[libvirt] [PATCH 13/29] Convert apparmor check to use LIBVIRT_CHECK_LIB

Daniel P. Berrange berrange at redhat.com
Thu Sep 20 15:01:27 UTC 2012 

From: "Daniel P. Berrange" <berrange at redhat.com>

Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
---
 configure.ac        | 70 +++--------------------------------------------------
 m4/virt-apparmor.m4 | 19 +++++++++++++++
 2 files changed, 23 insertions(+), 66 deletions(-)
 create mode 100644 m4/virt-apparmor.m4

diff --git a/configure.ac b/configure.ac
index d60e9ea..56358b3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -148,6 +148,7 @@ AC_MSG_RESULT([$VERSION_SCRIPT_FLAGS])
 
 LIBVIRT_COMPILE_WARNINGS
 
+LIBVIRT_CHECK_APPARMOR
 LIBVIRT_CHECK_AUDIT
 LIBVIRT_CHECK_LIBATTR
 LIBVIRT_CHECK_SANLOCK
@@ -1236,46 +1237,6 @@ fi
 AM_CONDITIONAL([WITH_SECDRIVER_SELINUX], [test "$with_secdriver_selinux" != "no"])
 
 
-dnl AppArmor
-AC_ARG_WITH([apparmor],
-  AC_HELP_STRING([--with-apparmor], [use AppArmor to manage security @<:@default=check@:>@]),
-  [],
-  [with_apparmor=check])
-
-APPARMOR_CFLAGS=
-APPARMOR_LIBS=
-if test "$with_apparmor" != "no"; then
-  old_cflags="$CFLAGS"
-  old_libs="$LIBS"
-  if test "$with_apparmor" = "check"; then
-    AC_CHECK_HEADER([sys/apparmor.h],[],[with_apparmor=no])
-    AC_CHECK_LIB([apparmor], [aa_change_profile],[],[with_apparmor=no])
-    AC_CHECK_LIB([apparmor], [aa_change_hat],[],[with_apparmor=no])
-    if test "$with_apparmor" != "no"; then
-      with_apparmor="yes"
-    fi
-  else
-    fail=0
-    AC_CHECK_HEADER([sys/apparmor.h],[],[fail=1])
-    AC_CHECK_LIB([apparmor], [aa_change_profile],[],[fail=1])
-    AC_CHECK_LIB([apparmor], [aa_change_hat],[],[fail=1])
-    test $fail = 1 &&
-      AC_MSG_ERROR([You must install the AppArmor development package in order to compile libvirt])
-  fi
-  CFLAGS="$old_cflags"
-  LIBS="$old_libs"
-fi
-if test "$with_apparmor" = "yes"; then
-  APPARMOR_LIBS="-lapparmor"
-  AC_DEFINE_UNQUOTED([HAVE_APPARMOR], 1, [whether AppArmor is available for security])
-  AC_DEFINE_UNQUOTED([APPARMOR_DIR], "/etc/apparmor.d", [path to apparmor directory])
-  AC_DEFINE_UNQUOTED([APPARMOR_PROFILES_PATH], "/sys/kernel/security/apparmor/profiles", [path to kernel profiles])
-fi
-AM_CONDITIONAL([HAVE_APPARMOR], [test "$with_apparmor" != "no"])
-AC_SUBST([APPARMOR_CFLAGS])
-AC_SUBST([APPARMOR_LIBS])
-
-
 AC_ARG_WITH([secdriver-apparmor],
   AC_HELP_STRING([--with-secdriver-apparmor], [use AppArmor security driver @<:@default=check@:>@]),
   [],
@@ -1288,27 +1249,8 @@ if test "$with_apparmor" != "yes" ; then
     AC_MSG_ERROR([You must install the AppArmor development package in order to compile libvirt])
   fi
 else
-  old_cflags="$CFLAGS"
-  old_libs="$LIBS"
-  CFLAGS="$CFLAGS $APPARMOR_CFLAGS"
-  LIBS="$CFLAGS $APPARMOR_LIBS"
-
-  fail=0
-  AC_CHECK_FUNC([change_hat], [], [fail=1])
-  AC_CHECK_FUNC([aa_change_profile], [], [fail=1])
-  CFLAGS="$old_cflags"
-  LIBS="$old_libs"
-
-  if test "$fail" = "1" ; then
-    if test "$with_secdriver_apparmor" = "check" ; then
-      with_secdriver_apparmor=no
-    else
-      AC_MSG_ERROR([You must install the AppArmor development package in order to compile libvirt])
-    fi
-  else
-    with_secdriver_apparmor=yes
-    AC_DEFINE_UNQUOTED([WITH_SECDRIVER_APPARMOR], 1, [whether AppArmor security driver is available])
-  fi
+  with_secdriver_apparmor=yes
+  AC_DEFINE_UNQUOTED([WITH_SECDRIVER_APPARMOR], 1, [whether AppArmor security driver is available])
 fi
 AM_CONDITIONAL([WITH_SECDRIVER_APPARMOR], [test "$with_secdriver_apparmor" != "no"])
 
@@ -2803,6 +2745,7 @@ fi
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Libraries])
 AC_MSG_NOTICE([])
+LIBVIRT_RESULT_APPARMOR
 LIBVIRT_RESULT_AUDIT
 LIBVIRT_RESULT_LIBATTR
 LIBVIRT_RESULT_SANLOCK
@@ -2842,11 +2785,6 @@ fi
 else
 AC_MSG_NOTICE([  polkit: no])
 fi
-if test "$with_apparmor" = "yes" ; then
-AC_MSG_NOTICE([apparmor: $APPARMOR_CFLAGS $APPARMOR_LIBS])
-else
-AC_MSG_NOTICE([apparmor: no])
-fi
 if test "$with_numactl" = "yes" ; then
 AC_MSG_NOTICE([ numactl: $NUMACTL_CFLAGS $NUMACTL_LIBS])
 else
diff --git a/m4/virt-apparmor.m4 b/m4/virt-apparmor.m4
new file mode 100644
index 0000000..b3efec1
--- /dev/null
+++ b/m4/virt-apparmor.m4
@@ -0,0 +1,19 @@
+dnl The libapparmor.so library
+
+AC_DEFUN([LIBVIRT_CHECK_APPARMOR],[
+  LIBVIRT_CHECK_LIB([APPARMOR], [apparmor], [apparmor], [aa_change_profile], [sys/apparmor.h])
+
+  AC_ARG_WITH([apparmor_mount],
+    AC_HELP_STRING([--with-apparmor-mount], [set Apparmor mount point @<:@default=check@:>@]),
+    [],
+    [with_apparmor_mount=check])
+
+  if test "$with_apparmor" = "yes"; then
+    AC_DEFINE_UNQUOTED([APPARMOR_DIR], "/etc/apparmor.d", [path to apparmor directory])
+    AC_DEFINE_UNQUOTED([APPARMOR_PROFILES_PATH], "/sys/kernel/security/apparmor/profiles", [path to kernel profiles])
+  fi
+])
+
+AC_DEFUN([LIBVIRT_RESULT_APPARMOR],[
+  LIBVIRT_RESULT_LIB([APPARMOR], [apparmor])
+])
-- 
1.7.11.4

More information about the libvir-list mailing list