[PATCH 12/29] Convert selinux check to use LIBVIRT_CHECK_LIB

"Daniel P. Berrange" <berrange@xxxxxxxxxx> · Thu, 20 Sep 2012 16:01:26 +0100

From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>

Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
 configure.ac       | 63 ++----------------------------------------------------
 m4/virt-selinux.m4 | 33 ++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 61 deletions(-)
 create mode 100644 m4/virt-selinux.m4

diff --git a/configure.ac b/configure.ac
index c3b2b13..d60e9ea 100644
--- a/configure.ac
+++ b/configure.ac
@@ -152,6 +152,7 @@ LIBVIRT_CHECK_AUDIT
 LIBVIRT_CHECK_LIBATTR
 LIBVIRT_CHECK_SANLOCK
 LIBVIRT_CHECK_SASL
+LIBVIRT_CHECK_SELINUX
 LIBVIRT_CHECK_YAJL
 
 AC_MSG_CHECKING([for CPUID instruction])
@@ -1197,62 +1198,6 @@ fi
 AM_CONDITIONAL([VIR_PTY_LOCK_FILE_PATH], [test "$with_console_lock_files" != "no"])
 
 
-dnl SELinux
-AC_ARG_WITH([selinux],
-  AC_HELP_STRING([--with-selinux], [use SELinux to manage security @<:@default=check@:>@]),
-  [],
-  [with_selinux=check])
-AC_ARG_WITH([selinux_mount],
-  AC_HELP_STRING([--with-selinux-mount], [set SELinux mount point @<:@default=check@:>@]),
-  [],
-  [with_selinux_mount=check])
-
-SELINUX_CFLAGS=
-SELINUX_LIBS=
-if test "$with_selinux" != "no"; then
-  old_cflags="$CFLAGS"
-  old_libs="$LIBS"
-  if test "$with_selinux" = "check"; then
-    AC_CHECK_HEADER([selinux/selinux.h],[],[with_selinux=no])
-    AC_CHECK_LIB([selinux], [fgetfilecon],[],[with_selinux=no])
-    if test "$with_selinux" != "no"; then
-      with_selinux="yes"
-    fi
-  else
-    fail=0
-    AC_CHECK_HEADER([selinux/selinux.h],[],[fail=1])
-    AC_CHECK_LIB([selinux], [fgetfilecon],[],[fail=1])
-    test $fail = 1 &&
-      AC_MSG_ERROR([You must install the libselinux development package in order to compile libvirt with basic SELinux support])
-  fi
-  CFLAGS="$old_cflags"
-  LIBS="$old_libs"
-fi
-if test "$with_selinux" = "yes"; then
-  AC_MSG_CHECKING([SELinux mount point])
-  if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then
-    if test -d /sys/fs/selinux ; then
-      SELINUX_MOUNT=/sys/fs/selinux
-    else
-      SELINUX_MOUNT=/selinux
-    fi
-  else
-    SELINUX_MOUNT=$with_selinux_mount
-  fi
-  AC_MSG_RESULT([$SELINUX_MOUNT])
-
-  SELINUX_LIBS="-lselinux"
-  AC_DEFINE_UNQUOTED([SELINUX_MOUNT], ["$SELINUX_MOUNT"], [SELinux mount point])
-  AC_DEFINE_UNQUOTED([WITH_SELINUX], 1, [whether basic SELinux functionality is available])
-  dnl We prefer to use <selinux/label.h> and selabel_open, but can fall
-  dnl back to matchpathcon for the sake of RHEL 5's version of libselinux.
-  AC_CHECK_HEADERS([selinux/label.h])
-fi
-AM_CONDITIONAL([WITH_SELINUX], [test "$with_selinux" != "no"])
-AC_SUBST([SELINUX_CFLAGS])
-AC_SUBST([SELINUX_LIBS])
-
-
 AC_ARG_WITH([secdriver-selinux],
   AC_HELP_STRING([--with-secdriver-selinux], [use SELinux security driver @<:@default=check@:>@]),
   [],
@@ -2862,6 +2807,7 @@ LIBVIRT_RESULT_AUDIT
 LIBVIRT_RESULT_LIBATTR
 LIBVIRT_RESULT_SANLOCK
 LIBVIRT_RESULT_SASL
+LIBVIRT_RESULT_SELINUX
 LIBVIRT_RESULT_YAJL
 AC_MSG_NOTICE([  libxml: $LIBXML_CFLAGS $LIBXML_LIBS])
 AC_MSG_NOTICE([  dlopen: $DLOPEN_LIBS])
@@ -2896,11 +2842,6 @@ fi
 else
 AC_MSG_NOTICE([  polkit: no])
 fi
-if test "$with_selinux" = "yes" ; then
-AC_MSG_NOTICE([ selinux: $SELINUX_CFLAGS $SELINUX_LIBS])
-else
-AC_MSG_NOTICE([ selinux: no])
-fi
 if test "$with_apparmor" = "yes" ; then
 AC_MSG_NOTICE([apparmor: $APPARMOR_CFLAGS $APPARMOR_LIBS])
 else
diff --git a/m4/virt-selinux.m4 b/m4/virt-selinux.m4
new file mode 100644
index 0000000..eba0734
--- /dev/null
+++ b/m4/virt-selinux.m4
@@ -0,0 +1,33 @@
+dnl The libselinux.so library
+
+AC_DEFUN([LIBVIRT_CHECK_SELINUX],[
+  LIBVIRT_CHECK_LIB([SELINUX], [selinux], [selinux], [fgetfilecon], [selinux/selinux.h])
+
+  AC_ARG_WITH([selinux_mount],
+    AC_HELP_STRING([--with-selinux-mount], [set SELinux mount point @<:@default=check@:>@]),
+    [],
+    [with_selinux_mount=check])
+
+  if test "$with_selinux" = "yes"; then
+    AC_MSG_CHECKING([SELinux mount point])
+    if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then
+      if test -d /sys/fs/selinux ; then
+        SELINUX_MOUNT=/sys/fs/selinux
+      else
+        SELINUX_MOUNT=/selinux
+      fi
+    else
+      SELINUX_MOUNT=$with_selinux_mount
+    fi
+    AC_MSG_RESULT([$SELINUX_MOUNT])
+    AC_DEFINE_UNQUOTED([SELINUX_MOUNT], ["$SELINUX_MOUNT"], [SELinux mount point])
+
+    dnl We prefer to use <selinux/label.h> and selabel_open, but can fall
+    dnl back to matchpathcon for the sake of RHEL 5's version of libselinux.
+    AC_CHECK_HEADERS([selinux/label.h])
+  fi
+])
+
+AC_DEFUN([LIBVIRT_RESULT_SELINUX],[
+  LIBVIRT_RESULT_LIB([SELINUX], [selinux])
+])
-- 
1.7.11.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list





