On Tue, 08 Sep 2009, Jamie Strandboge wrote: > > [PATCH 6] > > patch_6_autoconf.patch: > > Updates Makefile.am and configure.in for AppArmor. It is based on and > > should operate the same as the SELinux configuration. > > -- Jamie Strandboge | http://www.canonical.com
diff -Nurp ./libvirt.orig/configure.in ./libvirt/configure.in
--- ./libvirt.orig/configure.in 2009-09-08 12:59:59.000000000 -0500
+++ ./libvirt/configure.in 2009-09-08 15:32:22.000000000 -0500
@@ -799,6 +799,84 @@ fi
AM_CONDITIONAL([WITH_SECDRIVER_SELINUX], [test "$with_secdriver_selinux" != "no"])
+dnl AppArmor
+AC_ARG_WITH([apparmor],
+ [ --with-apparmor use AppArmor to manage security],
+ [],
+ [with_apparmor=check])
+
+APPARMOR_CFLAGS=
+APPARMOR_LIBS=
+if test "$with_apparmor" != "no"; then
+ old_cflags="$CFLAGS"
+ old_libs="$LIBS"
+ if test "$with_apparmor" = "check"; then
+ AC_CHECK_HEADER([sys/apparmor.h],[],[with_apparmor=no])
+ AC_CHECK_LIB([apparmor], [aa_change_profile],[],[with_apparmor=no])
+ AC_CHECK_LIB([apparmor], [aa_change_hat],[],[with_apparmor=no])
+ if test "$with_apparmor" != "no"; then
+ with_apparmor="yes"
+ fi
+ else
+ fail=0
+ AC_CHECK_HEADER([sys/apparmor.h],[],[fail=1])
+ AC_CHECK_LIB([apparmor], [aa_change_profile],[],[fail=1])
+ AC_CHECK_LIB([apparmor], [aa_change_hat],[],[fail=1])
+ test $fail = 1 &&
+ AC_MSG_ERROR([You must install the AppArmor development package in order to compile libvirt])
+ fi
+ CFLAGS="$old_cflags"
+ LIBS="$old_libs"
+fi
+if test "$with_apparmor" = "yes"; then
+ APPARMOR_LIBS="-lapparmor"
+ AC_DEFINE_UNQUOTED([HAVE_APPARMOR], 1, [whether AppArmor is available for security])
+ AC_DEFINE_UNQUOTED([APPARMOR_DIR], "/etc/apparmor.d", [path to apparmor directory])
+ AC_DEFINE_UNQUOTED([APPARMOR_PROFILES_PATH], "/sys/kernel/security/apparmor/profiles", [path to kernel profiles])
+ AC_DEFINE_UNQUOTED([VIRT_AA_HELPER_PATH], "$prefix/bin/virt-aa-helper", [path to virt-aa-helper])
+fi
+AM_CONDITIONAL([HAVE_APPARMOR], [test "$with_apparmor" != "no"])
+AC_SUBST([APPARMOR_CFLAGS])
+AC_SUBST([APPARMOR_LIBS])
+
+
+AC_ARG_WITH([secdriver-apparmor],
+ [ --with-secdriver-apparmor use AppArmor security driver],
+ [],
+ [with_secdriver_apparmor=check])
+
+if test "$with_apparmor" != "yes" ; then
+ if test "$with_secdriver_apparmor" = "check" ; then
+ with_secdriver_apparmor=no
+ else
+ AC_MSG_ERROR([You must install the AppArmor development package in order to compile libvirt])
+ fi
+else
+ old_cflags="$CFLAGS"
+ old_libs="$LIBS"
+ CFLAGS="$CFLAGS $APPARMOR_CFLAGS"
+ LIBS="$CFLAGS $APPARMOR_LIBS"
+
+ fail=0
+ AC_CHECK_FUNC([change_hat], [], [fail=1])
+ AC_CHECK_FUNC([aa_change_profile], [], [fail=1])
+ CFLAGS="$old_cflags"
+ LIBS="$old_libs"
+
+ if test "$fail" = "1" ; then
+ if test "$with_secdriver_apparmor" = "check" ; then
+ with_secdriver_apparmor=no
+ else
+ AC_MSG_ERROR([You must install the AppArmor development package in order to compile libvirt])
+ fi
+ else
+ with_secdriver_apparmor=yes
+ AC_DEFINE_UNQUOTED([WITH_SECDRIVER_APPARMOR], 1, [whether AppArmor security driver is available])
+ fi
+fi
+AM_CONDITIONAL([WITH_SECDRIVER_APPARMOR], [test "$with_secdriver_apparmor" != "no"])
+
+
dnl NUMA lib
AC_ARG_WITH([numactl],
@@ -1706,6 +1784,7 @@ AC_MSG_NOTICE([])
AC_MSG_NOTICE([Security Drivers])
AC_MSG_NOTICE([])
AC_MSG_NOTICE([ SELinux: $with_secdriver_selinux])
+AC_MSG_NOTICE([ AppArmor: $with_secdriver_apparmor])
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Driver Loadable Modules])
AC_MSG_NOTICE([])
@@ -1753,6 +1832,11 @@ AC_MSG_NOTICE([ selinux: $SELINUX_CFLAGS
else
AC_MSG_NOTICE([ selinux: no])
fi
+if test "$with_apparmor" = "yes" ; then
+AC_MSG_NOTICE([ apparmor: $APPARMOR_CFLAGS $APPARMOR_LIBS])
+else
+AC_MSG_NOTICE([ apparmor: no])
+fi
if test "$with_numactl" = "yes" ; then
AC_MSG_NOTICE([ numactl: $NUMACTL_CFLAGS $NUMACTL_LIBS])
else
diff -Nurp ./libvirt.orig/src/Makefile.am ./libvirt/src/Makefile.am
--- ./libvirt.orig/src/Makefile.am 2009-09-08 13:00:00.000000000 -0500
+++ ./libvirt/src/Makefile.am 2009-09-08 15:32:22.000000000 -0500
@@ -9,6 +9,7 @@ INCLUDES = \
$(LIBSSH2_CFLAGS) \
$(XEN_CFLAGS) \
$(SELINUX_CFLAGS) \
+ $(APPARMOR_CFLAGS) \
$(DRIVER_MODULE_CFLAGS) \
-DLIBDIR=\""$(libdir)"\" \
-DBINDIR=\""$(libexecdir)"\" \
@@ -216,6 +217,8 @@ SECURITY_DRIVER_SOURCES = \
SECURITY_DRIVER_SELINUX_SOURCES = \
security_selinux.h security_selinux.c
+SECURITY_DRIVER_APPARMOR_SOURCES = \
+ security_apparmor.h security_apparmor.c
NODE_DEVICE_DRIVER_SOURCES = \
node_device.c node_device.h
@@ -527,6 +530,9 @@ libvirt_la_LIBADD += libvirt_driver_secu
if WITH_SECDRIVER_SELINUX
libvirt_driver_security_la_SOURCES += $(SECURITY_DRIVER_SELINUX_SOURCES)
endif
+if WITH_SECDRIVER_APPARMOR
+libvirt_driver_security_la_SOURCES += $(SECURITY_DRIVER_APPARMOR_SOURCES)
+endif
# Add all conditional sources just in case...
EXTRA_DIST += \
@@ -615,7 +621,7 @@ libvirt_la_LIBADD += \
libvirt_la_LDFLAGS = $(VERSION_SCRIPT_FLAGS)libvirt.syms \
-version-info @LIBVIRT_VERSION_INFO@ \
$(COVERAGE_CFLAGS:-f%=-Wc,-f%) \
- $(LIBXML_LIBS) $(SELINUX_LIBS) \
+ $(LIBXML_LIBS) $(SELINUX_LIBS) $(APPARMOR_LIBS) \
$(XEN_LIBS) $(DRIVER_MODULE_LIBS) \
$(DEVMAPPER_LIBS) \
@CYGWIN_EXTRA_LDFLAGS@ @MINGW_EXTRA_LDFLAGS@
@@ -654,6 +660,23 @@ virsh_LDADD = \
../gnulib/lib/libgnu.la \
$(VIRSH_LIBS)
virsh_CFLAGS = $(COVERAGE_CFLAGS) $(READLINE_CFLAGS) $(NUMACTL_CFLAGS)
+
+if WITH_SECDRIVER_APPARMOR
+bin_PROGRAMS += virt-aa-helper
+
+virt_aa_helper_SOURCES = \
+ virt-aa-helper.c
+
+virt_aa_helper_LDFLAGS = $(WARN_CFLAGS) $(COVERAGE_LDFLAGS)
+virt_aa_helper_LDADD = \
+ $(STATIC_BINARIES) \
+ $(WARN_CFLAGS) \
+ libvirt.la \
+ ../gnulib/lib/libgnu.la \
+ $(VIRSH_LIBS)
+virt_aa_helper_CFLAGS = $(COVERAGE_CFLAGS)
+endif
+
BUILT_SOURCES = virsh-net-edit.c virsh-pool-edit.c libvirt.syms
virsh-net-edit.c: virsh.c Makefile.am
Attachment:
signature.asc
Description: Digital signature
-- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list