[libvirt] [PATCH 1/3] Probe for libcap-ng

Mon Jun 22 19:51:37 UTC 2009

Probe for capng in configure, and set some RPM spec rules. Trivial
boring stuff.

Daniel

diff -r 57a8eb45975e configure.in

--- a/configure.in	Mon Jun 22 11:54:49 2009 +0000
+++ b/configure.in	Mon Jun 22 19:00:54 2009 +0100
@@ -749,6 +749,49 @@ AM_CONDITIONAL([HAVE_NUMACTL], [test "$w
 AC_SUBST([NUMACTL_CFLAGS])
 AC_SUBST([NUMACTL_LIBS])
 
+
+
+dnl libcap-ng
+AC_ARG_WITH([capng],
+  [  --with-capng         use libcap-ng to reduce libvirtd privileges],
+  [],
+  [with_capng=check])
+
+dnl
+dnl This check looks for 'capng_updatev' since that was
+dnl introduced in 0.4.0 release which need as minimum
+dnl
+CAPNG_CFLAGS=
+CAPNG_LIBS=
+if test "$with_qemu" = "yes" -a "$with_capng" != "no"; then
+  old_cflags="$CFLAGS"
+  old_libs="$LIBS"
+  if test "$with_capng" = "check"; then
+    AC_CHECK_HEADER([cap-ng.h],[],[with_capng=no])
+    AC_CHECK_LIB([cap-ng], [capng_updatev],[],[with_capng=no])
+    if test "$with_capng" != "no"; then
+      with_capng="yes"
+    fi
+  else
+    fail=0
+    AC_CHECK_HEADER([cap-ng.h],[],[fail=1])
+    AC_CHECK_LIB([cap-ng], [capng_updatev],[],[fail=1])
+    test $fail = 1 &&
+      AC_MSG_ERROR([You must install the capng >= 0.4.0 development package in order to compile and run libvirt])
+  fi
+  CFLAGS="$old_cflags"
+  LIBS="$old_libs"
+fi
+if test "$with_capng" = "yes"; then
+  CAPNG_LIBS="-lcap-ng"
+  AC_DEFINE_UNQUOTED([HAVE_CAPNG], 1, [whether capng is available for privilege reduction])
+fi
+AM_CONDITIONAL([HAVE_CAPNG], [test "$with_capng" != "no"])
+AC_SUBST([CAPNG_CFLAGS])
+AC_SUBST([CAPNG_LIBS])
+
+
+
 dnl virsh libraries
 AC_CHECK_HEADERS([readline/readline.h])
 
@@ -1473,6 +1516,11 @@ AC_MSG_NOTICE([ numactl: $NUMACTL_CFLAGS
 else
 AC_MSG_NOTICE([ numactl: no])
 fi
+if test "$with_capng" = "yes" ; then
+AC_MSG_NOTICE([ capng: $CAPNG_CFLAGS $CAPNG_LIBS])
+else
+AC_MSG_NOTICE([ capng: no])
+fi
 if test "$with_xen" = "yes" ; then
 AC_MSG_NOTICE([     xen: $XEN_CFLAGS $XEN_LIBS])
 else
diff -r 57a8eb45975e libvirt.spec.in
--- a/libvirt.spec.in	Mon Jun 22 11:54:49 2009 +0000
+++ b/libvirt.spec.in	Mon Jun 22 19:00:54 2009 +0100
@@ -7,7 +7,8 @@
 %define with_lxc           0%{!?_without_lxc:1}
 %define with_sasl          0%{!?_without_sasl:1}
 %define with_avahi         0%{!?_without_avahi:1}
-%define with_polkit        0%{!?_without_polkit:1}
+# default to off
+%define with_polkit        0%{!?_without_polkit:0}
 %define with_python        0%{!?_without_python:1}
 %define with_libvirtd      0%{!?_without_libvirtd:1}
 %define with_uml           0%{!?_without_uml:1}
@@ -17,6 +18,8 @@
 %define with_storage_iscsi 0%{!?_without_storage_iscsi:1}
 %define with_storage_disk  0%{!?_without_storage_disk:1}
 %define with_numactl       0%{!?_without_numactl:1}
+# default to off
+%define with_capng         0%{!?_without_capng:0}
 
 # Xen is available only on i386 x86_64 ia64
 %ifnarch i386 i586 i686 x86_64 ia64
@@ -38,6 +41,10 @@
 %define with_xen_proxy 0
 %endif
 
+%if 0%{?fedora} >= 12
+%define with_capng     0%{!?_without_capng:1}
+%endif
+
 #
 # If building on RHEL switch on the specific support
 # for the specific Xen version
@@ -162,6 +169,9 @@ BuildRequires: parted-devel
 # For QEMU/LXC numa info
 BuildRequires: numactl-devel
 %endif
+%if %{with_capng}
+BuildRequires: capng-devel >= 0.5.0
+%endif
 Obsoletes: libvir
 
 # Fedora build root suckage

-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


