mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-30 09:53:10 +00:00
0f33025a43
virt-aa-helper needs read access to the disk image to resolve symlinks and add the proper rules to the profile. Its profile whitelists a few common paths, but users can place their images anywhere. This commit helps users allowing access to their images by adding their own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper. This commit also adds rules to allow reading files named: - *.raw as this is a rather common disk image extension - /run/libvirt/**[vd]d[a-z] as these are used by virt-sandbox
125 lines
4.0 KiB
Makefile
125 lines
4.0 KiB
Makefile
## Process this file with automake to produce Makefile.in
|
|
|
|
## Copyright (C) 2005-2016 Red Hat, Inc.
|
|
##
|
|
## This library is free software; you can redistribute it and/or
|
|
## modify it under the terms of the GNU Lesser General Public
|
|
## License as published by the Free Software Foundation; either
|
|
## version 2.1 of the License, or (at your option) any later version.
|
|
##
|
|
## This library is distributed in the hope that it will be useful,
|
|
## but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
## Lesser General Public License for more details.
|
|
##
|
|
## You should have received a copy of the GNU Lesser General Public
|
|
## License along with this library. If not, see
|
|
## <http://www.gnu.org/licenses/>.
|
|
|
|
FILTERS = $(wildcard $(srcdir)/xml/nwfilter/*.xml)
|
|
|
|
EXTRA_DIST = \
|
|
apparmor/TEMPLATE.qemu \
|
|
apparmor/TEMPLATE.lxc \
|
|
apparmor/libvirt-qemu \
|
|
apparmor/libvirt-lxc \
|
|
apparmor/usr.lib.libvirt.virt-aa-helper \
|
|
apparmor/usr.sbin.libvirtd \
|
|
lxcconvert/virt-lxc-convert \
|
|
polkit/libvirt-acl.rules \
|
|
$(wildcard $(srcdir)/systemtap/*.stp) \
|
|
$(FILTERS) \
|
|
$(wildcard $(srcdir)/xml/storage/*.xml) \
|
|
$(wildcard $(srcdir)/xml/test/*.xml)
|
|
|
|
|
|
INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir) \
|
|
-I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib
|
|
LDADD = $(STATIC_BINARIES) $(WARN_CFLAGS) $(COVERAGE_LDFLAGS) \
|
|
$(top_builddir)/src/libvirt.la $(top_builddir)/gnulib/lib/libgnu.la \
|
|
$(top_builddir)/src/libvirt-admin.la
|
|
|
|
noinst_PROGRAMS=dominfo/info1 dommigrate/dommigrate domsuspend/suspend \
|
|
domtop/domtop hellolibvirt/hellolibvirt object-events/event-test \
|
|
openauth/openauth rename/rename admin/list_servers admin/list_clients \
|
|
admin/threadpool_params admin/client_limits admin/client_info \
|
|
admin/client_close admin/logging
|
|
|
|
dominfo_info1_SOURCES = dominfo/info1.c
|
|
dommigrate_dommigrate_SOURCES = dommigrate/dommigrate.c
|
|
domsuspend_suspend_SOURCES = domsuspend/suspend.c
|
|
domtop_domtop_SOURCES = domtop/domtop.c
|
|
hellolibvirt_hellolibvirt_SOURCES = hellolibvirt/hellolibvirt.c
|
|
|
|
object_events_event_test_CFLAGS = \
|
|
$(WARN_CFLAGS) \
|
|
$(NULL)
|
|
object_events_event_test_SOURCES = object-events/event-test.c
|
|
|
|
openauth_openauth_SOURCES = openauth/openauth.c
|
|
rename_rename_SOURCES = rename/rename.c
|
|
|
|
admin_list_servers_SOURCES = admin/list_servers.c
|
|
admin_list_clients_SOURCES = admin/list_clients.c
|
|
admin_threadpool_params_SOURCES = admin/threadpool_params.c
|
|
admin_client_limits_SOURCES = admin/client_limits.c
|
|
admin_client_info_SOURCES = admin/client_info.c
|
|
admin_client_close_SOURCES = admin/client_close.c
|
|
admin_logging_SOURCES = admin/logging.c
|
|
|
|
INSTALL_DATA_LOCAL =
|
|
UNINSTALL_LOCAL =
|
|
|
|
if WITH_APPARMOR_PROFILES
|
|
apparmordir = $(sysconfdir)/apparmor.d/
|
|
apparmor_DATA = \
|
|
apparmor/usr.lib.libvirt.virt-aa-helper \
|
|
apparmor/usr.sbin.libvirtd \
|
|
$(NULL)
|
|
|
|
abstractionsdir = $(apparmordir)/abstractions
|
|
abstractions_DATA = \
|
|
apparmor/libvirt-qemu \
|
|
apparmor/libvirt-lxc \
|
|
$(NULL)
|
|
|
|
templatesdir = $(apparmordir)/libvirt
|
|
templates_DATA = \
|
|
apparmor/TEMPLATE.qemu \
|
|
apparmor/TEMPLATE.lxc \
|
|
$(NULL)
|
|
|
|
APPARMOR_LOCAL_DIR = "$(DESTDIR)$(apparmordir)/local"
|
|
install-apparmor-local:
|
|
$(MKDIR_P) "$(APPARMOR_LOCAL_DIR)"
|
|
echo "# Site-specific additions and overrides for \
|
|
'usr.lib.libvirt.virt-aa-helper'" \
|
|
>$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper
|
|
|
|
INSTALL_DATA_LOCAL += install-apparmor-local
|
|
UNINSTALL_LOCAL += uninstall-apparmor-local
|
|
endif WITH_APPARMOR_PROFILES
|
|
|
|
if WITH_NWFILTER
|
|
NWFILTER_DIR = "$(DESTDIR)$(sysconfdir)/libvirt/nwfilter"
|
|
|
|
install-nwfilter-local:
|
|
$(MKDIR_P) "$(NWFILTER_DIR)"
|
|
for f in $(FILTERS); do \
|
|
$(INSTALL_DATA) $$f "$(NWFILTER_DIR)"; \
|
|
done
|
|
|
|
uninstall-nwfilter-local::
|
|
for f in $(FILTERS); do \
|
|
rm -f "$(NWFILTER_DIR)/`basename $$f`"; \
|
|
done
|
|
-test -z "$(shell ls $(NWFILTER_DIR))" || rmdir $(NWFILTER_DIR)
|
|
|
|
INSTALL_DATA_LOCAL += install-nwfilter-local
|
|
UNINSTALL_LOCAL += uninstall-nwfilter-local
|
|
endif WITH_NWFILTER
|
|
|
|
install-data-local: $(INSTALL_DATA_LOCAL)
|
|
|
|
uninstall-local: $(UNINSTALL_LOCAL)
|