Re: [Libvir] PATCH: 10/16: general purpose helper APIs

On Mon, Feb 18, 2008 at 10:36:06AM -0500, Daniel Veillard wrote: > On Tue, Feb 12, 2008 at 04:37:08AM +0000, Daniel P. Berrange wrote: > > > > The SELinux code is optional, and can be replaced with calls to any other > > library which can provide MAC file labels, or just disabled completely.. > [...] > > +SELINUX_CFLAGS= > > +SELINUX_LIBS= > > +if test "$with_selinux" != "no"; then > > + old_cflags="$CFLAGS" > > + old_libs="$LIBS" > > + if test "$with_selinux" = "check"; then > > + AC_CHECK_HEADER([selinux/selinux.h],[],[with_selinux=no]) > > + AC_CHECK_LIB(selinux, fgetfilecon,[],[with_selinux=no]) > > + if test "$with_selinux" != "no"; then > > + with_selinux="yes" > > + fi > > + else > > + AC_CHECK_HEADER([selinux/selinux.h],[], > > + [AC_MSG_ERROR([You must install the SELinux development package in order to compile libvirt])]) > > + AC_CHECK_LIB(selinux, fgetfilecon,[], > > + [AC_MSG_ERROR([You must install the SELinux development package in order to compile and run libvirt])]) > > Hum, does that mean that withough any configure flags and if SELinux is > not found then configure would fail ? It may be the right thing to do since > it's a security option (and hence deactivation as an opt-in looks reasonable) > but this may be viewed as a bit too Fedora centric :-) The --with-selinux argument to configure has 3 possible values 'yes', 'no', 'check'. It will default to the latter. If it finds selinux libs it'll turn it on, otherwise it'll turn it off. It'll only cause configure to fail if you have it set to 'yes' and selinux is missing, which is not default behavuour.