From: "Daniel P. Berrange" <berrange@xxxxxxxxxx> Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> --- configure.ac | 62 ++---------------------------------------------------- m4/virt-selinux.m4 | 51 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 60 deletions(-) create mode 100644 m4/virt-selinux.m4 diff --git a/configure.ac b/configure.ac index b50e329..79cd132 100644 --- a/configure.ac +++ b/configure.ac @@ -158,6 +158,7 @@ LIBVIRT_COMPILE_WARNINGS LIBVIRT_CHECK_AUDIT LIBVIRT_CHECK_SANLOCK LIBVIRT_CHECK_SASL +LIBVIRT_CHECK_SELINUX LIBVIRT_CHECK_YAJL AC_MSG_CHECKING([for CPUID instruction]) @@ -1246,61 +1247,6 @@ fi AM_CONDITIONAL([VIR_CHRDEV_LOCK_FILE_PATH], [test "$with_chrdev_lock_files" != "no"]) -dnl SELinux -AC_ARG_WITH([selinux], - AC_HELP_STRING([--with-selinux], [use SELinux to manage security @<:@default=check@:>@]), - [], - [with_selinux=check]) -AC_ARG_WITH([selinux_mount], - AC_HELP_STRING([--with-selinux-mount], [set SELinux mount point @<:@default=check@:>@]), - [], - [with_selinux_mount=check]) - -SELINUX_CFLAGS= -SELINUX_LIBS= -if test "$with_selinux" != "no"; then - old_cflags="$CFLAGS" - old_libs="$LIBS" - if test "$with_selinux" = "check"; then - AC_CHECK_HEADER([selinux/selinux.h],[],[with_selinux=no]) - AC_CHECK_LIB([selinux], [fgetfilecon_raw],[],[with_selinux=no]) - if test "$with_selinux" != "no"; then - with_selinux="yes" - fi - else - fail=0 - AC_CHECK_HEADER([selinux/selinux.h],[],[fail=1]) - AC_CHECK_LIB([selinux], [fgetfilecon_raw],[],[fail=1]) - test $fail = 1 && - AC_MSG_ERROR([You must install the libselinux development package in order to compile libvirt with basic SELinux support]) - fi - CFLAGS="$old_cflags" - LIBS="$old_libs" -fi -if test "$with_selinux" = "yes"; then - AC_MSG_CHECKING([SELinux mount point]) - if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then - SELINUX_MOUNT=/sys/fs/selinux - if ! test -d ${SELINUX_MOUNT} && test -d /selinux ; then - SELINUX_MOUNT=/selinux - fi - else - SELINUX_MOUNT=$with_selinux_mount - fi - AC_MSG_RESULT([$SELINUX_MOUNT]) - - SELINUX_LIBS="-lselinux" - AC_DEFINE_UNQUOTED([SELINUX_MOUNT], ["$SELINUX_MOUNT"], [SELinux mount point]) - AC_DEFINE_UNQUOTED([WITH_SELINUX], 1, [whether basic SELinux functionality is available]) - dnl We prefer to use <selinux/label.h> and selabel_open, but can fall - dnl back to matchpathcon for the sake of RHEL 5's version of libselinux. - AC_CHECK_HEADERS([selinux/label.h]) -fi -AM_CONDITIONAL([WITH_SELINUX], [test "$with_selinux" != "no"]) -AC_SUBST([SELINUX_CFLAGS]) -AC_SUBST([SELINUX_LIBS]) - - AC_ARG_WITH([secdriver-selinux], AC_HELP_STRING([--with-secdriver-selinux], [use SELinux security driver @<:@default=check@:>@]), [], @@ -2944,6 +2890,7 @@ AC_MSG_NOTICE([]) LIBVIRT_RESULT_AUDIT LIBVIRT_RESULT_SANLOCK LIBVIRT_RESULT_SASL +LIBVIRT_RESULT_SELINUX LIBVIRT_RESULT_YAJL AC_MSG_NOTICE([ libxml: $LIBXML_CFLAGS $LIBXML_LIBS]) AC_MSG_NOTICE([ dlopen: $DLOPEN_LIBS]) @@ -2982,11 +2929,6 @@ fi else AC_MSG_NOTICE([ polkit: no]) fi -if test "$with_selinux" = "yes" ; then -AC_MSG_NOTICE([ selinux: $SELINUX_CFLAGS $SELINUX_LIBS]) -else -AC_MSG_NOTICE([ selinux: no]) -fi if test "$with_apparmor" = "yes" ; then AC_MSG_NOTICE([apparmor: $APPARMOR_CFLAGS $APPARMOR_LIBS]) else diff --git a/m4/virt-selinux.m4 b/m4/virt-selinux.m4 new file mode 100644 index 0000000..abb0d12 --- /dev/null +++ b/m4/virt-selinux.m4 @@ -0,0 +1,51 @@ +dnl The libselinux.so library +dnl +dnl Copyright (C) 2012-2013 Red Hat, Inc. +dnl +dnl This library is free software; you can redistribute it and/or +dnl modify it under the terms of the GNU Lesser General Public +dnl License as published by the Free Software Foundation; either +dnl version 2.1 of the License, or (at your option) any later version. +dnl +dnl This library is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +dnl Lesser General Public License for more details. +dnl +dnl You should have received a copy of the GNU Lesser General Public +dnl License along with this library. If not, see +dnl <http://www.gnu.org/licenses/>. +dnl + +AC_DEFUN([LIBVIRT_CHECK_SELINUX],[ + LIBVIRT_CHECK_LIB([SELINUX], [selinux], + [fgetfilecon_raw], [selinux/selinux.h]) + + AC_ARG_WITH([selinux_mount], + AC_HELP_STRING([--with-selinux-mount], [set SELinux mount point @<:@default=check@:>@]), + [], + [with_selinux_mount=check]) + + if test "$with_selinux" = "yes"; then + AC_MSG_CHECKING([SELinux mount point]) + if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then + if test -d /sys/fs/selinux ; then + SELINUX_MOUNT=/sys/fs/selinux + else + SELINUX_MOUNT=/selinux + fi + else + SELINUX_MOUNT=$with_selinux_mount + fi + AC_MSG_RESULT([$SELINUX_MOUNT]) + AC_DEFINE_UNQUOTED([SELINUX_MOUNT], ["$SELINUX_MOUNT"], [SELinux mount point]) + + dnl We prefer to use <selinux/label.h> and selabel_open, but can fall + dnl back to matchpathcon for the sake of RHEL 5's version of libselinux. + AC_CHECK_HEADERS([selinux/label.h]) + fi +]) + +AC_DEFUN([LIBVIRT_RESULT_SELINUX],[ + LIBVIRT_RESULT_LIB([SELINUX]) +]) -- 1.7.11.7 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list