From ed2e366cdc92de628ec2d406ee3977a130477635 Mon Sep 17 00:00:00 2001 From: Tyler Hicks Date: Mon, 10 Feb 2014 17:40:03 -0600 Subject: [PATCH 03/10] Update autoconf file to build against libapparmor AppArmor support can be configured at build time with --enabled-apparmor and --disable-apparmor. By default, the build time decision is automatically decided by checking if a sufficient libapparmor is available. A sufficient libapparmor is determined by a sanity check of whether aa_is_enabled() is present and a more precise check of whether the AA_CLASS_DBUS macro is defined. Signed-off-by: Tyler Hicks --- configure.ac | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/configure.ac b/configure.ac index b1f260e..f9e731a 100644 --- a/configure.ac +++ b/configure.ac @@ -152,6 +152,7 @@ AC_ARG_ENABLE(xml-docs, AS_HELP_STRING([--enable-xml-docs],[build XML documentat AC_ARG_ENABLE(doxygen-docs, AS_HELP_STRING([--enable-doxygen-docs],[build DOXYGEN documentation (requires Doxygen)]),enable_doxygen_docs=$enableval,enable_doxygen_docs=auto) AC_ARG_ENABLE(abstract-sockets, AS_HELP_STRING([--enable-abstract-sockets],[use abstract socket namespace (linux only)]),enable_abstract_sockets=$enableval,enable_abstract_sockets=auto) AC_ARG_ENABLE(selinux, AS_HELP_STRING([--enable-selinux],[build with SELinux support]),enable_selinux=$enableval,enable_selinux=auto) +AC_ARG_ENABLE(apparmor, AS_HELP_STRING([--enable-apparmor],[build with AppArmor support]),enable_apparmor=$enableval,enable_apparmor=auto) AC_ARG_ENABLE(libaudit,AS_HELP_STRING([--enable-libaudit],[build audit daemon support for SELinux]),enable_libaudit=$enableval,enable_libaudit=auto) AC_ARG_ENABLE(inotify, AS_HELP_STRING([--enable-inotify],[build with inotify support (linux only)]),enable_inotify=$enableval,enable_inotify=auto) AC_ARG_ENABLE(kqueue, AS_HELP_STRING([--enable-kqueue],[build with kqueue support]),enable_kqueue=$enableval,enable_kqueue=auto) @@ -1026,6 +1027,48 @@ else SELINUX_LIBS= fi +# AppArmor detection +if test x$enable_apparmor = xno ; then + have_apparmor=no; +else + # See if we have Apparmor library + AC_CHECK_LIB(apparmor, aa_is_enabled, + have_apparmor=yes, have_apparmor=no) + + # see if we have the Apparmor header with the new D-Bus stuff in it + if test x$have_apparmor = xyes ; then + AC_MSG_CHECKING([for DBUS apparmor permissions in sys/apparmor.h]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], + [[#ifdef AA_CLASS_DBUS return 0; + #else + #error AA_CLASS_DBUS not defined + #endif]])], + [have_apparmor=yes], + [have_apparmor=no]) + AC_MSG_RESULT($have_apparmor) + fi + + if test x$enable_apparmor = xauto ; then + if test x$have_apparmor = xno ; then + AC_MSG_WARN([Sufficiently new Apparmor library not found]) + fi + else + if test x$have_apparmor = xno ; then + AC_MSG_ERROR([Apparmor explicitly required, and Apparmor library not found]) + fi + fi +fi + +AM_CONDITIONAL(HAVE_APPARMOR, test x$have_apparmor = xyes) + +if test x$have_apparmor = xyes ; then + APPARMOR_LIBS="-lapparmor" + AC_DEFINE(HAVE_APPARMOR,1,[Apparmor support]) +else + APPARMOR_LIBS= +fi +AC_SUBST([APPARMOR_LIBS]) + # inotify checks if test x$enable_inotify = xno ; then have_inotify=no; @@ -1830,6 +1873,7 @@ echo " Building checks: ${enable_checks} Building bus stats API: ${enable_stats} Building SELinux support: ${have_selinux} + Building AppArmor support: ${have_apparmor} Building inotify support: ${have_inotify} Building kqueue support: ${have_kqueue} Building systemd support: ${have_systemd} -- 1.9.rc1