mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-02-22 11:22:23 +00:00
Convert selinux check to use LIBVIRT_CHECK_LIB
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange
parent
63f18f3786
commit
98de5f3e5d
62
configure.ac
62
configure.ac
@ -158,6 +158,7 @@ LIBVIRT_COMPILE_WARNINGS
|
||||
LIBVIRT_CHECK_AUDIT
|
||||
LIBVIRT_CHECK_SANLOCK
|
||||
LIBVIRT_CHECK_SASL
|
||||
LIBVIRT_CHECK_SELINUX
|
||||
LIBVIRT_CHECK_YAJL
|
||||
|
||||
AC_MSG_CHECKING([for CPUID instruction])
|
||||
@ -1246,61 +1247,6 @@ fi
|
||||
AM_CONDITIONAL([VIR_CHRDEV_LOCK_FILE_PATH], [test "$with_chrdev_lock_files" != "no"])
|
||||
|
||||
|
||||
dnl SELinux
|
||||
AC_ARG_WITH([selinux],
|
||||
AC_HELP_STRING([--with-selinux], [use SELinux to manage security @<:@default=check@:>@]),
|
||||
[],
|
||||
[with_selinux=check])
|
||||
AC_ARG_WITH([selinux_mount],
|
||||
AC_HELP_STRING([--with-selinux-mount], [set SELinux mount point @<:@default=check@:>@]),
|
||||
[],
|
||||
[with_selinux_mount=check])
|
||||
|
||||
SELINUX_CFLAGS=
|
||||
SELINUX_LIBS=
|
||||
if test "$with_selinux" != "no"; then
|
||||
old_cflags="$CFLAGS"
|
||||
old_libs="$LIBS"
|
||||
if test "$with_selinux" = "check"; then
|
||||
AC_CHECK_HEADER([selinux/selinux.h],[],[with_selinux=no])
|
||||
AC_CHECK_LIB([selinux], [fgetfilecon_raw],[],[with_selinux=no])
|
||||
if test "$with_selinux" != "no"; then
|
||||
with_selinux="yes"
|
||||
fi
|
||||
else
|
||||
fail=0
|
||||
AC_CHECK_HEADER([selinux/selinux.h],[],[fail=1])
|
||||
AC_CHECK_LIB([selinux], [fgetfilecon_raw],[],[fail=1])
|
||||
test $fail = 1 &&
|
||||
AC_MSG_ERROR([You must install the libselinux development package in order to compile libvirt with basic SELinux support])
|
||||
fi
|
||||
CFLAGS="$old_cflags"
|
||||
LIBS="$old_libs"
|
||||
fi
|
||||
if test "$with_selinux" = "yes"; then
|
||||
AC_MSG_CHECKING([SELinux mount point])
|
||||
if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then
|
||||
SELINUX_MOUNT=/sys/fs/selinux
|
||||
if ! test -d ${SELINUX_MOUNT} && test -d /selinux ; then
|
||||
SELINUX_MOUNT=/selinux
|
||||
fi
|
||||
else
|
||||
SELINUX_MOUNT=$with_selinux_mount
|
||||
fi
|
||||
AC_MSG_RESULT([$SELINUX_MOUNT])
|
||||
|
||||
SELINUX_LIBS="-lselinux"
|
||||
AC_DEFINE_UNQUOTED([SELINUX_MOUNT], ["$SELINUX_MOUNT"], [SELinux mount point])
|
||||
AC_DEFINE_UNQUOTED([WITH_SELINUX], 1, [whether basic SELinux functionality is available])
|
||||
dnl We prefer to use <selinux/label.h> and selabel_open, but can fall
|
||||
dnl back to matchpathcon for the sake of RHEL 5's version of libselinux.
|
||||
AC_CHECK_HEADERS([selinux/label.h])
|
||||
fi
|
||||
AM_CONDITIONAL([WITH_SELINUX], [test "$with_selinux" != "no"])
|
||||
AC_SUBST([SELINUX_CFLAGS])
|
||||
AC_SUBST([SELINUX_LIBS])
|
||||
|
||||
|
||||
AC_ARG_WITH([secdriver-selinux],
|
||||
AC_HELP_STRING([--with-secdriver-selinux], [use SELinux security driver @<:@default=check@:>@]),
|
||||
[],
|
||||
@ -2944,6 +2890,7 @@ AC_MSG_NOTICE([])
|
||||
LIBVIRT_RESULT_AUDIT
|
||||
LIBVIRT_RESULT_SANLOCK
|
||||
LIBVIRT_RESULT_SASL
|
||||
LIBVIRT_RESULT_SELINUX
|
||||
LIBVIRT_RESULT_YAJL
|
||||
AC_MSG_NOTICE([ libxml: $LIBXML_CFLAGS $LIBXML_LIBS])
|
||||
AC_MSG_NOTICE([ dlopen: $DLOPEN_LIBS])
|
||||
@ -2982,11 +2929,6 @@ fi
|
||||
else
|
||||
AC_MSG_NOTICE([ polkit: no])
|
||||
fi
|
||||
if test "$with_selinux" = "yes" ; then
|
||||
AC_MSG_NOTICE([ selinux: $SELINUX_CFLAGS $SELINUX_LIBS])
|
||||
else
|
||||
AC_MSG_NOTICE([ selinux: no])
|
||||
fi
|
||||
if test "$with_apparmor" = "yes" ; then
|
||||
AC_MSG_NOTICE([apparmor: $APPARMOR_CFLAGS $APPARMOR_LIBS])
|
||||
else
|
||||
|
||||
51
m4/virt-selinux.m4
Normal file
51
m4/virt-selinux.m4
Normal file
@ -0,0 +1,51 @@
|
||||
dnl The libselinux.so library
|
||||
dnl
|
||||
dnl Copyright (C) 2012-2013 Red Hat, Inc.
|
||||
dnl
|
||||
dnl This library is free software; you can redistribute it and/or
|
||||
dnl modify it under the terms of the GNU Lesser General Public
|
||||
dnl License as published by the Free Software Foundation; either
|
||||
dnl version 2.1 of the License, or (at your option) any later version.
|
||||
dnl
|
||||
dnl This library is distributed in the hope that it will be useful,
|
||||
dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
dnl Lesser General Public License for more details.
|
||||
dnl
|
||||
dnl You should have received a copy of the GNU Lesser General Public
|
||||
dnl License along with this library. If not, see
|
||||
dnl <http://www.gnu.org/licenses/>.
|
||||
dnl
|
||||
|
||||
AC_DEFUN([LIBVIRT_CHECK_SELINUX],[
|
||||
LIBVIRT_CHECK_LIB([SELINUX], [selinux],
|
||||
[fgetfilecon_raw], [selinux/selinux.h])
|
||||
|
||||
AC_ARG_WITH([selinux_mount],
|
||||
AC_HELP_STRING([--with-selinux-mount], [set SELinux mount point @<:@default=check@:>@]),
|
||||
[],
|
||||
[with_selinux_mount=check])
|
||||
|
||||
if test "$with_selinux" = "yes"; then
|
||||
AC_MSG_CHECKING([SELinux mount point])
|
||||
if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then
|
||||
if test -d /sys/fs/selinux ; then
|
||||
SELINUX_MOUNT=/sys/fs/selinux
|
||||
else
|
||||
SELINUX_MOUNT=/selinux
|
||||
fi
|
||||
else
|
||||
SELINUX_MOUNT=$with_selinux_mount
|
||||
fi
|
||||
AC_MSG_RESULT([$SELINUX_MOUNT])
|
||||
AC_DEFINE_UNQUOTED([SELINUX_MOUNT], ["$SELINUX_MOUNT"], [SELinux mount point])
|
||||
|
||||
dnl We prefer to use <selinux/label.h> and selabel_open, but can fall
|
||||
dnl back to matchpathcon for the sake of RHEL 5's version of libselinux.
|
||||
AC_CHECK_HEADERS([selinux/label.h])
|
||||
fi
|
||||
])
|
||||
|
||||
AC_DEFUN([LIBVIRT_RESULT_SELINUX],[
|
||||
LIBVIRT_RESULT_LIB([SELINUX])
|
||||
])
|
||||
Loading…
x
Reference in New Issue
Block a user