Re: [libvirt PATCH 09/13] selinux: introduce meson option for selinux policy install

On Fri, Aug 06, 2021 at 06:48:06PM +0100, Daniel P. Berrangé wrote: > The /etc/os-release file may not even exist on OS and checking specific > OS names / versions in the build rules duplicates conditions that are > set in the RPM. > > Instead we just look for existance of the tools we need to build the > policy module. In doing so, we also introduce '-Dselinux_policy' > feature flag to let it be controlled explicitly. > > Since some versions will have an SELinux policy that is too old, we also > need to do a feature check for the newest interface(s) that we require. > Currently this is achieved by looking for "systemd_machined_stream_connect". > The "macro-expander" command can be used to check for SELinux policy > interfaces, as it will return empty string for any that don't exist. > > Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com&gt; > --- > libvirt.spec.in | 7 ++++++ > meson.build | 1 + > meson_options.txt | 1 + > src/security/meson.build | 13 +--------- > src/security/selinux/meson.build | 43 ++++++++++++++++++++++++++------ > 5 files changed, 46 insertions(+), 19 deletions(-) [...] > diff --git a/src/security/selinux/meson.build b/src/security/selinux/meson.build > index dda8730141..af5a5e38cb 100644 > --- a/src/security/selinux/meson.build > +++ b/src/security/selinux/meson.build > @@ -1,10 +1,39 @@ > -semod_prog = find_program('semodule_package') > -checkmod_prog = find_program('checkmodule') > -bzip2_prog = find_program('bzip2') > +selinux_policy_opt = get_option('selinux_policy') > +selinux_policy = false > +if not selinux_policy_opt.disabled() > + semod_prog = find_program('semodule_package', required: selinux_policy_opt) > + checkmod_prog = find_program('checkmodule', required: selinux_policy_opt) > + macroexpander_prog = find_program('macro-expander', required: selinux_policy_opt) > + bzip2_prog = find_program('bzip2') Here we should use `, required: selinux_policy_opt` as well, otherwise missing bzip2 would fail the `meson setup` phase if `selinux_policy_opt` is `auto`.