Re: [libvirt PATCH 09/13] selinux: introduce meson option for selinux policy install

The /etc/os-release file may not even exist on OS and checking specific OS names / versions in the build rules duplicates conditions that are set in the RPM. Instead we just look for existance of the tools we need to build the policy module. In doing so, we also introduce '-Dselinux_policy' feature flag to let it be controlled explicitly. Since some versions will have an SELinux policy that is too old, we also need to do a feature check for the newest interface(s) that we require. Currently this is achieved by looking for "systemd_machined_stream_connect". The "macro-expander" command can be used to check for SELinux policy interfaces, as it will return empty string for any that don't exist. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com&gt; --- libvirt.spec.in | 7 ++++++ meson.build | 1 + meson_options.txt | 1 + src/security/meson.build | 13 +--------- src/security/selinux/meson.build | 43 ++++++++++++++++++++++++++------ 5 files changed, 46 insertions(+), 19 deletions(-)

diff --git a/src/security/selinux/meson.build b/src/security/selinux/meson.build index dda8730141..af5a5e38cb 100644 --- a/src/security/selinux/meson.build +++ b/src/security/selinux/meson.build @@ -1,10 +1,39 @@ -semod_prog = find_program('semodule_package') -checkmod_prog = find_program('checkmodule') -bzip2_prog = find_program('bzip2') +selinux_policy_opt = get_option('selinux_policy') +selinux_policy = false +if not selinux_policy_opt.disabled() + semod_prog = find_program('semodule_package', required: selinux_policy_opt) + checkmod_prog = find_program('checkmodule', required: selinux_policy_opt) + macroexpander_prog = find_program('macro-expander', required: selinux_policy_opt) + bzip2_prog = find_program('bzip2')

+ selinux_policy_includes = get_option('selinux_policy_includes') -selinux_policy_includes = get_option('selinux_policy_includes') + if semod_prog.found() and checkmod_prog.found() and \ + bzip2_prog.found() and macroexpander_prog.found() + selinux_policy = true + else + if selinux_policy_opt.enabled() + error('selinux policy requested but required build tools are missing') + endif + endif -install_data('virt.if', install_dir : 'share/selinux/devel/include/distributed') + if selinux_policy + data = run_command(macroexpander_prog, + 'systemd_machined_stream_connect').stdout() + if data == '' + if selinux_policy_opt.enabled() + error('selinux policy version is too old, ' + + 'missing "systemd_machined_stream_connect"') + endif -subdir('mcs') -subdir('mls') + selinux_policy = false + endif + endif + + if selinux_policy + install_data('virt.if', + install_dir : 'share/selinux/devel/include/distributed') + + subdir('mcs') + subdir('mls') + endif +endif -- 2.31.1