[libvirt] [PATCH 02/28] Convert selinux check to use LIBVIRT_CHECK_LIB

Daniel P. Berrange berrange at redhat.com
Fri Jan 11 11:05:42 UTC 2013 

From: "Daniel P. Berrange" <berrange at redhat.com>

Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
---
 configure.ac       | 62 ++----------------------------------------------------
 m4/virt-selinux.m4 | 51 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+), 60 deletions(-)
 create mode 100644 m4/virt-selinux.m4

diff --git a/configure.ac b/configure.ac
index b50e329..79cd132 100644
--- a/configure.ac
+++ b/configure.ac
@@ -158,6 +158,7 @@ LIBVIRT_COMPILE_WARNINGS
 LIBVIRT_CHECK_AUDIT
 LIBVIRT_CHECK_SANLOCK
 LIBVIRT_CHECK_SASL
+LIBVIRT_CHECK_SELINUX
 LIBVIRT_CHECK_YAJL
 
 AC_MSG_CHECKING([for CPUID instruction])
@@ -1246,61 +1247,6 @@ fi
 AM_CONDITIONAL([VIR_CHRDEV_LOCK_FILE_PATH], [test "$with_chrdev_lock_files" != "no"])
 
 
-dnl SELinux
-AC_ARG_WITH([selinux],
-  AC_HELP_STRING([--with-selinux], [use SELinux to manage security @<:@default=check@:>@]),
-  [],
-  [with_selinux=check])
-AC_ARG_WITH([selinux_mount],
-  AC_HELP_STRING([--with-selinux-mount], [set SELinux mount point @<:@default=check@:>@]),
-  [],
-  [with_selinux_mount=check])
-
-SELINUX_CFLAGS=
-SELINUX_LIBS=
-if test "$with_selinux" != "no"; then
-  old_cflags="$CFLAGS"
-  old_libs="$LIBS"
-  if test "$with_selinux" = "check"; then
-    AC_CHECK_HEADER([selinux/selinux.h],[],[with_selinux=no])
-    AC_CHECK_LIB([selinux], [fgetfilecon_raw],[],[with_selinux=no])
-    if test "$with_selinux" != "no"; then
-      with_selinux="yes"
-    fi
-  else
-    fail=0
-    AC_CHECK_HEADER([selinux/selinux.h],[],[fail=1])
-    AC_CHECK_LIB([selinux], [fgetfilecon_raw],[],[fail=1])
-    test $fail = 1 &&
-      AC_MSG_ERROR([You must install the libselinux development package in order to compile libvirt with basic SELinux support])
-  fi
-  CFLAGS="$old_cflags"
-  LIBS="$old_libs"
-fi
-if test "$with_selinux" = "yes"; then
-  AC_MSG_CHECKING([SELinux mount point])
-  if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then
-    SELINUX_MOUNT=/sys/fs/selinux
-    if ! test -d ${SELINUX_MOUNT} && test -d /selinux ; then
-      SELINUX_MOUNT=/selinux
-    fi
-  else
-    SELINUX_MOUNT=$with_selinux_mount
-  fi
-  AC_MSG_RESULT([$SELINUX_MOUNT])
-
-  SELINUX_LIBS="-lselinux"
-  AC_DEFINE_UNQUOTED([SELINUX_MOUNT], ["$SELINUX_MOUNT"], [SELinux mount point])
-  AC_DEFINE_UNQUOTED([WITH_SELINUX], 1, [whether basic SELinux functionality is available])
-  dnl We prefer to use <selinux/label.h> and selabel_open, but can fall
-  dnl back to matchpathcon for the sake of RHEL 5's version of libselinux.
-  AC_CHECK_HEADERS([selinux/label.h])
-fi
-AM_CONDITIONAL([WITH_SELINUX], [test "$with_selinux" != "no"])
-AC_SUBST([SELINUX_CFLAGS])
-AC_SUBST([SELINUX_LIBS])
-
-
 AC_ARG_WITH([secdriver-selinux],
   AC_HELP_STRING([--with-secdriver-selinux], [use SELinux security driver @<:@default=check@:>@]),
   [],
@@ -2944,6 +2890,7 @@ AC_MSG_NOTICE([])
 LIBVIRT_RESULT_AUDIT
 LIBVIRT_RESULT_SANLOCK
 LIBVIRT_RESULT_SASL
+LIBVIRT_RESULT_SELINUX
 LIBVIRT_RESULT_YAJL
 AC_MSG_NOTICE([  libxml: $LIBXML_CFLAGS $LIBXML_LIBS])
 AC_MSG_NOTICE([  dlopen: $DLOPEN_LIBS])
@@ -2982,11 +2929,6 @@ fi
 else
 AC_MSG_NOTICE([  polkit: no])
 fi
-if test "$with_selinux" = "yes" ; then
-AC_MSG_NOTICE([ selinux: $SELINUX_CFLAGS $SELINUX_LIBS])
-else
-AC_MSG_NOTICE([ selinux: no])
-fi
 if test "$with_apparmor" = "yes" ; then
 AC_MSG_NOTICE([apparmor: $APPARMOR_CFLAGS $APPARMOR_LIBS])
 else
diff --git a/m4/virt-selinux.m4 b/m4/virt-selinux.m4
new file mode 100644
index 0000000..abb0d12
--- /dev/null
+++ b/m4/virt-selinux.m4
@@ -0,0 +1,51 @@
+dnl The libselinux.so library
+dnl
+dnl Copyright (C) 2012-2013 Red Hat, Inc.
+dnl
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation; either
+dnl version 2.1 of the License, or (at your option) any later version.
+dnl
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+dnl Lesser General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library.  If not, see
+dnl <http://www.gnu.org/licenses/>.
+dnl
+
+AC_DEFUN([LIBVIRT_CHECK_SELINUX],[
+  LIBVIRT_CHECK_LIB([SELINUX], [selinux],
+                    [fgetfilecon_raw], [selinux/selinux.h])
+
+  AC_ARG_WITH([selinux_mount],
+    AC_HELP_STRING([--with-selinux-mount], [set SELinux mount point @<:@default=check@:>@]),
+    [],
+    [with_selinux_mount=check])
+
+  if test "$with_selinux" = "yes"; then
+    AC_MSG_CHECKING([SELinux mount point])
+    if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then
+      if test -d /sys/fs/selinux ; then
+        SELINUX_MOUNT=/sys/fs/selinux
+      else
+        SELINUX_MOUNT=/selinux
+      fi
+    else
+      SELINUX_MOUNT=$with_selinux_mount
+    fi
+    AC_MSG_RESULT([$SELINUX_MOUNT])
+    AC_DEFINE_UNQUOTED([SELINUX_MOUNT], ["$SELINUX_MOUNT"], [SELinux mount point])
+
+    dnl We prefer to use <selinux/label.h> and selabel_open, but can fall
+    dnl back to matchpathcon for the sake of RHEL 5's version of libselinux.
+    AC_CHECK_HEADERS([selinux/label.h])
+  fi
+])
+
+AC_DEFUN([LIBVIRT_RESULT_SELINUX],[
+  LIBVIRT_RESULT_LIB([SELINUX])
+])
-- 
1.7.11.7

More information about the libvir-list mailing list