Probe for capng in configure, and set some RPM spec rules. Trivial
boring stuff.
Daniel
diff -r 57a8eb45975e configure.in
--- a/configure.in Mon Jun 22 11:54:49 2009 +0000
+++ b/configure.in Mon Jun 22 19:00:54 2009 +0100
@@ -749,6 +749,49 @@ AM_CONDITIONAL([HAVE_NUMACTL], [test "$w
AC_SUBST([NUMACTL_CFLAGS])
AC_SUBST([NUMACTL_LIBS])
+
+
+dnl libcap-ng
+AC_ARG_WITH([capng],
+ [ --with-capng use libcap-ng to reduce libvirtd privileges],
+ [],
+ [with_capng=check])
+
+dnl
+dnl This check looks for 'capng_updatev' since that was
+dnl introduced in 0.4.0 release which need as minimum
+dnl
+CAPNG_CFLAGS=
+CAPNG_LIBS=
+if test "$with_qemu" = "yes" -a "$with_capng" != "no"; then
+ old_cflags="$CFLAGS"
+ old_libs="$LIBS"
+ if test "$with_capng" = "check"; then
+ AC_CHECK_HEADER([cap-ng.h],[],[with_capng=no])
+ AC_CHECK_LIB([cap-ng], [capng_updatev],[],[with_capng=no])
+ if test "$with_capng" != "no"; then
+ with_capng="yes"
+ fi
+ else
+ fail=0
+ AC_CHECK_HEADER([cap-ng.h],[],[fail=1])
+ AC_CHECK_LIB([cap-ng], [capng_updatev],[],[fail=1])
+ test $fail = 1 &&
+ AC_MSG_ERROR([You must install the capng >= 0.4.0 development package in order to compile and run libvirt])
+ fi
+ CFLAGS="$old_cflags"
+ LIBS="$old_libs"
+fi
+if test "$with_capng" = "yes"; then
+ CAPNG_LIBS="-lcap-ng"
+ AC_DEFINE_UNQUOTED([HAVE_CAPNG], 1, [whether capng is available for privilege reduction])
+fi
+AM_CONDITIONAL([HAVE_CAPNG], [test "$with_capng" != "no"])
+AC_SUBST([CAPNG_CFLAGS])
+AC_SUBST([CAPNG_LIBS])
+
+
+
dnl virsh libraries
AC_CHECK_HEADERS([readline/readline.h])
@@ -1473,6 +1516,11 @@ AC_MSG_NOTICE([ numactl: $NUMACTL_CFLAGS
else
AC_MSG_NOTICE([ numactl: no])
fi
+if test "$with_capng" = "yes" ; then
+AC_MSG_NOTICE([ capng: $CAPNG_CFLAGS $CAPNG_LIBS])
+else
+AC_MSG_NOTICE([ capng: no])
+fi
if test "$with_xen" = "yes" ; then
AC_MSG_NOTICE([ xen: $XEN_CFLAGS $XEN_LIBS])
else
diff -r 57a8eb45975e libvirt.spec.in
--- a/libvirt.spec.in Mon Jun 22 11:54:49 2009 +0000
+++ b/libvirt.spec.in Mon Jun 22 19:00:54 2009 +0100
@@ -7,7 +7,8 @@
%define with_lxc 0%{!?_without_lxc:1}
%define with_sasl 0%{!?_without_sasl:1}
%define with_avahi 0%{!?_without_avahi:1}
-%define with_polkit 0%{!?_without_polkit:1}
+# default to off
+%define with_polkit 0%{!?_without_polkit:0}
%define with_python 0%{!?_without_python:1}
%define with_libvirtd 0%{!?_without_libvirtd:1}
%define with_uml 0%{!?_without_uml:1}
@@ -17,6 +18,8 @@
%define with_storage_iscsi 0%{!?_without_storage_iscsi:1}
%define with_storage_disk 0%{!?_without_storage_disk:1}
%define with_numactl 0%{!?_without_numactl:1}
+# default to off
+%define with_capng 0%{!?_without_capng:0}
# Xen is available only on i386 x86_64 ia64
%ifnarch i386 i586 i686 x86_64 ia64
@@ -38,6 +41,10 @@
%define with_xen_proxy 0
%endif
+%if 0%{?fedora} >= 12
+%define with_capng 0%{!?_without_capng:1}
+%endif
+
#
# If building on RHEL switch on the specific support
# for the specific Xen version
@@ -162,6 +169,9 @@ BuildRequires: parted-devel
# For QEMU/LXC numa info
BuildRequires: numactl-devel
%endif
+%if %{with_capng}
+BuildRequires: capng-devel >= 0.5.0
+%endif
Obsoletes: libvir
# Fedora build root suckage
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list