[libvirt] [PATCH] Allow to install apparmor profiles

Guido Günther agx at sigxcpu.org
Tue Jan 7 16:19:36 UTC 2014 

Make it easy to install the shipped examples. The aim is to have
reasonably working templates so that distros only need to minimally
patch these and can feed things upstream more easily.

This was prompted by http://bugs.debian.org/725144
---
 configure.ac                  | 12 +++++++++++-
 examples/apparmor/Makefile.am | 18 ++++++++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 2622dfd..97752f4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1418,6 +1418,16 @@ elif test "with_secdriver_apparmor" != "no" ; then
 fi
 AM_CONDITIONAL([WITH_SECDRIVER_APPARMOR], [test "$with_secdriver_apparmor" != "no"])
 
+if test "$with_apparmor" != "no"; then
+AC_ARG_WITH([apparmor-profiles],
+  [AS_HELP_STRING([--with-apparmor-profiles],
+    [install apparmor profiles @<:@default=no@:>@])],
+  [with_apparmor_profiles=yes],
+  [with_apparmor_profiles=no])
+else
+  with_apparmor_profiles="no"
+fi
+AM_CONDITIONAL([WITH_APPARMOR_PROFILES], [test "$with_apparmor_profiles" != "no"])
 
 dnl DTrace static probes
 AC_ARG_WITH([dtrace],
@@ -2607,7 +2617,7 @@ AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Security Drivers])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([ SELinux: $with_secdriver_selinux ($SELINUX_MOUNT)])
-AC_MSG_NOTICE([AppArmor: $with_secdriver_apparmor])
+AC_MSG_NOTICE([AppArmor: $with_secdriver_apparmor (install profiles: $with_apparmor_profiles)])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Driver Loadable Modules])
 AC_MSG_NOTICE([])
diff --git a/examples/apparmor/Makefile.am b/examples/apparmor/Makefile.am
index 79cf5c9..6e69440 100644
--- a/examples/apparmor/Makefile.am
+++ b/examples/apparmor/Makefile.am
@@ -19,3 +19,21 @@ EXTRA_DIST=				\
 	libvirt-qemu			\
 	usr.lib.libvirt.virt-aa-helper	\
 	usr.sbin.libvirtd
+
+if WITH_APPARMOR_PROFILES
+apparmordir = $(sysconfdir)/apparmor.d/
+apparmor_DATA = \
+	usr.lib.libvirt.virt-aa-helper \
+	usr.sbin.libvirtd \
+	$(NULL)
+
+abstractionsdir = $(apparmordir)/abstractions
+abstractions_DATA = \
+	libvirt-qemu \
+	$(NULL)
+
+templatesdir = $(apparmordir)/libvirtd
+templates_DATA = \
+	TEMPLATE \
+	$(NULL)
+endif WITH_APPARMOR_PROFILES
-- 
1.8.5.1

More information about the libvir-list mailing list