR_LIBS=
|
|
||||||
if test "$with_apparmor" != "no"; then
|
|
||||||
old_cflags="$CFLAGS"
|
|
||||||
old_libs="$LIBS"
|
|
||||||
if test "$with_apparmor" = "check"; then
|
|
||||||
AC_CHECK_HEADER([sys/apparmor.h],[],[with_apparmor=no])
|
|
||||||
AC_CHECK_LIB([apparmor], [aa_change_profile],[],[with_apparmor=no])
|
|
||||||
AC_CHECK_LIB([apparmor], [aa_change_hat],[],[with_apparmor=no])
|
|
||||||
if test "$with_apparmor" != "no"; then
|
|
||||||
with_apparmor="yes"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
fail=0
|
|
||||||
AC_CHECK_HEADER([sys/apparmor.h],[],[fail=1])
|
|
||||||
AC_CHECK_LIB([apparmor], [aa_change_profile],[],[fail=1])
|
|
||||||
AC_CHECK_LIB([apparmor], [aa_change_hat],[],[fail=1])
|
|
||||||
test $fail = 1 &&
|
|
||||||
AC_MSG_ERROR([You must install the AppArmor development package in order to compile libvirt])
|
|
||||||
fi
|
|
||||||
CFLAGS="$old_cflags"
|
|
||||||
LIBS="$old_libs"
|
|
||||||
fi
|
|
||||||
if test "$with_apparmor" = "yes"; then
|
|
||||||
APPARMOR_LIBS="-lapparmor"
|
|
||||||
AC_DEFINE_UNQUOTED([HAVE_APPARMOR], 1, [whether AppArmor is available for security])
|
|
||||||
AC_DEFINE_UNQUOTED([APPARMOR_DIR], "/etc/apparmor.d", [path to apparmor directory])
|
|
||||||
AC_DEFINE_UNQUOTED([APPARMOR_PROFILES_PATH], "/sys/kernel/security/apparmor/profiles", [path to kernel profiles])
|
|
||||||
fi
|
|
||||||
AM_CONDITIONAL([HAVE_APPARMOR], [test "$with_apparmor" != "no"])
|
|
||||||
AC_SUBST([APPARMOR_CFLAGS])
|
|
||||||
AC_SUBST([APPARMOR_LIBS])
|
|
||||||
|
|
||||||
|
|
||||||
AC_ARG_WITH([secdriver-apparmor],
|
AC_ARG_WITH([secdriver-apparmor],
|
||||||
AC_HELP_STRING([--with-secdriver-apparmor], [use AppArmor security driver @<:@default=check@:>@]),
|
AC_HELP_STRING([--with-secdriver-apparmor], [use AppArmor security driver @<:@default=check@:>@]),
|
||||||
[],
|
[],
|
||||||
@ -1339,27 +1300,8 @@ if test "$with_apparmor" != "yes" ; then
|
|||||||
AC_MSG_ERROR([You must install the AppArmor development package in order to compile libvirt])
|
AC_MSG_ERROR([You must install the AppArmor development package in order to compile libvirt])
|
||||||
fi
|
fi
|
||||||
elif test "with_secdriver_apparmor" != "no" ; then
|
elif test "with_secdriver_apparmor" != "no" ; then
|
||||||
old_cflags="$CFLAGS"
|
with_secdriver_apparmor=yes
|
||||||
old_libs="$LIBS"
|
AC_DEFINE_UNQUOTED([WITH_SECDRIVER_APPARMOR], 1, [whether AppArmor security driver is available])
|
||||||
CFLAGS="$CFLAGS $APPARMOR_CFLAGS"
|
|
||||||
LIBS="$CFLAGS $APPARMOR_LIBS"
|
|
||||||
|
|
||||||
fail=0
|
|
||||||
AC_CHECK_FUNC([change_hat], [], [fail=1])
|
|
||||||
AC_CHECK_FUNC([aa_change_profile], [], [fail=1])
|
|
||||||
CFLAGS="$old_cflags"
|
|
||||||
LIBS="$old_libs"
|
|
||||||
|
|
||||||
if test "$fail" = "1" ; then
|
|
||||||
if test "$with_secdriver_apparmor" = "check" ; then
|
|
||||||
with_secdriver_apparmor=no
|
|
||||||
else
|
|
||||||
AC_MSG_ERROR([You must install the AppArmor development package in order to compile libvirt])
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
with_secdriver_apparmor=yes
|
|
||||||
AC_DEFINE_UNQUOTED([WITH_SECDRIVER_APPARMOR], 1, [whether AppArmor security driver is available])
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
AM_CONDITIONAL([WITH_SECDRIVER_APPARMOR], [test "$with_secdriver_apparmor" != "no"])
|
AM_CONDITIONAL([WITH_SECDRIVER_APPARMOR], [test "$with_secdriver_apparmor" != "no"])
|
||||||
|
|
||||||
@ -2887,6 +2829,7 @@ fi
|
|||||||
AC_MSG_NOTICE([])
|
AC_MSG_NOTICE([])
|
||||||
AC_MSG_NOTICE([Libraries])
|
AC_MSG_NOTICE([Libraries])
|
||||||
AC_MSG_NOTICE([])
|
AC_MSG_NOTICE([])
|
||||||
|
LIBVIRT_RESULT_APPARMOR
|
||||||
LIBVIRT_RESULT_AUDIT
|
LIBVIRT_RESULT_AUDIT
|
||||||
LIBVIRT_RESULT_SANLOCK
|
LIBVIRT_RESULT_SANLOCK
|
||||||
LIBVIRT_RESULT_SASL
|
LIBVIRT_RESULT_SASL
|
||||||
@ -2929,11 +2872,6 @@ fi
|
|||||||
else
|
else
|
||||||
AC_MSG_NOTICE([ polkit: no])
|
AC_MSG_NOTICE([ polkit: no])
|
||||||
fi
|
fi
|
||||||
if test "$with_apparmor" = "yes" ; then
|
|
||||||
AC_MSG_NOTICE([apparmor: $APPARMOR_CFLAGS $APPARMOR_LIBS])
|
|
||||||
else
|
|
||||||
AC_MSG_NOTICE([apparmor: no])
|
|
||||||
fi
|
|
||||||
if test "$with_numactl" = "yes" ; then
|
if test "$with_numactl" = "yes" ; then
|
||||||
AC_MSG_NOTICE([ numactl: $NUMACTL_CFLAGS $NUMACTL_LIBS])
|
AC_MSG_NOTICE([ numactl: $NUMACTL_CFLAGS $NUMACTL_LIBS])
|
||||||
else
|
else
|
||||||
|
42
m4/virt-apparmor.m4
Normal file
42
m4/virt-apparmor.m4
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
dnl The libapparmor.so library
|
||||||
|
dnl
|
||||||
|
dnl Copyright (C) 2012-2013 Red Hat, Inc.
|
||||||
|
dnl
|
||||||
|
dnl This library is free software; you can redistribute it and/or
|
||||||
|
dnl modify it under the terms of the GNU Lesser General Public
|
||||||
|
dnl License as published by the Free Software Foundation; either
|
||||||
|
dnl version 2.1 of the License, or (at your option) any later version.
|
||||||
|
dnl
|
||||||
|
dnl This library is distributed in the hope that it will be useful,
|
||||||
|
dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
dnl Lesser General Public License for more details.
|
||||||
|
dnl
|
||||||
|
dnl You should have received a copy of the GNU Lesser General Public
|
||||||
|
dnl License along with this library. If not, see
|
||||||
|
dnl <http://www.gnu.org/licenses/>.
|
||||||
|
dnl
|
||||||
|
|
||||||
|
AC_DEFUN([LIBVIRT_CHECK_APPARMOR],[
|
||||||
|
LIBVIRT_CHECK_LIB([APPARMOR], [apparmor],
|
||||||
|
[aa_change_profile], [sys/apparmor.h])
|
||||||
|
|
||||||
|
AC_ARG_WITH([apparmor_mount],
|
||||||
|
AC_HELP_STRING([--with-apparmor-mount],
|
||||||
|
[set AppArmor mount point @<:@default=check@:>@]),
|
||||||
|
[],
|
||||||
|
[with_apparmor_mount=check])
|
||||||
|
|
||||||
|
if test "$with_apparmor" = "yes"; then
|
||||||
|
AC_DEFINE_UNQUOTED([APPARMOR_DIR],
|
||||||
|
"/etc/apparmor.d",
|
||||||
|
[path to apparmor directory])
|
||||||
|
AC_DEFINE_UNQUOTED([APPARMOR_PROFILES_PATH],
|
||||||
|
"/sys/kernel/security/apparmor/profiles",
|
||||||
|
[path to kernel profiles])
|
||||||
|
fi
|
||||||
|
])
|
||||||
|
|
||||||
|
AC_DEFUN([LIBVIRT_RESULT_APPARMOR],[
|
||||||
|
LIBVIRT_RESULT_LIB([APPARMOR])
|
||||||
|
])
|
Loading…
Reference in New Issue
Block a user