Re: [libvirt] [PATCH 1/3] Probe for libcap-ng

Probe for capng in configure, and set some RPM spec rules. Trivial boring stuff. Daniel diff -r 57a8eb45975e configure.in --- a/configure.in Mon Jun 22 11:54:49 2009 +0000 +++ b/configure.in Mon Jun 22 19:00:54 2009 +0100 @@ -749,6 +749,49 @@ AM_CONDITIONAL([HAVE_NUMACTL], [test "$w AC_SUBST([NUMACTL_CFLAGS]) AC_SUBST([NUMACTL_LIBS]) + + +dnl libcap-ng +AC_ARG_WITH([capng], + [ --with-capng use libcap-ng to reduce libvirtd privileges], + [], + [with_capng=check]) + +dnl +dnl This check looks for 'capng_updatev' since that was +dnl introduced in 0.4.0 release which need as minimum +dnl +CAPNG_CFLAGS= +CAPNG_LIBS= +if test "$with_qemu" = "yes" -a "$with_capng" != "no"; then + old_cflags="$CFLAGS" + old_libs="$LIBS" + if test "$with_capng" = "check"; then + AC_CHECK_HEADER([cap-ng.h],[],[with_capng=no]) + AC_CHECK_LIB([cap-ng], [capng_updatev],[],[with_capng=no]) + if test "$with_capng" != "no"; then + with_capng="yes" + fi + else + fail=0 + AC_CHECK_HEADER([cap-ng.h],[],[fail=1]) + AC_CHECK_LIB([cap-ng], [capng_updatev],[],[fail=1]) + test $fail = 1 && + AC_MSG_ERROR([You must install the capng >= 0.4.0 development package in order to compile and run libvirt]) + fi + CFLAGS="$old_cflags" + LIBS="$old_libs" +fi +if test "$with_capng" = "yes"; then + CAPNG_LIBS="-lcap-ng" + AC_DEFINE_UNQUOTED([HAVE_CAPNG], 1, [whether capng is available for privilege reduction]) +fi +AM_CONDITIONAL([HAVE_CAPNG], [test "$with_capng" != "no"]) +AC_SUBST([CAPNG_CFLAGS]) +AC_SUBST([CAPNG_LIBS]) + + + dnl virsh libraries AC_CHECK_HEADERS([readline/readline.h]) @@ -1473,6 +1516,11 @@ AC_MSG_NOTICE([ numactl: $NUMACTL_CFLAGS else AC_MSG_NOTICE([ numactl: no]) fi +if test "$with_capng" = "yes" ; then +AC_MSG_NOTICE([ capng: $CAPNG_CFLAGS $CAPNG_LIBS]) +else +AC_MSG_NOTICE([ capng: no]) +fi if test "$with_xen" = "yes" ; then AC_MSG_NOTICE([ xen: $XEN_CFLAGS $XEN_LIBS]) else diff -r 57a8eb45975e libvirt.spec.in --- a/libvirt.spec.in Mon Jun 22 11:54:49 2009 +0000 +++ b/libvirt.spec.in Mon Jun 22 19:00:54 2009 +0100 @@ -7,7 +7,8 @@ %define with_lxc 0%{!?_without_lxc:1} %define with_sasl 0%{!?_without_sasl:1} %define with_avahi 0%{!?_without_avahi:1} -%define with_polkit 0%{!?_without_polkit:1} +# default to off +%define with_polkit 0%{!?_without_polkit:0} %define with_python 0%{!?_without_python:1} %define with_libvirtd 0%{!?_without_libvirtd:1} %define with_uml 0%{!?_without_uml:1} @@ -17,6 +18,8 @@ %define with_storage_iscsi 0%{!?_without_storage_iscsi:1} %define with_storage_disk 0%{!?_without_storage_disk:1} %define with_numactl 0%{!?_without_numactl:1} +# default to off +%define with_capng 0%{!?_without_capng:0} # Xen is available only on i386 x86_64 ia64 %ifnarch i386 i586 i686 x86_64 ia64 @@ -38,6 +41,10 @@ %define with_xen_proxy 0 %endif +%if 0%{?fedora} >= 12 +%define with_capng 0%{!?_without_capng:1} +%endif + # # If building on RHEL switch on the specific support # for the specific Xen version @@ -162,6 +169,9 @@ BuildRequires: parted-devel # For QEMU/LXC numa info BuildRequires: numactl-devel %endif +%if %{with_capng} +BuildRequires: capng-devel >= 0.5.0 +%endif Obsoletes: libvir # Fedora build root suckage -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|