[libvirt] [PATCH 2/4] configure: Make ACL mandatory when building the QEMU driver
Daniel P. Berrange
berrange at redhat.com
Tue Feb 14 16:59:44 UTC 2017
On Tue, Feb 14, 2017 at 05:47:27PM +0100, Andrea Bolognani wrote:
> On Tue, 2017-02-14 at 16:20 +0000, Daniel P. Berrange wrote:
> > > On the other hand, we really only care about having the ACL
> > > APIs when we are isolating QEMU, which only happens of Linux
> > > due to the namespaces requirement... So maybe we could have
> > > it as a strict requirement on Linux only, and as an optional
> > > dependency on other platforms?
> >
> > IMHO it'd be better to just disable the namespace code at build
> > time if we don't have libacl rather than adding mandatory build
> > deps.
>
> I'm afraid that might lead to people forgetting to install
> libacl-devel[1] on Linux and ending up with less security
> than expected / desired as a result.
You can make the same argument about many other libraries we have
optional dependancies against, libcapng, libselinux, apparmour,
etc.
Our general policy is for libraries to be optional and I don't
see a reason for this to be a different case
> [1] I know I did while trying to figure this bug out ;)
If we disabled namespace support when libacl is missing at
build time you would have noticed quite quickly that you
weren't using namespaces.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
More information about the libvir-list
mailing list