[libvirt] [PATCH 00/29] Add selinux test & refactor configure.ac
This is an expanded version of this series which added a new SELinux test case https://www.redhat.com/archives/libvir-list/2012-September/msg01381.html The change here is to fix some bugs in the previous autoconf macros, and dramatically expand their usage, removing ~700 lines of code from configure.ac .gitignore | 1 configure.ac | 726 +---------------------------- daemon/Makefile.am | 2 daemon/libvirtd-config.c | 4 daemon/libvirtd.c | 4 daemon/libvirtd.h | 6 daemon/remote.c | 2 docs/hacking.html.in | 2 libvirt.spec.in | 1 m4/virt-apparmor.m4 | 19 m4/virt-audit.m4 | 9 m4/virt-avahi.m4 | 9 m4/virt-capng.m4 | 9 m4/virt-dbus.m4 | 19 m4/virt-hal.m4 | 9 m4/virt-lib.m4 | 273 ++++++++++ m4/virt-libattr.m4 | 9 m4/virt-libblkid.m4 | 9 m4/virt-netcf.m4 | 23 m4/virt-numactl.m4 | 9 m4/virt-pciaccess.m4 | 9 m4/virt-result.m4 | 9 m4/virt-sanlock.m4 | 9 m4/virt-sasl.m4 | 12 m4/virt-selinux.m4 | 33 + m4/virt-udev.m4 | 15 m4/virt-yajl.m4 | 34 + src/Makefile.am | 22 src/lxc/lxc_container.c | 14 src/lxc/lxc_controller.c | 8 src/node_device/node_device_driver.c | 8 src/node_device/node_device_driver.h | 4 src/nodeinfo.c | 10 src/nwfilter/nwfilter_driver.c | 4 src/qemu/qemu_capabilities.c | 2 src/qemu/qemu_driver.c | 4 src/qemu/qemu_process.c | 4 src/remote/remote_driver.c | 8 src/rpc/virnetclient.c | 10 src/rpc/virnetclient.h | 4 src/rpc/virnetserverclient.c | 12 src/rpc/virnetserverclient.h | 2 src/rpc/virnetservermdns.c | 12 src/rpc/virnetsocket.c | 16 src/rpc/virnetsocket.h | 4 src/storage/storage_backend.c | 6 src/storage/storage_backend_fs.c | 8 src/storage/storage_backend_scsi.c | 4 src/util/command.c | 4 src/util/json.c | 14 src/util/storage_file.c | 2 src/util/util.c | 2 src/util/viraudit.c | 14 src/util/virdbus.c | 6 src/util/virdbus.h | 2 tests/Makefile.am | 22 tests/libvirtdconftest.c | 2 tests/qemuhelptest.c | 2 tests/securityselinuxhelper.c | 33 + tests/securityselinuxlabeldata/chardev.txt | 5 tests/securityselinuxlabeldata/chardev.xml | 34 + tests/securityselinuxlabeldata/disks.txt | 5 tests/securityselinuxlabeldata/disks.xml | 52 ++ tests/securityselinuxlabeldata/kernel.txt | 2 tests/securityselinuxlabeldata/kernel.xml | 20 tests/securityselinuxlabeltest.c | 341 +++++++++++++ tools/Makefile.am | 4 67 files changed, 1184 insertions(+), 814 deletions(-)
From: "Daniel P. Berrange" <berrange@redhat.com> Most checks for libraries take the same format * --with-libFOO=yes|no|check|/some/path argument * check for a function NNN in libFOO.so * check for a header file DDD/HHH.h * Define a WITH_FOO config.h symbol * Define a WITH_FOO make conditional * Substitute FOO_CFLAGS and FOO_LIBS make variables * Print CFLAGS & LIBS summary at the end Doing all this correctly is rather difficult, typically done by copy+paste of a previous usage. Further small improvements people make are not applied to all previous usages. Improve this by creating some helper macros to apply good practice. First, to perform the actual checks: LIBVIRT_CHECK_LIB([SELINUX],[selinux],[getfilecon][selinux/selinux.h]) This checks for 'getfilecon' in libselinux.so, and the existance of 'selinux/selinux.h' header file. If successful it sets SELINUX_CFLAGS and SELINUX_LIBS. The WITH_SELINUX config.h macro and WITH_SELINUX make conditional are also defined. Finally to print a summary of CFLAGS & LIBs found (if any): LIBVIRT_RESULT_LIB([SELINUX],[selinux]) Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- m4/virt-lib.m4 | 217 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ m4/virt-result.m4 | 9 +++ 2 files changed, 226 insertions(+) create mode 100644 m4/virt-lib.m4 create mode 100644 m4/virt-result.m4 diff --git a/m4/virt-lib.m4 b/m4/virt-lib.m4 new file mode 100644 index 0000000..86a6aa0 --- /dev/null +++ b/m4/virt-lib.m4 @@ -0,0 +1,217 @@ +dnl +dnl Probe for existance of libXXXX and set WITH_XXX +dnl config header var, WITH_XXXX make conditional and +dnl with_XXX configure shell var. +dnl +dnl LIBVIRT_CHECK_LIB([WITH_VAR],[NAME_VAR],[LIBNAME],[FUNCNAME],[HDRNAME]) +dnl +dnl WITH_VAR: Suffix for the WITH_XXX variable in config.h & conditional in make, +dnl and prefix for the XXX_CFLAGS and XXX_LIBS make variables +dnl NAME_VAR: Suffix for the --with-XXX configure arg and $with_XXX configure variable +dnl LIBNAME: Suffix for the library name libXXX.so (typically same as NAME_VAR) +dnl FUNCNAME: Name of function to check for in libXXX.so +dnl HDRNAME: Name of header file to check for +dnl +dnl eg +dnl +dnl LIBVIRT_CHECK_LIB([SELINUX],[selinux],[selinux],[getfilecon],[selinux/selinux.h]) +dnl LIBVIRT_CHECK_LIB([SANLOCK],[sanlock],[sanlock_client],[sanlock_init],[sanlock.h]) +dnl LIBVIRT_CHECK_LIB([LIBATTR],[libattr],[attr],[getxattr],[attr/attr.h]) +dnl +AC_DEFUN([LIBVIRT_CHECK_LIB],[ + AS_VAR_PUSHDEF([config_var],[WITH_$1]) + AS_VAR_PUSHDEF([make_var],[WITH_$1]) + AS_VAR_PUSHDEF([cflags_var],[$1_CFLAGS]) + AS_VAR_PUSHDEF([libs_var],[$1_LIBS]) + AS_VAR_PUSHDEF([name_var],[$2]) + AS_VAR_PUSHDEF([arg_var],[with-$2]) + AS_VAR_PUSHDEF([with_var],[with_$2]) + AS_VAR_PUSHDEF([libname_var],[$3]) + AS_VAR_PUSHDEF([funcname_var],[$4]) + dnl Does not work - '.' and '/' get changed into '_' + dnl AS_VAR_PUSHDEF([hdrname_var],[$5]) + + AC_ARG_WITH([name_var], + AC_HELP_STRING([--arg_var], + [with lib$3 support @<:@default=check@:>@]),[],[with_var][=check]) + + old_LIBS="$LIBS" + old_CFLAGS="$CFLAGS" + AS_VAR_SET([cflags_var],[]) + AS_VAR_SET([libs_var],[]) + + fail=0 + if test "$with_var" != "no" ; then + if test "$with_var" != "yes" && test "$with_var" != "check" ; then + AS_VAR_SET([cflags_var],[-I$with_var/include]) + AS_VAR_SET([libs_var],[-L$with_var/lib]) + fi + CFLAGS="$CFLAGS $cflags_var" + LIBS="$LIBS $libs_var" + AC_CHECK_LIB([$3], funcname_var, [],[ + if test "$with_var" != "check"; then + fail=1 + fi + AS_VAR_SET([with_var],[no]) + ]) + if test "$fail" = "0" && test "$with_var" != "no" ; then + AC_CHECK_HEADER([$5], [ + AS_VAR_SET([with_var],[yes]) + ],[ + if test "$with_var" != "check"; then + fail=1 + fi + AS_VAR_SET([with_var],[no]) + ]) + fi + fi + + LIBS="$old_LIBS" + CFLAGS="$old_CFLAGS" + + if test $fail = 1; then + AC_MSG_ERROR([You must install the lib$3 library & headers to compile libvirt]) + fi + + if test "$with_var" = "yes" ; then + if test -z "$libs_var" ; then + AS_VAR_SET([libs_var],["-l$3"]) + else + AS_VAR_SET([libs_var],["$]libs_var[ -l$3"]) + fi + + AC_DEFINE_UNQUOTED(config_var, 1, [whether $3 is available]) + fi + + AM_CONDITIONAL(make_var, [test "$with_var" = "yes"]) + + AC_SUBST(cflags_var) + AC_SUBST(libs_var) +]) + +dnl +dnl Probe for existance of libXXXX, or alternatively libYYYY and set WITH_XXX +dnl config header var, WITH_XXXX make conditional and with_XXX configure shell +dnl var. +dnl +dnl LIBVIRT_CHECK_LIB_FALLBACK([WITH_VAR],[WITH_VAR_2],[NAME_VAR], +dnl [LIBNAME],[LIBNAME2],[FUNCNAME],[FUNCNAME2],[HDRNAME]) +dnl +dnl WITH_VAR: Suffix for the WITH_XXX variable in config.h & conditional in make, +dnl and prefix for the XXX_CFLAGS and XXX_LIBS make variables +dnl WITH_VAR2: Suffix for the WITH_XXX variable in config.h & conditional in make +dnl if the fallback library was required +dnl NAME_VAR: Suffix for the --with-XXX configure arg and $with_XXX configure variable +dnl LIBNAME: Suffix for the library name libXXX.so (typically same as NAME_VAR) +dnl LIBNAME2: Suffix for the library name libYYY.so fallback choice +dnl FUNCNAME: Name of function to check for in libXXX.so +dnl FUNCNAME2: Name of function to check for in libYYY.so +dnl HDRNAME: Name of header file to check for +dnl +dnl eg +dnl +dnl LIBVIRT_CHECK_LIB([SASL],[SASL2],[sasl], +dnl [sasl],[sasl2],[sasl_client_init],[sasl/sasl.h]) +dnl +AC_DEFUN([LIBVIRT_CHECK_LIB_FALLBACK],[ + AS_VAR_PUSHDEF([config_var],[WITH_$1]) + AS_VAR_PUSHDEF([config2_var],[WITH_$2]) + AS_VAR_PUSHDEF([make_var],[WITH_$1]) + AS_VAR_PUSHDEF([make2_var],[WITH_$2]) + AS_VAR_PUSHDEF([cflags_var],[$1_CFLAGS]) + AS_VAR_PUSHDEF([libs_var],[$1_LIBS]) + AS_VAR_PUSHDEF([name_var],[$3]) + AS_VAR_PUSHDEF([arg_var],[with-$3]) + AS_VAR_PUSHDEF([with_var],[with_$3]) + AS_VAR_PUSHDEF([libname_var],[$4]) + AS_VAR_PUSHDEF([libname2_var],[$5]) + AS_VAR_PUSHDEF([funcname_var],[$6]) + AS_VAR_PUSHDEF([funcname2_var],[$7]) + dnl AS_VAR_PUSHDEF([hdrname_var],[$8]) + + AC_ARG_WITH([name_var], + AC_HELP_STRING([--arg_var], + [with lib$3 support @<:@default=check@:>@]),[],[with_var][=check]) + + old_LIBS="$LIBS" + old_CFLAGS="$CFLAGS" + AS_VAR_SET([cflags_var],[]) + AS_VAR_SET([libs_var],[]) + + fail=0 + v2=0 + if test "$with_var" != "no" ; then + if test "$with_var" != "yes" && test "$with_var" != "check" ; then + AS_VAR_SET([cflags_var],[-I$with_var/include]) + AS_VAR_SET([libs_var],[-L$with_var/lib]) + fi + CFLAGS="$CFLAGS $cflags_var" + LIBS="$LIBS $libs_var" + AC_CHECK_LIB([$4], funcname_var, [],[ + AC_CHECK_LIB([$5], funcname2_var, [ + v2=1 + ],[ + if test "$with_var" != "check"; then + fail=1 + fi + AS_VAR_SET([with_var],[no]) + ]) + ]) + if test "$fail" = "0" && test "$with_var" != "no" ; then + AC_CHECK_HEADER([$8], [ + AS_VAR_SET([with_var],[yes]) + ],[ + if test "$with_var" != "check"; then + fail=1 + fi + AS_VAR_SET([with_var],[no]) + ]) + fi + fi + + LIBS="$old_LIBS" + CFLAGS="$old_CFLAGS" + + if test $fail = 1; then + AC_MSG_ERROR([You must install the lib$4 library & headers to compile libvirt]) + fi + + if test "$with_var" = "yes" ; then + if test -z "$libs_var" ; then + AS_VAR_SET([libs_var],["-l$4"]) + else + AS_VAR_SET([libs_var],["$]libs_var[ -l$4"]) + fi + + AC_DEFINE_UNQUOTED(config_var, 1, [whether lib$4 is available]) + if test "$v2" = "1" ; then + AC_DEFINE_UNQUOTED(config2_var, 1, [whether lib$5 is available]) + fi + fi + + AM_CONDITIONAL(make_var, [test "$with_var" = "yes"]) + AM_CONDITIONAL(make2_var, [test "$with_var" = "yes" && test "$v2" = "1"]) + + AC_SUBST(cflags_var) + AC_SUBST(libs_var) +]) + +dnl +dnl To be called after a LIBVIRT_CHECK_LIB or LIBVIRT_CHECK_LIB_FALLBACK +dnl invocation to print the result status +dnl +dnl LIBVIRT_RESULT_LIB([WITH_VAR],[NAME_VAR]) +dnl +dnl WITH_VAR: Prefix for the XXX_CFLAGS and XXX_LIBS make variables +dnl NAME_VAR: Suffix for the --with-XXX configure arg and $with_XXX configure variable +dnl +dnl LIBVIRT_RESULT_LIB([SELINUX],[selinux]) +dnl +AC_DEFUN([LIBVIRT_RESULT_LIB],[ + AS_VAR_PUSHDEF([cflags_var],[$1_CFLAGS]) + AS_VAR_PUSHDEF([libs_var],[$1_LIBS]) + AS_VAR_PUSHDEF([name_var],[$2]) + AS_VAR_PUSHDEF([with_var],[with_$2]) + + LIBVIRT_RESULT(name_var, [$with_var], [CFLAGS=$cflags_var LIBS=$libs_var]) +]) diff --git a/m4/virt-result.m4 b/m4/virt-result.m4 new file mode 100644 index 0000000..c2e1517 --- /dev/null +++ b/m4/virt-result.m4 @@ -0,0 +1,9 @@ +AC_DEFUN([LIBVIRT_RESULT], [ + if test "$2" = "no" || test -z "$3" ; then + printf -v STR "%8s: %-3s" "$1" "$2" + else + printf -v STR "%8s: %-3s (%s)" "$1" "$2" "$3" + fi + + AC_MSG_NOTICE([$STR]) +]) -- 1.7.11.4
On 09/20/2012 09:01 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
Most checks for libraries take the same format
* --with-libFOO=yes|no|check|/some/path argument * check for a function NNN in libFOO.so * check for a header file DDD/HHH.h * Define a WITH_FOO config.h symbol * Define a WITH_FOO make conditional * Substitute FOO_CFLAGS and FOO_LIBS make variables * Print CFLAGS & LIBS summary at the end
Doing all this correctly is rather difficult, typically done by copy+paste of a previous usage. Further small improvements people make are not applied to all previous usages.
On it's own, this patch merely introduces files that are unused, but it doesn't make sense to push before the release unless we also take one of the other commits in the series that uses it.
Improve this by creating some helper macros to apply good practice. First, to perform the actual checks:
LIBVIRT_CHECK_LIB([SELINUX],[selinux],[getfilecon][selinux/selinux.h])
Missing a comma. Also, autoconf ignores whitespace after comma, so I'd write this as: LIBVIRT_CHECK_LIB([SELINUX], [selinux], [getfilecon], [selinux/selinux.h])
This checks for 'getfilecon' in libselinux.so, and the
More precisely, in '-lselinux', since this construct works even for cygwin where such a library [if it existed] would be named cygselinux.dll.
existance of 'selinux/selinux.h' header file. If successful
s/existance/existence/
it sets SELINUX_CFLAGS and SELINUX_LIBS. The WITH_SELINUX config.h macro and WITH_SELINUX make conditional are also defined.
Finally to print a summary of CFLAGS & LIBs found (if any):
LIBVIRT_RESULT_LIB([SELINUX],[selinux])
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- m4/virt-lib.m4 | 217 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ m4/virt-result.m4 | 9 +++ 2 files changed, 226 insertions(+) create mode 100644 m4/virt-lib.m4 create mode 100644 m4/virt-result.m4
diff --git a/m4/virt-lib.m4 b/m4/virt-lib.m4 new file mode 100644 index 0000000..86a6aa0 --- /dev/null +++ b/m4/virt-lib.m4 @@ -0,0 +1,217 @@ +dnl
Missing a copyright header.
+dnl Probe for existance of libXXXX and set WITH_XXX
s/existance/existence/
+dnl config header var, WITH_XXXX make conditional and +dnl with_XXX configure shell var. +dnl +dnl LIBVIRT_CHECK_LIB([WITH_VAR],[NAME_VAR],[LIBNAME],[FUNCNAME],[HDRNAME])
5 arguments listed here, but only 4 listed in the commit message.
+dnl +dnl WITH_VAR: Suffix for the WITH_XXX variable in config.h & conditional in make, +dnl and prefix for the XXX_CFLAGS and XXX_LIBS make variables +dnl NAME_VAR: Suffix for the --with-XXX configure arg and $with_XXX configure variable
Will these two values always be the same case-insensitive string? If so, you only need one of the two of them, and use m4 to do the case-conversion as part of this macro, using functions such as m4_toupper.
+dnl LIBNAME: Suffix for the library name libXXX.so (typically same as NAME_VAR)
I'd allow this to be a default, where the user can write: [NAME_VAR], [], instead of: [NAME_VAR], [NAME_VAR], in the common case (of course, you demonstrated sanlock_client as a counter-example that warrants the separate arg). To do this, you replace use of $3 with m4_default([$3], [$2]).
+dnl FUNCNAME: Name of function to check for in libXXX.so +dnl HDRNAME: Name of header file to check for +dnl +dnl eg
s/eg/e.g./
+dnl +dnl LIBVIRT_CHECK_LIB([SELINUX],[selinux],[selinux],[getfilecon],[selinux/selinux.h]) +dnl LIBVIRT_CHECK_LIB([SANLOCK],[sanlock],[sanlock_client],[sanlock_init],[sanlock.h]) +dnl LIBVIRT_CHECK_LIB([LIBATTR],[libattr],[attr],[getxattr],[attr/attr.h])
Long lines. Encourage wrapping at a sensible point.
+dnl +AC_DEFUN([LIBVIRT_CHECK_LIB],[ + AS_VAR_PUSHDEF([config_var],[WITH_$1]) + AS_VAR_PUSHDEF([make_var],[WITH_$1]) + AS_VAR_PUSHDEF([cflags_var],[$1_CFLAGS]) + AS_VAR_PUSHDEF([libs_var],[$1_LIBS]) + AS_VAR_PUSHDEF([name_var],[$2]) + AS_VAR_PUSHDEF([arg_var],[with-$2]) + AS_VAR_PUSHDEF([with_var],[with_$2]) + AS_VAR_PUSHDEF([libname_var],[$3]) + AS_VAR_PUSHDEF([funcname_var],[$4]) + dnl Does not work - '.' and '/' get changed into '_' + dnl AS_VAR_PUSHDEF([hdrname_var],[$5]) + + AC_ARG_WITH([name_var], + AC_HELP_STRING([--arg_var],
Missing quoting. You need [] around the second argument of AC_ARG_WITH.
+ [with lib$3 support @<:@default=check@:>@]),[],[with_var][=check])
AC_HELP_STRING is obsolete. Autoconf recommends using AS_HELP_STRING. Line wrapping is hard to follow; I'd put a line break after the HELP_STRING() and before the [] third argument of AC_ARG_WITH.
+ + old_LIBS="$LIBS" + old_CFLAGS="$CFLAGS" + AS_VAR_SET([cflags_var],[]) + AS_VAR_SET([libs_var],[]) + + fail=0 + if test "$with_var" != "no" ; then
Technically, $with_var is user-supplied, and can therefore start with text that can confuse (non-compliant) versions of 'test'; it's better in this case to write test "x$with_var" != "xno" (here, and anywhere else a shell variable with user-supplied contents is probed). Also, here, you are directly probing with_var...
+ if test "$with_var" != "yes" && test "$with_var" != "check" ; then + AS_VAR_SET([cflags_var],[-I$with_var/include]) + AS_VAR_SET([libs_var],[-L$with_var/lib]) + fi + CFLAGS="$CFLAGS $cflags_var" + LIBS="$LIBS $libs_var" + AC_CHECK_LIB([$3], funcname_var, [],[ + if test "$with_var" != "check"; then + fail=1 + fi + AS_VAR_SET([with_var],[no]) + ]) + if test "$fail" = "0" && test "$with_var" != "no" ; then + AC_CHECK_HEADER([$5], [ + AS_VAR_SET([with_var],[yes])
...but here you are using the AS_VAR_* wrappers. If you plan on using the AS_VAR wrappers, then all uses of the variable, including probing its value, have to go through AS_VAR (that is, $with_var might not be valid shell code compared to AS_VAR_GET([with_var]), depending on what the user gave as input to this macro). But it looks like you intend for this macro to always be used with literal strings rather than shell indirections, at which point AS_VAR_PUSHDEF/AS_VAR_POPDEF may be overkill, and you could get away with simpler m4_pushdef/m4_popdef.
+ ],[ + if test "$with_var" != "check"; then + fail=1 + fi + AS_VAR_SET([with_var],[no]) + ]) + fi + fi + + LIBS="$old_LIBS" + CFLAGS="$old_CFLAGS"
Technically, the "" aren't necessary here, but they don't hurt either.
+ + if test $fail = 1; then + AC_MSG_ERROR([You must install the lib$3 library & headers to compile libvirt]) + fi + + if test "$with_var" = "yes" ; then + if test -z "$libs_var" ; then + AS_VAR_SET([libs_var],["-l$3"]) + else + AS_VAR_SET([libs_var],["$]libs_var[ -l$3"]) + fi + + AC_DEFINE_UNQUOTED(config_var, 1, [whether $3 is available]) + fi + + AM_CONDITIONAL(make_var, [test "$with_var" = "yes"]) + + AC_SUBST(cflags_var) + AC_SUBST(libs_var) +]) + +dnl +dnl Probe for existance of libXXXX, or alternatively libYYYY and set WITH_XXX
s/existance/existence/
+dnl config header var, WITH_XXXX make conditional and with_XXX configure shell +dnl var. +dnl +dnl LIBVIRT_CHECK_LIB_FALLBACK([WITH_VAR],[WITH_VAR_2],[NAME_VAR], +dnl [LIBNAME],[LIBNAME2],[FUNCNAME],[FUNCNAME2],[HDRNAME])
A lot of autoconf macros have the style of providing two arguments, one expanded if the check was successful, and the other if it failed. I'm wondering if it would be better to have: LIBVIRT_CHECK_LIB([WITH_VAR], [NAME_VAR], [LIBNAME], [FUNCNAME], [HDRNAME], [if-found], [if-not-found]) where this macro would not be needed, but you would instead write it as: LIBVIRT_CHECK_LIB([WITH_VAR], [NAME_VAR], [LIBNAME], [FUNCNAME], [HDRNAME], [], [LIBVIRT_CHECK_LIB([WITH_VAR2], [NAME_VAR], [LIBNAME2], [FUNCNAME2], [HDRNAME])])
+dnl +dnl WITH_VAR: Suffix for the WITH_XXX variable in config.h & conditional in make, +dnl and prefix for the XXX_CFLAGS and XXX_LIBS make variables +dnl WITH_VAR2: Suffix for the WITH_XXX variable in config.h & conditional in make +dnl if the fallback library was required +dnl NAME_VAR: Suffix for the --with-XXX configure arg and $with_XXX configure variable +dnl LIBNAME: Suffix for the library name libXXX.so (typically same as NAME_VAR) +dnl LIBNAME2: Suffix for the library name libYYY.so fallback choice +dnl FUNCNAME: Name of function to check for in libXXX.so +dnl FUNCNAME2: Name of function to check for in libYYY.so +dnl HDRNAME: Name of header file to check for
Why don't we need a HDRNAME2? And should we make it easy to default contents where any *2 variable left blank has the same value as the non-2 variable?
+ AS_VAR_PUSHDEF([name_var],[$3]) + AS_VAR_PUSHDEF([arg_var],[with-$3]) + AS_VAR_PUSHDEF([with_var],[with_$3]) + AS_VAR_PUSHDEF([libname_var],[$4]) + AS_VAR_PUSHDEF([libname2_var],[$5]) + AS_VAR_PUSHDEF([funcname_var],[$6]) + AS_VAR_PUSHDEF([funcname2_var],[$7]) + dnl AS_VAR_PUSHDEF([hdrname_var],[$8]) + + AC_ARG_WITH([name_var], + AC_HELP_STRING([--arg_var], + [with lib$3 support @<:@default=check@:>@]),[],[with_var][=check])
Same comments as before. Also, here, you could write: [with lib]with_var[ support ...] instead of having to look up what $3 meant.
+ + if test $fail = 1; then + AC_MSG_ERROR([You must install the lib$4 library & headers to compile libvirt]) + fi
If you do use my suggestion of an if-found/if-not-found argument, then this would be better as: if test $fail = 1; then m4_default([if-not-found-arg], [AC_MSG_ERROR([...])]) fi so that failure to find the library is fatal only if the macro caller didn't supply alternate if-not-found code.
+dnl +dnl To be called after a LIBVIRT_CHECK_LIB or LIBVIRT_CHECK_LIB_FALLBACK +dnl invocation to print the result status +dnl +dnl LIBVIRT_RESULT_LIB([WITH_VAR],[NAME_VAR]) +dnl +dnl WITH_VAR: Prefix for the XXX_CFLAGS and XXX_LIBS make variables +dnl NAME_VAR: Suffix for the --with-XXX configure arg and $with_XXX configure variable +dnl +dnl LIBVIRT_RESULT_LIB([SELINUX],[selinux]) +dnl +AC_DEFUN([LIBVIRT_RESULT_LIB],[ + AS_VAR_PUSHDEF([cflags_var],[$1_CFLAGS]) + AS_VAR_PUSHDEF([libs_var],[$1_LIBS]) + AS_VAR_PUSHDEF([name_var],[$2]) + AS_VAR_PUSHDEF([with_var],[with_$2]) + + LIBVIRT_RESULT(name_var, [$with_var], [CFLAGS=$cflags_var LIBS=$libs_var]) +])
Missing matching AS_VAR_POPDEF, throughout the patch. Every AS_VAR_PUSHDEF (or m4_pushdef) needs a paired cleanup within the same macro definition.
diff --git a/m4/virt-result.m4 b/m4/virt-result.m4 new file mode 100644 index 0000000..c2e1517 --- /dev/null +++ b/m4/virt-result.m4 @@ -0,0 +1,9 @@ +AC_DEFUN([LIBVIRT_RESULT], [
Missing a copyright and documentation. Why does this need to be a separate file?
+ if test "$2" = "no" || test -z "$3" ; then + printf -v STR "%8s: %-3s" "$1" "$2"
printf -v is not portable. This has to be written: STR=`printf "%8s: %-3s" "$1" "$2"`
+ else + printf -v STR "%8s: %-3s (%s)" "$1" "$2" "$3" + fi + + AC_MSG_NOTICE([$STR]) +])
-- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
From: "Daniel P. Berrange" <berrange@redhat.com> There are many aspects of the guest XML which result in the SELinux driver applying file labelling. With the increasing configuration options it is desirable to test this behaviour. It is not possible to assume that the test suite has the ability to set SELinux labels. Most filesystems though will support extended attributes. Thus for the purpose of testing, it is possible to extend the existing LD_PRELOAD hack to override setfilecon() and getfilecon() to simply use the 'user.libvirt.selinux' attribute for the sake of testing. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- .gitignore | 1 + configure.ac | 3 + libvirt.spec.in | 1 + m4/virt-libattr.m4 | 9 + tests/Makefile.am | 20 +- tests/securityselinuxhelper.c | 33 +++ tests/securityselinuxlabeldata/chardev.txt | 5 + tests/securityselinuxlabeldata/chardev.xml | 34 +++ tests/securityselinuxlabeldata/disks.txt | 5 + tests/securityselinuxlabeldata/disks.xml | 52 +++++ tests/securityselinuxlabeldata/kernel.txt | 2 + tests/securityselinuxlabeldata/kernel.xml | 20 ++ tests/securityselinuxlabeltest.c | 341 +++++++++++++++++++++++++++++ 13 files changed, 523 insertions(+), 3 deletions(-) create mode 100644 m4/virt-libattr.m4 create mode 100644 tests/securityselinuxlabeldata/chardev.txt create mode 100644 tests/securityselinuxlabeldata/chardev.xml create mode 100644 tests/securityselinuxlabeldata/disks.txt create mode 100644 tests/securityselinuxlabeldata/disks.xml create mode 100644 tests/securityselinuxlabeldata/kernel.txt create mode 100644 tests/securityselinuxlabeldata/kernel.xml create mode 100644 tests/securityselinuxlabeltest.c diff --git a/.gitignore b/.gitignore index 1cd2d45..58a8f34 100644 --- a/.gitignore +++ b/.gitignore @@ -150,6 +150,7 @@ /tests/secaatest /tests/seclabeltest /tests/securityselinuxtest +/tests/securityselinuxlabeltest /tests/sexpr2xmltest /tests/shunloadtest /tests/sockettest diff --git a/configure.ac b/configure.ac index 3e90672..cc63361 100644 --- a/configure.ac +++ b/configure.ac @@ -148,6 +148,8 @@ AC_MSG_RESULT([$VERSION_SCRIPT_FLAGS]) LIBVIRT_COMPILE_WARNINGS +LIBVIRT_CHECK_LIBATTR + AC_MSG_CHECKING([for CPUID instruction]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM( [[ @@ -3080,6 +3082,7 @@ fi AC_MSG_NOTICE([]) AC_MSG_NOTICE([Libraries]) AC_MSG_NOTICE([]) +LIBVIRT_RESULT_LIBATTR AC_MSG_NOTICE([ libxml: $LIBXML_CFLAGS $LIBXML_LIBS]) AC_MSG_NOTICE([ dlopen: $DLOPEN_LIBS]) if test "$with_esx" = "yes" ; then diff --git a/libvirt.spec.in b/libvirt.spec.in index 1192739..dc5347c 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -385,6 +385,7 @@ BuildRequires: ncurses-devel BuildRequires: gettext BuildRequires: libtasn1-devel BuildRequires: gnutls-devel +BuildRequires: libattr-devel %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 # for augparse, optionally used in testing BuildRequires: augeas diff --git a/m4/virt-libattr.m4 b/m4/virt-libattr.m4 new file mode 100644 index 0000000..bac2d46 --- /dev/null +++ b/m4/virt-libattr.m4 @@ -0,0 +1,9 @@ +dnl The libattr.so library + +AC_DEFUN([LIBVIRT_CHECK_LIBATTR],[ + LIBVIRT_CHECK_LIB([LIBATTR], [libattr], [attr], [getxattr], [attr/xattr.h]) +]) + +AC_DEFUN([LIBVIRT_RESULT_LIBATTR],[ + LIBVIRT_RESULT_LIB([LIBATTR], [libattr]) +]) diff --git a/tests/Makefile.am b/tests/Makefile.am index 8dbad97..d715291 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -68,6 +68,7 @@ EXTRA_DIST = \ qemuxml2argvdata \ qemuxml2xmloutdata \ qemuxmlnsdata \ + securityselinuxlabeldata \ schematestutils.sh \ sexpr2xmldata \ storagepoolschematest \ @@ -97,6 +98,9 @@ test_programs = virshtest sockettest \ if WITH_SECDRIVER_SELINUX test_programs += securityselinuxtest +if WITH_LIBATTR +test_programs += securityselinuxlabeltest +endif endif if WITH_DRIVER_MODULES @@ -573,10 +577,20 @@ securityselinuxtest_SOURCES = \ securityselinuxtest.c testutils.h testutils.c securityselinuxtest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS) securityselinuxtest_LDADD = $(LDADDS) -securityselinuxtest_DEPENDENCIES = libsecurityselinuxhelper.la -else -EXTRA_DIST += securityselinuxtest.c securityselinuxhelper.c +securityselinuxtest_DEPENDENCIES = libsecurityselinuxhelper.la ../src/libvirt.la + +if WITH_QEMU +if WITH_LIBATTR +securityselinuxlabeltest_SOURCES = \ + securityselinuxlabeltest.c testutils.h testutils.c \ + testutilsqemu.h testutilsqemu.c +securityselinuxlabeltest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS) +securityselinuxlabeltest_LDADD = $(qemu_LDADDS) +securityselinuxlabeltest_DEPENDENCIES = libsecurityselinuxhelper.la ../src/libvirt.la +endif +endif endif +EXTRA_DIST += securityselinuxtest.c securityselinuxlabeltest.c securityselinuxhelper.c virbuftest_SOURCES = \ virbuftest.c testutils.h testutils.c diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c index 98472a6..015929c 100644 --- a/tests/securityselinuxhelper.c +++ b/tests/securityselinuxhelper.c @@ -25,6 +25,9 @@ #include <string.h> #include <unistd.h> #include <errno.h> +#include <attr/xattr.h> + + /* * The kernel policy will not allow us to arbitrarily change * test process context. This helper is used as an LD_PRELOAD @@ -65,3 +68,33 @@ int setcon(security_context_t context) { return setenv("FAKE_CONTEXT", context, 1); } + + +#if WITH_LIBATTR +int setfilecon(const char *path, security_context_t con) +{ + const char *constr = con; + return setxattr(path, "user.libvirt.selinux", + constr, strlen(constr), 0); +} + + +int getfilecon(const char *path, security_context_t *con) +{ + char *constr = NULL; + ssize_t len = getxattr(path, "user.libvirt.selinux", + NULL, 0); + if (len < 0) + return -1; + if (!(constr = malloc(len+1))) + return -1; + memset(constr, 0, len); + if (getxattr(path, "user.libvirt.selinux", constr, len) < 0) { + free(constr); + return -1; + } + *con = constr; + constr[len] = '\0'; + return 0; +} +#endif diff --git a/tests/securityselinuxlabeldata/chardev.txt b/tests/securityselinuxlabeldata/chardev.txt new file mode 100644 index 0000000..e20e3ca --- /dev/null +++ b/tests/securityselinuxlabeldata/chardev.txt @@ -0,0 +1,5 @@ +/plain.txt;system_u:object_r:svirt_image_t:s0:c41,c264 +/plain.dev;system_u:object_r:svirt_image_t:s0:c41,c264 +/plain.fifo;system_u:object_r:svirt_image_t:s0:c41,c264 +/nolabel.sock; +/plain.sock; diff --git a/tests/securityselinuxlabeldata/chardev.xml b/tests/securityselinuxlabeldata/chardev.xml new file mode 100644 index 0000000..1c82614 --- /dev/null +++ b/tests/securityselinuxlabeldata/chardev.xml @@ -0,0 +1,34 @@ +<domain type='kvm'> + <name>vm1</name> + <uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid> + <memory unit='KiB'>219200</memory> + <os> + <type arch='i686' machine='pc-1.0'>hvm</type> + <boot dev='cdrom'/> + </os> + <devices> + <serial type='file'> + <source path='/plain.txt'/> + </serial> + <serial type='pipe'> + <source path='/plain.fifo'/> + </serial> + <serial type='dev'> + <source path='/plain.dev'/> + </serial> + <serial type='unix'> + <source mode='bind' path='/plain.sock'/> + </serial> + <serial type='unix'> + <source mode='connect' path='/nolabel.sock'/> + </serial> + <input type='mouse' bus='ps2'/> + <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'> + <listen type='address' address='0.0.0.0'/> + </graphics> + </devices> + <seclabel model="selinux" type="dynamic" relabel="yes"> + <label>system_u:system_r:svirt_t:s0:c41,c264</label> + <imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel> + </seclabel> +</domain> diff --git a/tests/securityselinuxlabeldata/disks.txt b/tests/securityselinuxlabeldata/disks.txt new file mode 100644 index 0000000..2573d99 --- /dev/null +++ b/tests/securityselinuxlabeldata/disks.txt @@ -0,0 +1,5 @@ +/plain.raw;system_u:object_r:svirt_image_t:s0:c41,c264 +/shared.raw;system_u:object_r:svirt_image_t:s0 +/readonly.raw;system_u:object_r:virt_content_t:s0 +/nolabel.raw; +/altlabel.raw;system_u:object_r:svirt_image_custom_t:s0:c41,c264 diff --git a/tests/securityselinuxlabeldata/disks.xml b/tests/securityselinuxlabeldata/disks.xml new file mode 100644 index 0000000..33e8763 --- /dev/null +++ b/tests/securityselinuxlabeldata/disks.xml @@ -0,0 +1,52 @@ +<domain type='kvm'> + <name>vm1</name> + <uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid> + <memory unit='KiB'>219200</memory> + <os> + <type arch='i686' machine='pc-1.0'>hvm</type> + <boot dev='cdrom'/> + </os> + <devices> + <disk type='file' device='disk'> + <driver name='qemu' type='raw'/> + <source file='/plain.raw'/> + <target dev='vda' bus='virtio'/> + </disk> + <disk type='file' device='disk'> + <driver name='qemu' type='raw'/> + <source file='/shared.raw'/> + <shareable/> + <target dev='vdb' bus='virtio'/> + </disk> + <disk type='file' device='disk'> + <driver name='qemu' type='raw'/> + <source file='/readonly.raw'/> + <readonly/> + <target dev='vdc' bus='virtio'/> + </disk> + <disk type='file' device='disk'> + <driver name='qemu' type='raw'/> + <source file='/nolabel.raw'> + <seclabel model='selinux' relabel='no'/> + </source> + <target dev='vdd' bus='virtio'/> + </disk> + <disk type='file' device='disk'> + <driver name='qemu' type='raw'/> + <source file='/altlabel.raw'> + <seclabel model='selinux' relabel='yes'> + <label>system_u:object_r:svirt_image_custom_t:s0:c41,c264</label> + </seclabel> + </source> + <target dev='vde' bus='virtio'/> + </disk> + <input type='mouse' bus='ps2'/> + <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'> + <listen type='address' address='0.0.0.0'/> + </graphics> + </devices> + <seclabel model="selinux" type="dynamic" relabel="yes"> + <label>system_u:system_r:svirt_t:s0:c41,c264</label> + <imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel> + </seclabel> +</domain> diff --git a/tests/securityselinuxlabeldata/kernel.txt b/tests/securityselinuxlabeldata/kernel.txt new file mode 100644 index 0000000..87063fd --- /dev/null +++ b/tests/securityselinuxlabeldata/kernel.txt @@ -0,0 +1,2 @@ +/vmlinuz.raw;system_u:object_r:virt_content_t:s0 +/initrd.raw;system_u:object_r:virt_content_t:s0 diff --git a/tests/securityselinuxlabeldata/kernel.xml b/tests/securityselinuxlabeldata/kernel.xml new file mode 100644 index 0000000..0fd551d --- /dev/null +++ b/tests/securityselinuxlabeldata/kernel.xml @@ -0,0 +1,20 @@ +<domain type='kvm'> + <name>vm1</name> + <uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid> + <memory unit='KiB'>219200</memory> + <os> + <type arch='i686' machine='pc-1.0'>hvm</type> + <kernel>/vmlinuz.raw</kernel> + <initrd>/initrd.raw</initrd> + </os> + <devices> + <input type='mouse' bus='ps2'/> + <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'> + <listen type='address' address='0.0.0.0'/> + </graphics> + </devices> + <seclabel model="selinux" type="dynamic" relabel="yes"> + <label>system_u:system_r:svirt_t:s0:c41,c264</label> + <imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel> + </seclabel> +</domain> diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabeltest.c new file mode 100644 index 0000000..dc59c40 --- /dev/null +++ b/tests/securityselinuxlabeltest.c @@ -0,0 +1,341 @@ +/* + * Copyright (C) 2011-2012 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * License along with this library; If not, see + * <http://www.gnu.org/licenses/>. + * + */ + + +#include <config.h> + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> + +#include <selinux/selinux.h> +#include <selinux/context.h> + +#include "internal.h" +#include "testutils.h" +#include "testutilsqemu.h" +#include "qemu/qemu_domain.h" +#include "memory.h" +#include "virfile.h" +#include "util.h" +#include "logging.h" +#include "virterror_internal.h" +#include "security/security_manager.h" + + +#define VIR_FROM_THIS VIR_FROM_NONE + +static virCapsPtr caps; + +static virSecurityManagerPtr mgr; + +typedef struct testSELinuxFile testSELinuxFile; + +struct testSELinuxFile { + char *file; + char *context; +}; + + +static int +testSELinuxMungePath(char **path) +{ + char *tmp; + + if (virAsprintf(&tmp, "%s/securityselinuxlabeldata%s", + abs_srcdir, *path) < 0) { + virReportOOMError(); + return -1; + } + + VIR_FREE(*path); + *path = tmp; + return 0; +} + +static int +testSELinuxLoadFileList(const char *testname, + testSELinuxFile **files, + size_t *nfiles) +{ + int ret = -1; + char *path = NULL; + FILE *fp = NULL; + + *files = NULL; + *nfiles = 0; + + if (virAsprintf(&path, "%s/securityselinuxlabeldata/%s.txt", + abs_srcdir, testname) < 0) { + virReportOOMError(); + goto cleanup; + } + + if (!(fp = fopen(path, "r"))) { + goto cleanup; + } + + while (!feof(fp)) { + char *line; + char *file, *context; + if (VIR_ALLOC_N(line, 1024) < 0) { + virReportOOMError(); + goto cleanup; + } + if (!fgets(line, 1024, fp)) { + if (!feof(fp)) + goto cleanup; + break; + } + + char *tmp = strchr(line, ';'); + *tmp = '\0'; + tmp++; + + if (virAsprintf(&file, "%s/securityselinuxlabeldata%s", abs_builddir, line) < 0) { + VIR_FREE(line); + virReportOOMError(); + goto cleanup; + } + if (*tmp != '\0' && *tmp != '\n') { + if (!(context = strdup(tmp))) { + VIR_FREE(line); + VIR_FREE(file); + virReportOOMError(); + goto cleanup; + } + + tmp = strchr(context, '\n'); + *tmp = '\0'; + } else { + context = NULL; + } + + if (VIR_EXPAND_N(*files, *nfiles, 1) < 0) { + virReportOOMError(); + goto cleanup; + } + + (*files)[(*nfiles)-1].file = file; + (*files)[(*nfiles)-1].context = context; + } + + ret = 0; + +cleanup: + if (fp) + fclose(fp); + VIR_FREE(path); + return ret; +} + + +static virDomainDefPtr +testSELinuxLoadDef(const char *testname) +{ + char *xmlfile = NULL; + char *xmlstr = NULL; + virDomainDefPtr def = NULL; + size_t i; + + if (virAsprintf(&xmlfile, "%s/securityselinuxlabeldata/%s.xml", + abs_srcdir, testname) < 0) { + virReportOOMError(); + goto cleanup; + } + + if (virFileReadAll(xmlfile, 1024*1024, &xmlstr) < 0) { + goto cleanup; + } + + if (!(def = virDomainDefParseString(caps, xmlstr, + QEMU_EXPECTED_VIRT_TYPES, + 0))) + goto cleanup; + + for (i = 0 ; i < def->ndisks ; i++) { + if (def->disks[i]->type != VIR_DOMAIN_DISK_TYPE_FILE && + def->disks[i]->type != VIR_DOMAIN_DISK_TYPE_BLOCK) + continue; + + if (testSELinuxMungePath(&def->disks[i]->src) < 0) + goto cleanup; + } + + for (i = 0 ; i < def->nserials ; i++) { + if (def->serials[i]->source.type != VIR_DOMAIN_CHR_TYPE_FILE && + def->serials[i]->source.type != VIR_DOMAIN_CHR_TYPE_PIPE && + def->serials[i]->source.type != VIR_DOMAIN_CHR_TYPE_DEV && + def->serials[i]->source.type != VIR_DOMAIN_CHR_TYPE_UNIX) + continue; + + if (def->serials[i]->source.type == VIR_DOMAIN_CHR_TYPE_UNIX) { + if (testSELinuxMungePath(&def->serials[i]->source.data.nix.path) < 0) + goto cleanup; + } else { + if (testSELinuxMungePath(&def->serials[i]->source.data.file.path) < 0) + goto cleanup; + } + } + + if (def->os.kernel && + testSELinuxMungePath(&def->os.kernel) < 0) + goto cleanup; + if (def->os.initrd && + testSELinuxMungePath(&def->os.initrd) < 0) + goto cleanup; + +cleanup: + VIR_FREE(xmlfile); + VIR_FREE(xmlstr); + return def; +} + + +static int +testSELinuxCreateDisks(testSELinuxFile *files, size_t nfiles) +{ + size_t i; + + if (virFileMakePath(abs_builddir "/securityselinuxlabeldata") < 0) + return -1; + + for (i = 0 ; i < nfiles ; i++) { + if (virFileTouch(files[i].file, 0600) < 0) + return -1; + //setfilecon(files[i].file, (security_context_t)"system_u:object_r:original_t:s0"); + } + return 0; +} + +static int +testSELinuxDeleteDisks(testSELinuxFile *files, size_t nfiles) +{ + size_t i; + + for (i = 0 ; i < nfiles ; i++) { + if (unlink(files[i].file) < 0) + return -1; + } + return 0; +} + +static int +testSELinuxCheckLabels(testSELinuxFile *files, size_t nfiles) +{ + size_t i; + security_context_t ctx; + + for (i = 0 ; i < nfiles ; i++) { + if (getfilecon(files[i].file, &ctx) < 0) { + if (errno == ENODATA) { + ctx = NULL; + } else { + virReportSystemError(errno, + "Cannot read label on %s", + files[i].file); + return -1; + } + } + if (!STREQ_NULLABLE(files[i].context, ctx)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + "File %s context '%s' did not match epected '%s'", + files[i].file, ctx, files[i].context); + return -1; + } + } + return 0; +} + +static int +testSELinuxLabeling(const void *opaque) +{ + const char *testname = opaque; + int ret = -1; + testSELinuxFile *files = NULL; + size_t nfiles = 0; + size_t i; + virDomainDefPtr def = NULL; + + if (testSELinuxLoadFileList(testname, &files, &nfiles) < 0) + goto cleanup; + + if (testSELinuxCreateDisks(files, nfiles) < 0) + goto cleanup; + + if (!(def = testSELinuxLoadDef(testname))) + goto cleanup; + + if (virSecurityManagerSetAllLabel(mgr, def, NULL) < 0) + goto cleanup; + + if (testSELinuxCheckLabels(files, nfiles) < 0) + goto cleanup; + + ret = 0; + +cleanup: + if (testSELinuxDeleteDisks(files, nfiles) < 0) + goto cleanup; + + virDomainDefFree(def); + for (i = 0 ; i < nfiles; i++) { + VIR_FREE(files[i].file); + //VIR_FREE(files[i].context); + } + VIR_FREE(files); + return ret; +} + + + +static int +mymain(void) +{ + int ret = 0; + + if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false))) { + virErrorPtr err = virGetLastError(); + if (err->code == VIR_ERR_CONFIG_UNSUPPORTED) + exit(EXIT_AM_SKIP); + + fprintf(stderr, "Unable to initialize security driver: %s\n", + err->message); + exit(EXIT_FAILURE); + } + + if ((caps = testQemuCapsInit()) == NULL) + exit(EXIT_FAILURE); + +#define DO_TEST_LABELING(name) \ + if (virtTestRun("Labelling " # name, 1, testSELinuxLabeling, name) < 0) \ + ret = -1; \ + + setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023"); + + DO_TEST_LABELING("disks"); + DO_TEST_LABELING("kernel"); + DO_TEST_LABELING("chardev"); + + return (ret == 0) ? EXIT_SUCCESS : EXIT_FAILURE; +} + +VIRT_TEST_MAIN_PRELOAD(mymain, abs_builddir "/.libs/libsecurityselinuxhelper.so") -- 1.7.11.4
On 09/20/2012 09:01 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
There are many aspects of the guest XML which result in the SELinux driver applying file labelling. With the increasing configuration options it is desirable to test this behaviour. It is not possible to assume that the test suite has the ability to set SELinux labels. Most filesystems though will support extended attributes. Thus for the purpose of testing, it is possible to extend the existing LD_PRELOAD hack to override setfilecon() and getfilecon() to simply use the 'user.libvirt.selinux' attribute for the sake of testing.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- .gitignore | 1 + configure.ac | 3 +
If you were to open-code the configure.ac changes, instead of trying to rely on the new m4/virt-lib.m4, then I'd feel better about taking this patch prior to 0.10.2, while we still hammer out the details of nicer configure.ac for later.
+++ b/m4/virt-libattr.m4 @@ -0,0 +1,9 @@ +dnl The libattr.so library
No copyright statement?
+ +AC_DEFUN([LIBVIRT_CHECK_LIBATTR],[ + LIBVIRT_CHECK_LIB([LIBATTR], [libattr], [attr], [getxattr], [attr/xattr.h]) +]) + +AC_DEFUN([LIBVIRT_RESULT_LIBATTR],[ + LIBVIRT_RESULT_LIB([LIBATTR], [libattr]) +]) + +int getfilecon(const char *path, security_context_t *con) +{ + char *constr = NULL; + ssize_t len = getxattr(path, "user.libvirt.selinux", + NULL, 0); + if (len < 0) + return -1; + if (!(constr = malloc(len+1)))
Any reason you can't use VIR_ALLOC_N here? But since it is an LD_PRELOAD wrapper, I guess it makes sense that you have to stick to low-level functionality.
--- /dev/null +++ b/tests/securityselinuxlabeltest.c @@ -0,0 +1,341 @@ +/* + * Copyright (C) 2011-2012 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * License along with this library; If not, see
Bogus copy-and-paste. I'll push the trivial fixes to tests/securityselinux*.c in the meantime.
+ } + + if (!(fp = fopen(path, "r"))) { + goto cleanup; + } + + while (!feof(fp)) { + char *line; + char *file, *context; + if (VIR_ALLOC_N(line, 1024) < 0) { + virReportOOMError(); + goto cleanup; + } + if (!fgets(line, 1024, fp)) {
Is readline() any easier to use than VIR_ALLOC_N/fgets()?
+static int +testSELinuxCreateDisks(testSELinuxFile *files, size_t nfiles) +{ + size_t i; + + if (virFileMakePath(abs_builddir "/securityselinuxlabeldata") < 0) + return -1; + + for (i = 0 ; i < nfiles ; i++) { + if (virFileTouch(files[i].file, 0600) < 0) + return -1; + //setfilecon(files[i].file, (security_context_t)"system_u:object_r:original_t:s0");
Leftover debugging? -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
On Thu, Sep 20, 2012 at 04:06:29PM -0600, Eric Blake wrote:
On 09/20/2012 09:01 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
There are many aspects of the guest XML which result in the SELinux driver applying file labelling. With the increasing configuration options it is desirable to test this behaviour. It is not possible to assume that the test suite has the ability to set SELinux labels. Most filesystems though will support extended attributes. Thus for the purpose of testing, it is possible to extend the existing LD_PRELOAD hack to override setfilecon() and getfilecon() to simply use the 'user.libvirt.selinux' attribute for the sake of testing.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- .gitignore | 1 + configure.ac | 3 +
If you were to open-code the configure.ac changes, instead of trying to rely on the new m4/virt-lib.m4, then I'd feel better about taking this patch prior to 0.10.2, while we still hammer out the details of nicer configure.ac for later.
Ok, will repost.
+ +int getfilecon(const char *path, security_context_t *con) +{ + char *constr = NULL; + ssize_t len = getxattr(path, "user.libvirt.selinux", + NULL, 0); + if (len < 0) + return -1; + if (!(constr = malloc(len+1)))
Any reason you can't use VIR_ALLOC_N here? But since it is an LD_PRELOAD wrapper, I guess it makes sense that you have to stick to low-level functionality.
Yep, wanted to avoid linking to libvirt.so in the preload wrapper.
+ } + + if (!(fp = fopen(path, "r"))) { + goto cleanup; + } + + while (!feof(fp)) { + char *line; + char *file, *context; + if (VIR_ALLOC_N(line, 1024) < 0) { + virReportOOMError(); + goto cleanup; + } + if (!fgets(line, 1024, fp)) {
Is readline() any easier to use than VIR_ALLOC_N/fgets()?
Is readline() really what you meant ? That function is for prompting on stdio and reading a response.
+static int +testSELinuxCreateDisks(testSELinuxFile *files, size_t nfiles) +{ + size_t i; + + if (virFileMakePath(abs_builddir "/securityselinuxlabeldata") < 0) + return -1; + + for (i = 0 ; i < nfiles ; i++) { + if (virFileTouch(files[i].file, 0600) < 0) + return -1; + //setfilecon(files[i].file, (security_context_t)"system_u:object_r:original_t:s0");
Leftover debugging?
Opps, yes. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On 09/21/2012 07:21 AM, Daniel P. Berrange wrote:
+ while (!feof(fp)) { + char *line; + char *file, *context; + if (VIR_ALLOC_N(line, 1024) < 0) { + virReportOOMError(); + goto cleanup; + } + if (!fgets(line, 1024, fp)) {
Is readline() any easier to use than VIR_ALLOC_N/fgets()?
Is readline() really what you meant ? That function is for prompting on stdio and reading a response.
s/readline/getline/ (What, you can't read my mind? :) -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 6 +++--- src/qemu/qemu_capabilities.c | 2 +- src/qemu/qemu_driver.c | 4 ++-- src/util/json.c | 14 +++++++------- tests/Makefile.am | 2 +- tests/qemuhelptest.c | 2 +- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/configure.ac b/configure.ac index cc63361..738a611 100644 --- a/configure.ac +++ b/configure.ac @@ -1158,15 +1158,15 @@ if test "x$with_yajl" != "xno"; then CPPFLAGS="$old_cppflags" LIBS="$old_libs" if test "x$with_yajl" = "xyes" ; then - AC_DEFINE_UNQUOTED([HAVE_YAJL], 1, + AC_DEFINE_UNQUOTED([WITH_YAJL], 1, [whether YAJL is available for JSON parsing/formatting]) fi if test "x$with_yajl2" = "xyes" ; then - AC_DEFINE_UNQUOTED([HAVE_YAJL2], 1, + AC_DEFINE_UNQUOTED([WITH_YAJL2], 1, [whether YAJL has API version 2]) fi fi -AM_CONDITIONAL([HAVE_YAJL], [test "x$with_yajl" = "xyes"]) +AM_CONDITIONAL([WITH_YAJL], [test "x$with_yajl" = "xyes"]) AC_SUBST([YAJL_CFLAGS]) AC_SUBST([YAJL_LIBS]) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 4b52dc5..3b6ba4f 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -1289,7 +1289,7 @@ qemuCapsComputeCmdFlags(const char *help, * backported for libvirt. The benefits of JSON mode now * outweigh the downside. */ -#if HAVE_YAJL +#if WITH_YAJL if (version >= 13000) { qemuCapsSet(caps, QEMU_CAPS_MONITOR_JSON); } else if (version >= 12000 && diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 12ac15c..9bd2343 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -1805,7 +1805,7 @@ qemuDomainReboot(virDomainPtr dom, unsigned int flags) goto cleanup; } } else { -#if HAVE_YAJL +#if WITH_YAJL if (qemuCapsGet(priv->caps, QEMU_CAPS_MONITOR_JSON)) { if (!qemuCapsGet(priv->caps, QEMU_CAPS_NO_SHUTDOWN)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", @@ -1817,7 +1817,7 @@ qemuDomainReboot(virDomainPtr dom, unsigned int flags) virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Reboot is not supported without the JSON monitor")); goto cleanup; -#if HAVE_YAJL +#if WITH_YAJL } #endif } diff --git a/src/util/json.c b/src/util/json.c index 0507244..988c86e 100644 --- a/src/util/json.c +++ b/src/util/json.c @@ -29,11 +29,11 @@ #include "logging.h" #include "util.h" -#if HAVE_YAJL +#if WITH_YAJL # include <yajl/yajl_gen.h> # include <yajl/yajl_parse.h> -# ifdef HAVE_YAJL2 +# ifdef WITH_YAJL2 # define yajl_size_t size_t # else # define yajl_size_t unsigned int @@ -659,7 +659,7 @@ int virJSONValueObjectIsNull(virJSONValuePtr object, const char *key) } -#if HAVE_YAJL +#if WITH_YAJL static int virJSONParserInsertValue(virJSONParserPtr parser, virJSONValuePtr value) { @@ -937,13 +937,13 @@ virJSONValuePtr virJSONValueFromString(const char *jsonstring) yajl_handle hand; virJSONParser parser = { NULL, NULL, 0 }; virJSONValuePtr ret = NULL; -# ifndef HAVE_YAJL2 +# ifndef WITH_YAJL2 yajl_parser_config cfg = { 1, 1 }; # endif VIR_DEBUG("string=%s", jsonstring); -# ifdef HAVE_YAJL2 +# ifdef WITH_YAJL2 hand = yajl_alloc(&parserCallbacks, NULL, &parser); if (hand) { yajl_config(hand, yajl_allow_comments, 1); @@ -1061,13 +1061,13 @@ char *virJSONValueToString(virJSONValuePtr object, const unsigned char *str; char *ret = NULL; yajl_size_t len; -# ifndef HAVE_YAJL2 +# ifndef WITH_YAJL2 yajl_gen_config conf = { pretty ? 1 : 0, pretty ? " " : " "}; # endif VIR_DEBUG("object=%p", object); -# ifdef HAVE_YAJL2 +# ifdef WITH_YAJL2 g = yajl_gen_alloc(NULL); if (g) { yajl_gen_config(g, yajl_gen_beautify, pretty ? 1 : 0); diff --git a/tests/Makefile.am b/tests/Makefile.am index d715291..42df023 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -141,7 +141,7 @@ if WITH_CIL test_programs += object-locking endif -if HAVE_YAJL +if WITH_YAJL test_programs += jsontest endif diff --git a/tests/qemuhelptest.c b/tests/qemuhelptest.c index 079aef8..5112458 100644 --- a/tests/qemuhelptest.c +++ b/tests/qemuhelptest.c @@ -56,7 +56,7 @@ static int testHelpStrParsing(const void *data) &version, &is_kvm, &kvm_version, false) == -1) goto cleanup; -# ifndef HAVE_YAJL +# ifndef WITH_YAJL if (qemuCapsGet(info->flags, QEMU_CAPS_MONITOR_JSON)) qemuCapsSet(flags, QEMU_CAPS_MONITOR_JSON); # endif -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 86 ++------------------------------------------------------- m4/virt-yajl.m4 | 34 +++++++++++++++++++++++ 2 files changed, 36 insertions(+), 84 deletions(-) create mode 100644 m4/virt-yajl.m4 diff --git a/configure.ac b/configure.ac index 738a611..ef07386 100644 --- a/configure.ac +++ b/configure.ac @@ -149,6 +149,7 @@ AC_MSG_RESULT([$VERSION_SCRIPT_FLAGS]) LIBVIRT_COMPILE_WARNINGS LIBVIRT_CHECK_LIBATTR +LIBVIRT_CHECK_YAJL AC_MSG_CHECKING([for CPUID instruction]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM( @@ -1092,85 +1093,6 @@ AC_SUBST([SASL_CFLAGS]) AC_SUBST([SASL_LIBS]) -dnl YAJL JSON library http://lloyd.github.com/yajl/ -AC_ARG_WITH([yajl], - AC_HELP_STRING([--with-yajl], [use YAJL for JSON parsing/formatting @<:@default=check@:>@]), - [], - [with_yajl=check]) - -if test "$with_qemu:$with_yajl" = yes:check; then - dnl Some versions of qemu require the use of yajl; try to detect them - dnl here, although we do not require qemu to exist in order to compile. - dnl This check mirrors src/qemu/qemu_capabilities.c - AC_PATH_PROGS([QEMU], [qemu-kvm qemu kvm qemu-system-x86_64], - [], [$PATH:/usr/bin:/usr/libexec]) - if test -x "$QEMU"; then - if `$QEMU -help | grep libvirt` >/dev/null; then - with_yajl=yes - else - [qemu_version_sed='s/.*ersion \([0-9.,]*\).*/\1/'] - qemu_version=`$QEMU -version | sed "$qemu_version_sed"` - case $qemu_version in - [[1-9]].* | 0.15.* ) with_yajl=yes ;; - 0.* | '' ) ;; - *) AC_MSG_ERROR([Unexpected qemu version string]) ;; - esac - fi - fi -fi - -YAJL_CFLAGS= -YAJL_LIBS= -with_yajl2=no -if test "x$with_yajl" != "xno"; then - if test "x$with_yajl" != "xyes" && test "x$with_yajl" != "xcheck"; then - YAJL_CFLAGS="-I$with_yajl/include" - YAJL_LIBS="-L$with_yajl/lib" - fi - fail=0 - old_cppflags="$CPPFLAGS" - old_libs="$LIBS" - CPPFLAGS="$CPPFLAGS $YAJL_CFLAGS" - LIBS="$LIBS $YAJL_LIBS" - AC_CHECK_HEADER([yajl/yajl_common.h],[],[ - if test "x$with_yajl" = "xcheck" ; then - with_yajl=no - else - fail=1 - fi]) - if test "x$with_yajl" != "xno" ; then - AC_CHECK_LIB([yajl], [yajl_parse],[ - YAJL_LIBS="$YAJL_LIBS -lyajl" - with_yajl=yes - AC_CHECK_LIB([yajl], [yajl_tree_parse],[ - with_yajl2=yes - ],[]) - ],[ - if test "x$with_yajl" = "xcheck" ; then - with_yajl=no - else - fail=1 - fi - ]) - fi - test $fail = 1 && - AC_MSG_ERROR([You must install the YAJL development package in order to compile libvirt]) - CPPFLAGS="$old_cppflags" - LIBS="$old_libs" - if test "x$with_yajl" = "xyes" ; then - AC_DEFINE_UNQUOTED([WITH_YAJL], 1, - [whether YAJL is available for JSON parsing/formatting]) - fi - if test "x$with_yajl2" = "xyes" ; then - AC_DEFINE_UNQUOTED([WITH_YAJL2], 1, - [whether YAJL has API version 2]) - fi -fi -AM_CONDITIONAL([WITH_YAJL], [test "x$with_yajl" = "xyes"]) -AC_SUBST([YAJL_CFLAGS]) -AC_SUBST([YAJL_LIBS]) - - dnl SANLOCK https://fedorahosted.org/sanlock/ AC_ARG_WITH([sanlock], AC_HELP_STRING([--with-sanlock], [build Sanlock plugin for lock management @<:@default=check@:>@]), @@ -3083,6 +3005,7 @@ AC_MSG_NOTICE([]) AC_MSG_NOTICE([Libraries]) AC_MSG_NOTICE([]) LIBVIRT_RESULT_LIBATTR +LIBVIRT_RESULT_YAJL AC_MSG_NOTICE([ libxml: $LIBXML_CFLAGS $LIBXML_LIBS]) AC_MSG_NOTICE([ dlopen: $DLOPEN_LIBS]) if test "$with_esx" = "yes" ; then @@ -3106,11 +3029,6 @@ AC_MSG_NOTICE([ sasl: $SASL_CFLAGS $SASL_LIBS]) else AC_MSG_NOTICE([ sasl: no]) fi -if test "$with_yajl" != "no" ; then -AC_MSG_NOTICE([ yajl: $YAJL_CFLAGS $YAJL_LIBS]) -else -AC_MSG_NOTICE([ yajl: no]) -fi if test "$with_sanlock" != "no" ; then AC_MSG_NOTICE([ sanlock: $SANLOCK_CFLAGS $SANLOCK_LIBS]) else diff --git a/m4/virt-yajl.m4 b/m4/virt-yajl.m4 new file mode 100644 index 0000000..c1ffc64 --- /dev/null +++ b/m4/virt-yajl.m4 @@ -0,0 +1,34 @@ +dnl The libyajl.so library + +AC_DEFUN([LIBVIRT_CHECK_YAJL],[ + dnl YAJL JSON library http://lloyd.github.com/yajl/ + if test "$with_qemu:$with_yajl" = yes:check; then + dnl Some versions of qemu require the use of yajl; try to detect them + dnl here, although we do not require qemu to exist in order to compile. + dnl This check mirrors src/qemu/qemu_capabilities.c + AC_PATH_PROGS([QEMU], [qemu-kvm qemu kvm qemu-system-x86_64], + [], [$PATH:/usr/bin:/usr/libexec]) + if test -x "$QEMU"; then + if `$QEMU -help | grep libvirt` >/dev/null; then + with_yajl=yes + else + [qemu_version_sed='s/.*ersion \([0-9.,]*\).*/\1/'] + qemu_version=`$QEMU -version | sed "$qemu_version_sed"` + case $qemu_version in + [[1-9]].* | 0.15.* ) with_yajl=yes ;; + 0.* | '' ) ;; + *) AC_MSG_ERROR([Unexpected qemu version string]) ;; + esac + fi + fi + fi + + LIBVIRT_CHECK_LIB_FALLBACK([YAJL], [YAJL2], [yajl], + [yajl], [yajl], + [yajl_parse_complete], [yajl_tree_parse], + [yajl/yajl_common.h]) +]) + +AC_DEFUN([LIBVIRT_RESULT_YAJL],[ + LIBVIRT_RESULT_LIB([YAJL], [yajl]) +]) -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 4 ++-- src/Makefile.am | 8 ++++---- tools/Makefile.am | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/configure.ac b/configure.ac index ef07386..ccd6480 100644 --- a/configure.ac +++ b/configure.ac @@ -1134,11 +1134,11 @@ if test "x$with_sanlock" != "xno"; then CPPFLAGS="$old_cppflags" LIBS="$old_libs" if test "x$with_sanlock" = "xyes" ; then - AC_DEFINE_UNQUOTED([HAVE_SANLOCK], 1, + AC_DEFINE_UNQUOTED([WITH_SANLOCK], 1, [whether Sanlock plugin for lock management is available]) fi fi -AM_CONDITIONAL([HAVE_SANLOCK], [test "x$with_sanlock" = "xyes"]) +AM_CONDITIONAL([WITH_SANLOCK], [test "x$with_sanlock" = "xyes"]) AC_SUBST([SANLOCK_CFLAGS]) AC_SUBST([SANLOCK_LIBS]) diff --git a/src/Makefile.am b/src/Makefile.am index 4ae741b..4f9de11 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1280,7 +1280,7 @@ else check-augeas-lxc: endif -if HAVE_SANLOCK +if WITH_SANLOCK test_libvirt_sanlock.aug: locking/test_libvirt_sanlock.aug.in \ locking/qemu-sanlock.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) locking/qemu-sanlock.conf $< $@ @@ -1486,7 +1486,7 @@ libvirt_qemu_la_CFLAGS = $(AM_CFLAGS) libvirt_qemu_la_LIBADD = libvirt.la $(CYGWIN_EXTRA_LIBADD) EXTRA_DIST += $(LIBVIRT_QEMU_SYMBOL_FILE) -if HAVE_SANLOCK +if WITH_SANLOCK lockdriverdir = $(libdir)/libvirt/lock-driver lockdriver_LTLIBRARIES = sanlock.la @@ -1709,7 +1709,7 @@ install-data-local: $(MKDIR_P) "$(DESTDIR)$(localstatedir)/lib/libvirt/images" $(MKDIR_P) "$(DESTDIR)$(localstatedir)/lib/libvirt/filesystems" $(MKDIR_P) "$(DESTDIR)$(localstatedir)/lib/libvirt/boot" -if HAVE_SANLOCK +if WITH_SANLOCK $(MKDIR_P) "$(DESTDIR)$(localstatedir)/lib/libvirt/sanlock" endif if WITH_QEMU @@ -1755,7 +1755,7 @@ uninstall-local:: rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/images" ||: rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/filesystems" ||: rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/boot" ||: -if HAVE_SANLOCK +if WITH_SANLOCK rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/sanlock" ||: endif if WITH_QEMU diff --git a/tools/Makefile.am b/tools/Makefile.am index 0d7822d..f5965a4 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -42,7 +42,7 @@ DISTCLEANFILES = bin_SCRIPTS = virt-xml-validate virt-pki-validate bin_PROGRAMS = virsh virt-host-validate -if HAVE_SANLOCK +if WITH_SANLOCK sbin_SCRIPTS = virt-sanlock-cleanup DISTCLEANFILES += virt-sanlock-cleanup endif @@ -52,7 +52,7 @@ dist_man1_MANS = \ virt-pki-validate.1 \ virt-xml-validate.1 \ virsh.1 -if HAVE_SANLOCK +if WITH_SANLOCK dist_man8_MANS = virt-sanlock-cleanup.8 endif -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 57 ++---------------------------------------------------- m4/virt-sanlock.m4 | 9 +++++++++ 2 files changed, 11 insertions(+), 55 deletions(-) create mode 100644 m4/virt-sanlock.m4 diff --git a/configure.ac b/configure.ac index ccd6480..c58c1f3 100644 --- a/configure.ac +++ b/configure.ac @@ -149,6 +149,7 @@ AC_MSG_RESULT([$VERSION_SCRIPT_FLAGS]) LIBVIRT_COMPILE_WARNINGS LIBVIRT_CHECK_LIBATTR +LIBVIRT_CHECK_SANLOCK LIBVIRT_CHECK_YAJL AC_MSG_CHECKING([for CPUID instruction]) @@ -1093,56 +1094,6 @@ AC_SUBST([SASL_CFLAGS]) AC_SUBST([SASL_LIBS]) -dnl SANLOCK https://fedorahosted.org/sanlock/ -AC_ARG_WITH([sanlock], - AC_HELP_STRING([--with-sanlock], [build Sanlock plugin for lock management @<:@default=check@:>@]), - [], - [with_sanlock=check]) - -SANLOCK_CFLAGS= -SANLOCK_LIBS= -if test "x$with_sanlock" != "xno"; then - if test "x$with_sanlock" != "xyes" && test "x$with_sanlock" != "xcheck"; then - SANLOCK_CFLAGS="-I$with_sanlock/include" - SANLOCK_LIBS="-L$with_sanlock/lib" - fi - fail=0 - old_cppflags="$CPPFLAGS" - old_libs="$LIBS" - CPPFLAGS="$CPPFLAGS $SANLOCK_CFLAGS" - LIBS="$LIBS $SANLOCK_LIBS" - AC_CHECK_HEADER([sanlock.h],[],[ - if test "x$with_sanlock" = "xcheck" ; then - with_sanlock=no - else - fail=1 - fi]) - if test "x$with_sanlock" != "xno" ; then - AC_CHECK_LIB([sanlock_client], [sanlock_init],[ - SANLOCK_LIBS="$SANLOCK_LIBS -lsanlock_client" - with_sanlock=yes - ],[ - if test "x$with_sanlock" = "xcheck" ; then - with_sanlock=no - else - fail=1 - fi - ]) - fi - test $fail = 1 && - AC_MSG_ERROR([You must install the Sanlock development package in order to compile libvirt]) - CPPFLAGS="$old_cppflags" - LIBS="$old_libs" - if test "x$with_sanlock" = "xyes" ; then - AC_DEFINE_UNQUOTED([WITH_SANLOCK], 1, - [whether Sanlock plugin for lock management is available]) - fi -fi -AM_CONDITIONAL([WITH_SANLOCK], [test "x$with_sanlock" = "xyes"]) -AC_SUBST([SANLOCK_CFLAGS]) -AC_SUBST([SANLOCK_LIBS]) - - dnl DBus library DBUS_CFLAGS= DBUS_LIBS= @@ -3005,6 +2956,7 @@ AC_MSG_NOTICE([]) AC_MSG_NOTICE([Libraries]) AC_MSG_NOTICE([]) LIBVIRT_RESULT_LIBATTR +LIBVIRT_RESULT_SANLOCK LIBVIRT_RESULT_YAJL AC_MSG_NOTICE([ libxml: $LIBXML_CFLAGS $LIBXML_LIBS]) AC_MSG_NOTICE([ dlopen: $DLOPEN_LIBS]) @@ -3029,11 +2981,6 @@ AC_MSG_NOTICE([ sasl: $SASL_CFLAGS $SASL_LIBS]) else AC_MSG_NOTICE([ sasl: no]) fi -if test "$with_sanlock" != "no" ; then -AC_MSG_NOTICE([ sanlock: $SANLOCK_CFLAGS $SANLOCK_LIBS]) -else -AC_MSG_NOTICE([ sanlock: no]) -fi AC_MSG_NOTICE([firewalld: $with_firewalld]) if test "$with_avahi" = "yes" ; then AC_MSG_NOTICE([ avahi: $AVAHI_CFLAGS $AVAHI_LIBS]) diff --git a/m4/virt-sanlock.m4 b/m4/virt-sanlock.m4 new file mode 100644 index 0000000..f964161 --- /dev/null +++ b/m4/virt-sanlock.m4 @@ -0,0 +1,9 @@ +dnl The libsanlock_client.so library + +AC_DEFUN([LIBVIRT_CHECK_SANLOCK],[ + LIBVIRT_CHECK_LIB([SANLOCK], [sanlock], [sanlock_client], [sanlock_init], [sanlock.h]) +]) + +AC_DEFUN([LIBVIRT_RESULT_SANLOCK],[ + LIBVIRT_RESULT_LIB([SANLOCK], [sanlock]) +]) -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 4 ++-- daemon/Makefile.am | 2 +- daemon/libvirtd-config.c | 4 ++-- daemon/libvirtd.c | 4 ++-- daemon/libvirtd.h | 6 +++--- daemon/remote.c | 2 +- src/Makefile.am | 4 ++-- src/remote/remote_driver.c | 8 ++++---- src/rpc/virnetclient.c | 10 +++++----- src/rpc/virnetclient.h | 4 ++-- src/rpc/virnetserverclient.c | 12 ++++++------ src/rpc/virnetserverclient.h | 2 +- src/rpc/virnetsocket.c | 16 ++++++++-------- src/rpc/virnetsocket.h | 4 ++-- tests/libvirtdconftest.c | 2 +- 15 files changed, 42 insertions(+), 42 deletions(-) diff --git a/configure.ac b/configure.ac index c58c1f3..94929ce 100644 --- a/configure.ac +++ b/configure.ac @@ -1085,11 +1085,11 @@ if test "x$with_sasl" != "xno"; then CFLAGS="$old_cflags" LIBS="$old_libs" if test "x$with_sasl" = "xyes" ; then - AC_DEFINE_UNQUOTED([HAVE_SASL], 1, + AC_DEFINE_UNQUOTED([WITH_SASL], 1, [whether Cyrus SASL is available for authentication]) fi fi -AM_CONDITIONAL([HAVE_SASL], [test "x$with_sasl" = "xyes"]) +AM_CONDITIONAL([WITH_SASL], [test "x$with_sasl" = "xyes"]) AC_SUBST([SASL_CFLAGS]) AC_SUBST([SASL_LIBS]) diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 3405c67..26f4695 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -382,7 +382,7 @@ $(srcdir)/libvirtd.8.in: libvirtd.pod.in # This is needed for clients too, so can't wrap in # the WITH_LIBVIRTD conditional -if HAVE_SASL +if WITH_SASL install-data-sasl: $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sasl2/ $(INSTALL_DATA) $(srcdir)/libvirtd.sasl $(DESTDIR)$(sysconfdir)/sasl2/libvirt.conf diff --git a/daemon/libvirtd-config.c b/daemon/libvirtd-config.c index 5374bcc..b9521b3 100644 --- a/daemon/libvirtd-config.c +++ b/daemon/libvirtd-config.c @@ -178,7 +178,7 @@ static int remoteConfigGetAuth(virConfPtr conf, const char *key, int *auth, cons if (STREQ(p->str, "none")) { *auth = VIR_NET_SERVER_SERVICE_AUTH_NONE; -#if HAVE_SASL +#if WITH_SASL } else if (STREQ(p->str, "sasl")) { *auth = VIR_NET_SERVER_SERVICE_AUTH_SASL; #endif @@ -263,7 +263,7 @@ daemonConfigNew(bool privileged ATTRIBUTE_UNUSED) !data->unix_sock_rw_perms) goto no_memory; -#if HAVE_SASL +#if WITH_SASL data->auth_tcp = REMOTE_AUTH_SASL; #else data->auth_tcp = REMOTE_AUTH_NONE; diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index 1156bd6..4286c4d 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -97,7 +97,7 @@ #include "configmake.h" -#if HAVE_SASL +#if WITH_SASL virNetSASLContextPtr saslCtxt = NULL; #endif virNetServerProgramPtr remoteProgram = NULL; @@ -560,7 +560,7 @@ static int daemonSetupNetworking(virNetServerPtr srv, } } -#if HAVE_SASL +#if WITH_SASL if (config->auth_unix_rw == REMOTE_AUTH_SASL || config->auth_unix_ro == REMOTE_AUTH_SASL || config->auth_tcp == REMOTE_AUTH_SASL || diff --git a/daemon/libvirtd.h b/daemon/libvirtd.h index 726a1fb..b8941f4 100644 --- a/daemon/libvirtd.h +++ b/daemon/libvirtd.h @@ -35,7 +35,7 @@ # include "qemu_protocol.h" # include "logging.h" # include "threads.h" -# if HAVE_SASL +# if WITH_SASL # include "virnetsaslcontext.h" # endif # include "virnetserverprogram.h" @@ -52,7 +52,7 @@ struct daemonClientPrivate { int domainEventCallbackID[VIR_DOMAIN_EVENT_ID_LAST]; -# if HAVE_SASL +# if WITH_SASL virNetSASLSessionPtr sasl; # endif @@ -66,7 +66,7 @@ struct daemonClientPrivate { bool keepalive_supported; }; -# if HAVE_SASL +# if WITH_SASL extern virNetSASLContextPtr saslCtxt; # endif extern virNetServerProgramPtr remoteProgram; diff --git a/daemon/remote.c b/daemon/remote.c index a3eda9c..87f8761 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -2406,7 +2406,7 @@ cleanup: } -#ifdef HAVE_SASL +#ifdef WITH_SASL /* * Initializes the SASL session in prepare for authentication * and gives the client a list of allowed mechanisms to choose diff --git a/src/Makefile.am b/src/Makefile.am index 4f9de11..7c5db89 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1340,7 +1340,7 @@ if WITH_XENXS USED_SYM_FILES += libvirt_xenxs.syms endif -if HAVE_SASL +if WITH_SASL USED_SYM_FILES += libvirt_sasl.syms endif @@ -1551,7 +1551,7 @@ else EXTRA_DIST += \ rpc/virnetsshsession.h rpc/virnetsshsession.c endif -if HAVE_SASL +if WITH_SASL libvirt_net_rpc_la_SOURCES += \ rpc/virnetsaslcontext.h rpc/virnetsaslcontext.c else diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index dce12e2..cdcffd3 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -116,7 +116,7 @@ static int callWithFD(virConnectPtr conn, struct private_data *priv, xdrproc_t ret_filter, char *ret); static int remoteAuthenticate (virConnectPtr conn, struct private_data *priv, virConnectAuthPtr auth, const char *authtype); -#if HAVE_SASL +#if WITH_SASL static int remoteAuthSASL (virConnectPtr conn, struct private_data *priv, virConnectAuthPtr auth, const char *mech); #endif @@ -3462,7 +3462,7 @@ remoteAuthenticate (virConnectPtr conn, struct private_data *priv, } switch (type) { -#if HAVE_SASL +#if WITH_SASL case REMOTE_AUTH_SASL: { const char *mech = NULL; if (authtype && @@ -3505,7 +3505,7 @@ remoteAuthenticate (virConnectPtr conn, struct private_data *priv, -#if HAVE_SASL +#if WITH_SASL static int remoteAuthCredVir2SASL(int vircred) { switch (vircred) { @@ -4042,7 +4042,7 @@ remoteAuthSASL (virConnectPtr conn, struct private_data *priv, return ret; } -#endif /* HAVE_SASL */ +#endif /* WITH_SASL */ #if HAVE_POLKIT diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c index 727ed67..5551bd9 100644 --- a/src/rpc/virnetclient.c +++ b/src/rpc/virnetclient.c @@ -79,7 +79,7 @@ struct _virNetClient { /* For incoming message packets */ virNetMessage msg; -#if HAVE_SASL +#if WITH_SASL virNetSASLSessionPtr sasl; #endif @@ -628,7 +628,7 @@ void virNetClientDispose(void *obj) virNetSocketRemoveIOCallback(client->sock); virObjectUnref(client->sock); virObjectUnref(client->tls); -#if HAVE_SASL +#if WITH_SASL virObjectUnref(client->sasl); #endif @@ -665,7 +665,7 @@ virNetClientCloseLocked(virNetClientPtr client) client->sock = NULL; virObjectUnref(client->tls); client->tls = NULL; -#if HAVE_SASL +#if WITH_SASL virObjectUnref(client->sasl); client->sasl = NULL; #endif @@ -733,7 +733,7 @@ void virNetClientClose(virNetClientPtr client) } -#if HAVE_SASL +#if WITH_SASL void virNetClientSetSASLSession(virNetClientPtr client, virNetSASLSessionPtr sasl) { @@ -854,7 +854,7 @@ bool virNetClientIsEncrypted(virNetClientPtr client) virNetClientLock(client); if (client->tls) ret = true; -#if HAVE_SASL +#if WITH_SASL if (client->sasl) ret = true; #endif diff --git a/src/rpc/virnetclient.h b/src/rpc/virnetclient.h index d10224f..82def00 100644 --- a/src/rpc/virnetclient.h +++ b/src/rpc/virnetclient.h @@ -25,7 +25,7 @@ # include "virnettlscontext.h" # include "virnetmessage.h" -# ifdef HAVE_SASL +# ifdef WITH_SASL # include "virnetsaslcontext.h" # endif # include "virnetclientprogram.h" @@ -102,7 +102,7 @@ int virNetClientSendWithReplyStream(virNetClientPtr client, virNetMessagePtr msg, virNetClientStreamPtr st); -# ifdef HAVE_SASL +# ifdef WITH_SASL void virNetClientSetSASLSession(virNetClientPtr client, virNetSASLSessionPtr sasl); # endif diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c index acd2b4d..c61682a 100644 --- a/src/rpc/virnetserverclient.c +++ b/src/rpc/virnetserverclient.c @@ -23,7 +23,7 @@ #include <config.h> -#if HAVE_SASL +#if WITH_SASL # include <sasl/sasl.h> #endif @@ -68,7 +68,7 @@ struct _virNetServerClient char *identity; virNetTLSContextPtr tlsCtxt; virNetTLSSessionPtr tls; -#if HAVE_SASL +#if WITH_SASL virNetSASLSessionPtr sasl; #endif int sockTimer; /* Timer to be fired upon cached data, @@ -482,7 +482,7 @@ bool virNetServerClientIsSecure(virNetServerClientPtr client) virNetServerClientLock(client); if (client->tls) secure = true; -#if HAVE_SASL +#if WITH_SASL if (client->sasl) secure = true; #endif @@ -493,7 +493,7 @@ bool virNetServerClientIsSecure(virNetServerClientPtr client) } -#if HAVE_SASL +#if WITH_SASL void virNetServerClientSetSASLSession(virNetServerClientPtr client, virNetSASLSessionPtr sasl) { @@ -590,7 +590,7 @@ void virNetServerClientDispose(void *obj) client->privateDataFreeFunc(client->privateData); VIR_FREE(client->identity); -#if HAVE_SASL +#if WITH_SASL virObjectUnref(client->sasl); #endif if (client->sockTimer > 0) @@ -1002,7 +1002,7 @@ virNetServerClientDispatchWrite(virNetServerClientPtr client) client->tx->donefds++; } -#if HAVE_SASL +#if WITH_SASL /* Completed this 'tx' operation, so now read for all * future rx/tx to be under a SASL SSF layer */ diff --git a/src/rpc/virnetserverclient.h b/src/rpc/virnetserverclient.h index f950c61..1282bc0 100644 --- a/src/rpc/virnetserverclient.h +++ b/src/rpc/virnetserverclient.h @@ -64,7 +64,7 @@ bool virNetServerClientGetReadonly(virNetServerClientPtr client); bool virNetServerClientHasTLSSession(virNetServerClientPtr client); int virNetServerClientGetTLSKeySize(virNetServerClientPtr client); -# ifdef HAVE_SASL +# ifdef WITH_SASL void virNetServerClientSetSASLSession(virNetServerClientPtr client, virNetSASLSessionPtr sasl); # endif diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index 5a48300..96dada2 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -76,7 +76,7 @@ struct _virNetSocket { char *remoteAddrStr; virNetTLSSessionPtr tlsSession; -#if HAVE_SASL +#if WITH_SASL virNetSASLSessionPtr saslSession; const char *saslDecoded; @@ -903,7 +903,7 @@ void virNetSocketDispose(void *obj) if (sock->tlsSession) virNetTLSSessionSetIOCallbacks(sock->tlsSession, NULL, NULL, NULL); virObjectUnref(sock->tlsSession); -#if HAVE_SASL +#if WITH_SASL virObjectUnref(sock->saslSession); #endif @@ -1074,7 +1074,7 @@ void virNetSocketSetTLSSession(virNetSocketPtr sock, } -#if HAVE_SASL +#if WITH_SASL void virNetSocketSetSASLSession(virNetSocketPtr sock, virNetSASLSessionPtr sess) { @@ -1096,7 +1096,7 @@ bool virNetSocketHasCachedData(virNetSocketPtr sock ATTRIBUTE_UNUSED) hasCached = true; #endif -#if HAVE_SASL +#if WITH_SASL if (sock->saslDecoded) hasCached = true; #endif @@ -1124,7 +1124,7 @@ bool virNetSocketHasPendingData(virNetSocketPtr sock ATTRIBUTE_UNUSED) { bool hasPending = false; virMutexLock(&sock->lock); -#if HAVE_SASL +#if WITH_SASL if (sock->saslEncoded) hasPending = true; #endif @@ -1227,7 +1227,7 @@ rewrite: } -#if HAVE_SASL +#if WITH_SASL static ssize_t virNetSocketReadSASL(virNetSocketPtr sock, char *buf, size_t len) { ssize_t got; @@ -1330,7 +1330,7 @@ ssize_t virNetSocketRead(virNetSocketPtr sock, char *buf, size_t len) { ssize_t ret; virMutexLock(&sock->lock); -#if HAVE_SASL +#if WITH_SASL if (sock->saslSession) ret = virNetSocketReadSASL(sock, buf, len); else @@ -1345,7 +1345,7 @@ ssize_t virNetSocketWrite(virNetSocketPtr sock, const char *buf, size_t len) ssize_t ret; virMutexLock(&sock->lock); -#if HAVE_SASL +#if WITH_SASL if (sock->saslSession) ret = virNetSocketWriteSASL(sock, buf, len); else diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h index 75b66c5..9eebd68 100644 --- a/src/rpc/virnetsocket.h +++ b/src/rpc/virnetsocket.h @@ -28,7 +28,7 @@ # include "command.h" # include "virnettlscontext.h" # include "virobject.h" -# ifdef HAVE_SASL +# ifdef WITH_SASL # include "virnetsaslcontext.h" # endif @@ -119,7 +119,7 @@ int virNetSocketRecvFD(virNetSocketPtr sock, int *fd); void virNetSocketSetTLSSession(virNetSocketPtr sock, virNetTLSSessionPtr sess); -# ifdef HAVE_SASL +# ifdef WITH_SASL void virNetSocketSetSASLSession(virNetSocketPtr sock, virNetSASLSessionPtr sess); # endif diff --git a/tests/libvirtdconftest.c b/tests/libvirtdconftest.c index a6e1f35..a60b927 100644 --- a/tests/libvirtdconftest.c +++ b/tests/libvirtdconftest.c @@ -120,7 +120,7 @@ testCorrupt(const void *opaque) goto cleanup; } -#if !HAVE_SASL +#if !WITH_SASL if (strstr(err->message, "unsupported auth sasl")) { VIR_DEBUG("sasl unsupported, skipping this config"); goto cleanup; -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 62 ++------------------------------------------------------- m4/virt-sasl.m4 | 12 +++++++++++ 2 files changed, 14 insertions(+), 60 deletions(-) create mode 100644 m4/virt-sasl.m4 diff --git a/configure.ac b/configure.ac index 94929ce..f173c63 100644 --- a/configure.ac +++ b/configure.ac @@ -150,6 +150,7 @@ LIBVIRT_COMPILE_WARNINGS LIBVIRT_CHECK_LIBATTR LIBVIRT_CHECK_SANLOCK +LIBVIRT_CHECK_SASL LIBVIRT_CHECK_YAJL AC_MSG_CHECKING([for CPUID instruction]) @@ -1039,61 +1040,6 @@ AC_SUBST([GNUTLS_CFLAGS]) AC_SUBST([GNUTLS_LIBS]) -dnl Cyrus SASL -AC_ARG_WITH([sasl], - AC_HELP_STRING([--with-sasl], [use cyrus SASL for authentication @<:@default=check@:>@]), - [], - [with_sasl=check]) - -SASL_CFLAGS= -SASL_LIBS= -if test "x$with_sasl" != "xno"; then - if test "x$with_sasl" != "xyes" && test "x$with_sasl" != "xcheck"; then - SASL_CFLAGS="-I$with_sasl" - SASL_LIBS="-L$with_sasl" - fi - fail=0 - old_cflags="$CFLAGS" - old_libs="$LIBS" - CFLAGS="$CFLAGS $SASL_CFLAGS" - LIBS="$LIBS $SASL_LIBS" - AC_CHECK_HEADER([sasl/sasl.h],[],[ - if test "x$with_sasl" = "xcheck" ; then - with_sasl=no - else - fail=1 - fi]) - if test "x$with_sasl" != "xno" ; then - AC_CHECK_LIB([sasl2], [sasl_client_init],[ - SASL_LIBS="$SASL_LIBS -lsasl2" - with_sasl=yes - ],[ - AC_CHECK_LIB([sasl], [sasl_client_init],[ - SASL_LIBS="$SASL_LIBS -lsasl" - with_sasl=yes - ],[ - if test "x$with_sasl" = "xcheck" ; then - with_sasl=no - else - fail=1 - fi - ]) - ]) - fi - test $fail = 1 && - AC_MSG_ERROR([You must install the Cyrus SASL development package in order to compile libvirt]) - CFLAGS="$old_cflags" - LIBS="$old_libs" - if test "x$with_sasl" = "xyes" ; then - AC_DEFINE_UNQUOTED([WITH_SASL], 1, - [whether Cyrus SASL is available for authentication]) - fi -fi -AM_CONDITIONAL([WITH_SASL], [test "x$with_sasl" = "xyes"]) -AC_SUBST([SASL_CFLAGS]) -AC_SUBST([SASL_LIBS]) - - dnl DBus library DBUS_CFLAGS= DBUS_LIBS= @@ -2957,6 +2903,7 @@ AC_MSG_NOTICE([Libraries]) AC_MSG_NOTICE([]) LIBVIRT_RESULT_LIBATTR LIBVIRT_RESULT_SANLOCK +LIBVIRT_RESULT_SASL LIBVIRT_RESULT_YAJL AC_MSG_NOTICE([ libxml: $LIBXML_CFLAGS $LIBXML_LIBS]) AC_MSG_NOTICE([ dlopen: $DLOPEN_LIBS]) @@ -2976,11 +2923,6 @@ else AC_MSG_NOTICE([ libssh2: no]) fi AC_MSG_NOTICE([ gnutls: $GNUTLS_CFLAGS $GNUTLS_LIBS]) -if test "$with_sasl" != "no" ; then -AC_MSG_NOTICE([ sasl: $SASL_CFLAGS $SASL_LIBS]) -else -AC_MSG_NOTICE([ sasl: no]) -fi AC_MSG_NOTICE([firewalld: $with_firewalld]) if test "$with_avahi" = "yes" ; then AC_MSG_NOTICE([ avahi: $AVAHI_CFLAGS $AVAHI_LIBS]) diff --git a/m4/virt-sasl.m4 b/m4/virt-sasl.m4 new file mode 100644 index 0000000..920c794 --- /dev/null +++ b/m4/virt-sasl.m4 @@ -0,0 +1,12 @@ +dnl The libsasl2.so or libsasl.so library + +AC_DEFUN([LIBVIRT_CHECK_SASL],[ + LIBVIRT_CHECK_LIB_FALLBACK([SASL], [SASL1], [sasl], + [sasl2], [sasl], + [sasl_client_init], [sasl_client_init], + [sasl/sasl.h]) +]) + +AC_DEFUN([LIBVIRT_RESULT_SASL],[ + LIBVIRT_RESULT_LIB([SASL], [sasl]) +]) -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 4 ++-- src/util/viraudit.c | 14 +++++++------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/configure.ac b/configure.ac index f173c63..dbef499 100644 --- a/configure.ac +++ b/configure.ac @@ -1209,13 +1209,13 @@ if test "$with_audit" != "no" ; then if test "$with_audit" = "yes" ; then AUDIT_LIBS="$AUDIT_LIBS -laudit" - AC_DEFINE_UNQUOTED([HAVE_AUDIT], 1, [whether libaudit is available]) + AC_DEFINE_UNQUOTED([WITH_AUDIT], 1, [whether libaudit is available]) fi CFLAGS="$old_cflags" LIBS="$old_libs" fi -AM_CONDITIONAL([HAVE_AUDIT], [test "$with_audit" = "yes"]) +AM_CONDITIONAL([WITH_AUDIT], [test "$with_audit" = "yes"]) AC_SUBST([AUDIT_CFLAGS]) AC_SUBST([AUDIT_LIBS]) diff --git a/src/util/viraudit.c b/src/util/viraudit.c index 691d2f1..7a1dc4b 100644 --- a/src/util/viraudit.c +++ b/src/util/viraudit.c @@ -21,7 +21,7 @@ #include <config.h> -#ifdef HAVE_AUDIT +#ifdef WITH_AUDIT # include <libaudit.h> #endif #include <stdio.h> @@ -48,14 +48,14 @@ #define VIR_FROM_THIS VIR_FROM_AUDIT -#if HAVE_AUDIT +#if WITH_AUDIT static int auditfd = -1; #endif static int auditlog = 0; int virAuditOpen(void) { -#if HAVE_AUDIT +#if WITH_AUDIT if ((auditfd = audit_open()) < 0) { virReportSystemError(errno, "%s", _("Unable to initialize audit layer")); return -1; @@ -86,7 +86,7 @@ void virAuditSend(const char *file ATTRIBUTE_UNUSED, const char *func, /* Duplicate later checks, to short circuit & avoid printf overhead * when nothing is enabled */ -#if HAVE_AUDIT +#if WITH_AUDIT if (!auditlog && auditfd < 0) return; #else @@ -110,7 +110,7 @@ void virAuditSend(const char *file ATTRIBUTE_UNUSED, const char *func, "success=no %s", str); } -#if HAVE_AUDIT +#if WITH_AUDIT if (auditfd < 0) { VIR_FREE(str); return; @@ -138,14 +138,14 @@ void virAuditSend(const char *file ATTRIBUTE_UNUSED, const char *func, void virAuditClose(void) { -#if HAVE_AUDIT +#if WITH_AUDIT VIR_FORCE_CLOSE(auditfd); #endif } char *virAuditEncode(const char *key, const char *value) { -#if HAVE_AUDIT +#if WITH_AUDIT return audit_encode_nv_string(key, value, 0); #else char *str; -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 51 ++------------------------------------------------- m4/virt-audit.m4 | 9 +++++++++ 2 files changed, 11 insertions(+), 49 deletions(-) create mode 100644 m4/virt-audit.m4 diff --git a/configure.ac b/configure.ac index dbef499..fd214eb 100644 --- a/configure.ac +++ b/configure.ac @@ -148,6 +148,7 @@ AC_MSG_RESULT([$VERSION_SCRIPT_FLAGS]) LIBVIRT_COMPILE_WARNINGS +LIBVIRT_CHECK_AUDIT LIBVIRT_CHECK_LIBATTR LIBVIRT_CHECK_SANLOCK LIBVIRT_CHECK_SASL @@ -1174,50 +1175,6 @@ fi AC_SUBST([AVAHI_CFLAGS]) AC_SUBST([AVAHI_LIBS]) -dnl Audit library -AC_ARG_WITH([audit], - AC_HELP_STRING([--with-audit], [use audit library @<:@default=check@:>@]), - [], - [with_audit=check]) - -AUDIT_CFLAGS= -AUDIT_LIBS= -if test "$with_audit" != "no" ; then - old_cflags="$CFLAGS" - old_libs="$LIBS" - if test "$with_audit" != "check" && test "$with_audit" != "yes" ; then - AUDIT_CFLAGS="-I$with_audit/include" - AUDIT_LIBS="-L$with_audit/lib" - fi - CFLAGS="$CFLAGS $AUDIT_CFLAGS" - LIBS="$LIBS $AUDIT_LIBS" - fail=0 - AC_CHECK_HEADER([libaudit.h], [], [fail=1]) - AC_CHECK_LIB([audit], [audit_encode_nv_string], [], [fail=1]) - - if test $fail = 1 ; then - if test "$with_audit" = "yes" ; then - AC_MSG_ERROR([You must install the Audit library in order to compile and run libvirt]) - else - with_audit=no - AUDIT_CFLAGS= - AUDIT_LIBS= - fi - else - with_audit=yes - fi - - if test "$with_audit" = "yes" ; then - AUDIT_LIBS="$AUDIT_LIBS -laudit" - AC_DEFINE_UNQUOTED([WITH_AUDIT], 1, [whether libaudit is available]) - fi - - CFLAGS="$old_cflags" - LIBS="$old_libs" -fi -AM_CONDITIONAL([WITH_AUDIT], [test "$with_audit" = "yes"]) -AC_SUBST([AUDIT_CFLAGS]) -AC_SUBST([AUDIT_LIBS]) dnl UUCP style file locks for PTY consoles if test "$with_console_lock_files" != "no"; then @@ -2901,6 +2858,7 @@ fi AC_MSG_NOTICE([]) AC_MSG_NOTICE([Libraries]) AC_MSG_NOTICE([]) +LIBVIRT_RESULT_AUDIT LIBVIRT_RESULT_LIBATTR LIBVIRT_RESULT_SANLOCK LIBVIRT_RESULT_SASL @@ -2938,11 +2896,6 @@ fi else AC_MSG_NOTICE([ polkit: no]) fi -if test "$with_audit" = "yes" ; then -AC_MSG_NOTICE([ audit: $AUDIT_CFLAGS $AUDIT_LIBS]) -else -AC_MSG_NOTICE([ audit: no]) -fi if test "$with_selinux" = "yes" ; then AC_MSG_NOTICE([ selinux: $SELINUX_CFLAGS $SELINUX_LIBS]) else diff --git a/m4/virt-audit.m4 b/m4/virt-audit.m4 new file mode 100644 index 0000000..47bd0cc --- /dev/null +++ b/m4/virt-audit.m4 @@ -0,0 +1,9 @@ +dnl The libaudit.so library + +AC_DEFUN([LIBVIRT_CHECK_AUDIT],[ + LIBVIRT_CHECK_LIB([AUDIT], [audit], [audit], [audit_encode_nv_string], [libaudit.h]) +]) + +AC_DEFUN([LIBVIRT_RESULT_AUDIT],[ + LIBVIRT_RESULT_LIB([AUDIT], [audit]) +]) -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 4 ++-- src/lxc/lxc_container.c | 2 +- src/storage/storage_backend.c | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/configure.ac b/configure.ac index fd214eb..c3b2b13 100644 --- a/configure.ac +++ b/configure.ac @@ -1243,12 +1243,12 @@ if test "$with_selinux" = "yes"; then SELINUX_LIBS="-lselinux" AC_DEFINE_UNQUOTED([SELINUX_MOUNT], ["$SELINUX_MOUNT"], [SELinux mount point]) - AC_DEFINE_UNQUOTED([HAVE_SELINUX], 1, [whether basic SELinux functionality is available]) + AC_DEFINE_UNQUOTED([WITH_SELINUX], 1, [whether basic SELinux functionality is available]) dnl We prefer to use <selinux/label.h> and selabel_open, but can fall dnl back to matchpathcon for the sake of RHEL 5's version of libselinux. AC_CHECK_HEADERS([selinux/label.h]) fi -AM_CONDITIONAL([HAVE_SELINUX], [test "$with_selinux" != "no"]) +AM_CONDITIONAL([WITH_SELINUX], [test "$with_selinux" != "no"]) AC_SUBST([SELINUX_CFLAGS]) AC_SUBST([SELINUX_LIBS]) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 9bc5610..0ae46d7 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -522,7 +522,7 @@ static int lxcContainerMountBasicFS(bool pivotRoot, { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, { "sysfs", "/sys", "sysfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, -#if HAVE_SELINUX +#if WITH_SELINUX { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, { SELINUX_MOUNT, SELINUX_MOUNT, NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, #endif diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c index df3833a..34c3fc4 100644 --- a/src/storage/storage_backend.c +++ b/src/storage/storage_backend.c @@ -41,7 +41,7 @@ # include <linux/fs.h> #endif -#if HAVE_SELINUX +#if WITH_SELINUX # include <selinux/selinux.h> #endif @@ -1161,7 +1161,7 @@ virStorageBackendUpdateVolTargetInfoFD(virStorageVolTargetPtr target, unsigned long long *capacity) { struct stat sb; -#if HAVE_SELINUX +#if WITH_SELINUX security_context_t filecon = NULL; #endif @@ -1225,7 +1225,7 @@ virStorageBackendUpdateVolTargetInfoFD(virStorageVolTargetPtr target, VIR_FREE(target->perms.label); -#if HAVE_SELINUX +#if WITH_SELINUX /* XXX: make this a security driver call */ if (fgetfilecon(fd, &filecon) == -1) { if (errno != ENODATA && errno != ENOTSUP) { -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 63 ++---------------------------------------------------- m4/virt-selinux.m4 | 33 ++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 61 deletions(-) create mode 100644 m4/virt-selinux.m4 diff --git a/configure.ac b/configure.ac index c3b2b13..d60e9ea 100644 --- a/configure.ac +++ b/configure.ac @@ -152,6 +152,7 @@ LIBVIRT_CHECK_AUDIT LIBVIRT_CHECK_LIBATTR LIBVIRT_CHECK_SANLOCK LIBVIRT_CHECK_SASL +LIBVIRT_CHECK_SELINUX LIBVIRT_CHECK_YAJL AC_MSG_CHECKING([for CPUID instruction]) @@ -1197,62 +1198,6 @@ fi AM_CONDITIONAL([VIR_PTY_LOCK_FILE_PATH], [test "$with_console_lock_files" != "no"]) -dnl SELinux -AC_ARG_WITH([selinux], - AC_HELP_STRING([--with-selinux], [use SELinux to manage security @<:@default=check@:>@]), - [], - [with_selinux=check]) -AC_ARG_WITH([selinux_mount], - AC_HELP_STRING([--with-selinux-mount], [set SELinux mount point @<:@default=check@:>@]), - [], - [with_selinux_mount=check]) - -SELINUX_CFLAGS= -SELINUX_LIBS= -if test "$with_selinux" != "no"; then - old_cflags="$CFLAGS" - old_libs="$LIBS" - if test "$with_selinux" = "check"; then - AC_CHECK_HEADER([selinux/selinux.h],[],[with_selinux=no]) - AC_CHECK_LIB([selinux], [fgetfilecon],[],[with_selinux=no]) - if test "$with_selinux" != "no"; then - with_selinux="yes" - fi - else - fail=0 - AC_CHECK_HEADER([selinux/selinux.h],[],[fail=1]) - AC_CHECK_LIB([selinux], [fgetfilecon],[],[fail=1]) - test $fail = 1 && - AC_MSG_ERROR([You must install the libselinux development package in order to compile libvirt with basic SELinux support]) - fi - CFLAGS="$old_cflags" - LIBS="$old_libs" -fi -if test "$with_selinux" = "yes"; then - AC_MSG_CHECKING([SELinux mount point]) - if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then - if test -d /sys/fs/selinux ; then - SELINUX_MOUNT=/sys/fs/selinux - else - SELINUX_MOUNT=/selinux - fi - else - SELINUX_MOUNT=$with_selinux_mount - fi - AC_MSG_RESULT([$SELINUX_MOUNT]) - - SELINUX_LIBS="-lselinux" - AC_DEFINE_UNQUOTED([SELINUX_MOUNT], ["$SELINUX_MOUNT"], [SELinux mount point]) - AC_DEFINE_UNQUOTED([WITH_SELINUX], 1, [whether basic SELinux functionality is available]) - dnl We prefer to use <selinux/label.h> and selabel_open, but can fall - dnl back to matchpathcon for the sake of RHEL 5's version of libselinux. - AC_CHECK_HEADERS([selinux/label.h]) -fi -AM_CONDITIONAL([WITH_SELINUX], [test "$with_selinux" != "no"]) -AC_SUBST([SELINUX_CFLAGS]) -AC_SUBST([SELINUX_LIBS]) - - AC_ARG_WITH([secdriver-selinux], AC_HELP_STRING([--with-secdriver-selinux], [use SELinux security driver @<:@default=check@:>@]), [], @@ -2862,6 +2807,7 @@ LIBVIRT_RESULT_AUDIT LIBVIRT_RESULT_LIBATTR LIBVIRT_RESULT_SANLOCK LIBVIRT_RESULT_SASL +LIBVIRT_RESULT_SELINUX LIBVIRT_RESULT_YAJL AC_MSG_NOTICE([ libxml: $LIBXML_CFLAGS $LIBXML_LIBS]) AC_MSG_NOTICE([ dlopen: $DLOPEN_LIBS]) @@ -2896,11 +2842,6 @@ fi else AC_MSG_NOTICE([ polkit: no]) fi -if test "$with_selinux" = "yes" ; then -AC_MSG_NOTICE([ selinux: $SELINUX_CFLAGS $SELINUX_LIBS]) -else -AC_MSG_NOTICE([ selinux: no]) -fi if test "$with_apparmor" = "yes" ; then AC_MSG_NOTICE([apparmor: $APPARMOR_CFLAGS $APPARMOR_LIBS]) else diff --git a/m4/virt-selinux.m4 b/m4/virt-selinux.m4 new file mode 100644 index 0000000..eba0734 --- /dev/null +++ b/m4/virt-selinux.m4 @@ -0,0 +1,33 @@ +dnl The libselinux.so library + +AC_DEFUN([LIBVIRT_CHECK_SELINUX],[ + LIBVIRT_CHECK_LIB([SELINUX], [selinux], [selinux], [fgetfilecon], [selinux/selinux.h]) + + AC_ARG_WITH([selinux_mount], + AC_HELP_STRING([--with-selinux-mount], [set SELinux mount point @<:@default=check@:>@]), + [], + [with_selinux_mount=check]) + + if test "$with_selinux" = "yes"; then + AC_MSG_CHECKING([SELinux mount point]) + if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then + if test -d /sys/fs/selinux ; then + SELINUX_MOUNT=/sys/fs/selinux + else + SELINUX_MOUNT=/selinux + fi + else + SELINUX_MOUNT=$with_selinux_mount + fi + AC_MSG_RESULT([$SELINUX_MOUNT]) + AC_DEFINE_UNQUOTED([SELINUX_MOUNT], ["$SELINUX_MOUNT"], [SELinux mount point]) + + dnl We prefer to use <selinux/label.h> and selabel_open, but can fall + dnl back to matchpathcon for the sake of RHEL 5's version of libselinux. + AC_CHECK_HEADERS([selinux/label.h]) + fi +]) + +AC_DEFUN([LIBVIRT_RESULT_SELINUX],[ + LIBVIRT_RESULT_LIB([SELINUX], [selinux]) +]) -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 70 +++-------------------------------------------------- m4/virt-apparmor.m4 | 19 +++++++++++++++ 2 files changed, 23 insertions(+), 66 deletions(-) create mode 100644 m4/virt-apparmor.m4 diff --git a/configure.ac b/configure.ac index d60e9ea..56358b3 100644 --- a/configure.ac +++ b/configure.ac @@ -148,6 +148,7 @@ AC_MSG_RESULT([$VERSION_SCRIPT_FLAGS]) LIBVIRT_COMPILE_WARNINGS +LIBVIRT_CHECK_APPARMOR LIBVIRT_CHECK_AUDIT LIBVIRT_CHECK_LIBATTR LIBVIRT_CHECK_SANLOCK @@ -1236,46 +1237,6 @@ fi AM_CONDITIONAL([WITH_SECDRIVER_SELINUX], [test "$with_secdriver_selinux" != "no"]) -dnl AppArmor -AC_ARG_WITH([apparmor], - AC_HELP_STRING([--with-apparmor], [use AppArmor to manage security @<:@default=check@:>@]), - [], - [with_apparmor=check]) - -APPARMOR_CFLAGS= -APPARMOR_LIBS= -if test "$with_apparmor" != "no"; then - old_cflags="$CFLAGS" - old_libs="$LIBS" - if test "$with_apparmor" = "check"; then - AC_CHECK_HEADER([sys/apparmor.h],[],[with_apparmor=no]) - AC_CHECK_LIB([apparmor], [aa_change_profile],[],[with_apparmor=no]) - AC_CHECK_LIB([apparmor], [aa_change_hat],[],[with_apparmor=no]) - if test "$with_apparmor" != "no"; then - with_apparmor="yes" - fi - else - fail=0 - AC_CHECK_HEADER([sys/apparmor.h],[],[fail=1]) - AC_CHECK_LIB([apparmor], [aa_change_profile],[],[fail=1]) - AC_CHECK_LIB([apparmor], [aa_change_hat],[],[fail=1]) - test $fail = 1 && - AC_MSG_ERROR([You must install the AppArmor development package in order to compile libvirt]) - fi - CFLAGS="$old_cflags" - LIBS="$old_libs" -fi -if test "$with_apparmor" = "yes"; then - APPARMOR_LIBS="-lapparmor" - AC_DEFINE_UNQUOTED([HAVE_APPARMOR], 1, [whether AppArmor is available for security]) - AC_DEFINE_UNQUOTED([APPARMOR_DIR], "/etc/apparmor.d", [path to apparmor directory]) - AC_DEFINE_UNQUOTED([APPARMOR_PROFILES_PATH], "/sys/kernel/security/apparmor/profiles", [path to kernel profiles]) -fi -AM_CONDITIONAL([HAVE_APPARMOR], [test "$with_apparmor" != "no"]) -AC_SUBST([APPARMOR_CFLAGS]) -AC_SUBST([APPARMOR_LIBS]) - - AC_ARG_WITH([secdriver-apparmor], AC_HELP_STRING([--with-secdriver-apparmor], [use AppArmor security driver @<:@default=check@:>@]), [], @@ -1288,27 +1249,8 @@ if test "$with_apparmor" != "yes" ; then AC_MSG_ERROR([You must install the AppArmor development package in order to compile libvirt]) fi else - old_cflags="$CFLAGS" - old_libs="$LIBS" - CFLAGS="$CFLAGS $APPARMOR_CFLAGS" - LIBS="$CFLAGS $APPARMOR_LIBS" - - fail=0 - AC_CHECK_FUNC([change_hat], [], [fail=1]) - AC_CHECK_FUNC([aa_change_profile], [], [fail=1]) - CFLAGS="$old_cflags" - LIBS="$old_libs" - - if test "$fail" = "1" ; then - if test "$with_secdriver_apparmor" = "check" ; then - with_secdriver_apparmor=no - else - AC_MSG_ERROR([You must install the AppArmor development package in order to compile libvirt]) - fi - else - with_secdriver_apparmor=yes - AC_DEFINE_UNQUOTED([WITH_SECDRIVER_APPARMOR], 1, [whether AppArmor security driver is available]) - fi + with_secdriver_apparmor=yes + AC_DEFINE_UNQUOTED([WITH_SECDRIVER_APPARMOR], 1, [whether AppArmor security driver is available]) fi AM_CONDITIONAL([WITH_SECDRIVER_APPARMOR], [test "$with_secdriver_apparmor" != "no"]) @@ -2803,6 +2745,7 @@ fi AC_MSG_NOTICE([]) AC_MSG_NOTICE([Libraries]) AC_MSG_NOTICE([]) +LIBVIRT_RESULT_APPARMOR LIBVIRT_RESULT_AUDIT LIBVIRT_RESULT_LIBATTR LIBVIRT_RESULT_SANLOCK @@ -2842,11 +2785,6 @@ fi else AC_MSG_NOTICE([ polkit: no]) fi -if test "$with_apparmor" = "yes" ; then -AC_MSG_NOTICE([apparmor: $APPARMOR_CFLAGS $APPARMOR_LIBS]) -else -AC_MSG_NOTICE([apparmor: no]) -fi if test "$with_numactl" = "yes" ; then AC_MSG_NOTICE([ numactl: $NUMACTL_CFLAGS $NUMACTL_LIBS]) else diff --git a/m4/virt-apparmor.m4 b/m4/virt-apparmor.m4 new file mode 100644 index 0000000..b3efec1 --- /dev/null +++ b/m4/virt-apparmor.m4 @@ -0,0 +1,19 @@ +dnl The libapparmor.so library + +AC_DEFUN([LIBVIRT_CHECK_APPARMOR],[ + LIBVIRT_CHECK_LIB([APPARMOR], [apparmor], [apparmor], [aa_change_profile], [sys/apparmor.h]) + + AC_ARG_WITH([apparmor_mount], + AC_HELP_STRING([--with-apparmor-mount], [set Apparmor mount point @<:@default=check@:>@]), + [], + [with_apparmor_mount=check]) + + if test "$with_apparmor" = "yes"; then + AC_DEFINE_UNQUOTED([APPARMOR_DIR], "/etc/apparmor.d", [path to apparmor directory]) + AC_DEFINE_UNQUOTED([APPARMOR_PROFILES_PATH], "/sys/kernel/security/apparmor/profiles", [path to kernel profiles]) + fi +]) + +AC_DEFUN([LIBVIRT_RESULT_APPARMOR],[ + LIBVIRT_RESULT_LIB([APPARMOR], [apparmor]) +]) -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 4 ++-- docs/hacking.html.in | 2 +- src/lxc/lxc_controller.c | 4 ++-- src/nodeinfo.c | 10 +++++----- src/qemu/qemu_process.c | 4 ++-- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/configure.ac b/configure.ac index 56358b3..5eef7ff 100644 --- a/configure.ac +++ b/configure.ac @@ -1347,10 +1347,10 @@ if test "$with_numad" = "yes"; then fi if test "$with_numactl" = "yes" || test "$with_numad" = "yes"; then NUMACTL_LIBS="-lnuma" - AC_DEFINE_UNQUOTED([HAVE_NUMACTL], 1, [whether numactl-devel is available]) + AC_DEFINE_UNQUOTED([WITH_NUMACTL], 1, [whether numactl-devel is available]) fi AM_CONDITIONAL([HAVE_NUMAD], [test "$with_numad" != "no"]) -AM_CONDITIONAL([HAVE_NUMACTL], [test "$with_numad" != "no" || test "$with_numactl" != "no"]) +AM_CONDITIONAL([WITH_NUMACTL], [test "$with_numad" != "no" || test "$with_numactl" != "no"]) AC_SUBST([NUMACTL_CFLAGS]) AC_SUBST([NUMACTL_LIBS]) diff --git a/docs/hacking.html.in b/docs/hacking.html.in index a97dc22..65d0d4a 100644 --- a/docs/hacking.html.in +++ b/docs/hacking.html.in @@ -748,7 +748,7 @@ #include <string.h> #include <limits.h> - #if HAVE_NUMACTL Some system includes aren't supported + #if WITH_NUMACTL Some system includes aren't supported # include <numa.h> everywhere so need these #if guards. #endif diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 7e98006..9ab53d3 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -47,7 +47,7 @@ # include <cap-ng.h> #endif -#if HAVE_NUMACTL +#if WITH_NUMACTL # define NUMA_VERSION1_COMPATIBILITY 1 # include <numa.h> #endif @@ -392,7 +392,7 @@ cleanup: return ret; } -#if HAVE_NUMACTL +#if WITH_NUMACTL static int virLXCControllerSetupNUMAPolicy(virLXCControllerPtr ctrl) { nodemask_t mask; diff --git a/src/nodeinfo.c b/src/nodeinfo.c index b2de60f..876e9df 100644 --- a/src/nodeinfo.c +++ b/src/nodeinfo.c @@ -33,7 +33,7 @@ #include <sched.h> #include "conf/domain_conf.h" -#if HAVE_NUMACTL +#if WITH_NUMACTL # define NUMA_VERSION1_COMPATIBILITY 1 # include <numa.h> #endif @@ -861,17 +861,17 @@ int nodeGetMemoryStats(virConnectPtr conn ATTRIBUTE_UNUSED, return -1; } } else { -# if HAVE_NUMACTL +# if WITH_NUMACTL if (numa_available() < 0) { # endif virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("NUMA not supported on this host")); return -1; -# if HAVE_NUMACTL +# if WITH_NUMACTL } # endif -# if HAVE_NUMACTL +# if WITH_NUMACTL if (cellNum > numa_max_node()) { virReportInvalidArg(cellNum, _("cellNum in %s must be less than or equal to %d"), @@ -1182,7 +1182,7 @@ nodeGetMemoryParameters(virConnectPtr conn ATTRIBUTE_UNUSED, #endif } -#if HAVE_NUMACTL +#if WITH_NUMACTL # if LIBNUMA_API_VERSION <= 1 # define NUMA_MAX_N_CPUS 4096 # else diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index b6eb342..e9898b7 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -40,7 +40,7 @@ #include "qemu_bridge_filter.h" #include "qemu_migration.h" -#if HAVE_NUMACTL +#if WITH_NUMACTL # define NUMA_VERSION1_COMPATIBILITY 1 # include <numa.h> #endif @@ -1702,7 +1702,7 @@ qemuProcessDetectVcpuPIDs(struct qemud_driver *driver, * Set NUMA memory policy for qemu process, to be run between * fork/exec of QEMU only. */ -#if HAVE_NUMACTL +#if WITH_NUMACTL static int qemuProcessInitNumaMemoryPolicy(virDomainObjPtr vm, virBitmapPtr nodemask) -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 53 ++++------------------------------------------------- m4/virt-numactl.m4 | 9 +++++++++ 2 files changed, 13 insertions(+), 49 deletions(-) create mode 100644 m4/virt-numactl.m4 diff --git a/configure.ac b/configure.ac index 5eef7ff..28ec3e7 100644 --- a/configure.ac +++ b/configure.ac @@ -151,6 +151,7 @@ LIBVIRT_COMPILE_WARNINGS LIBVIRT_CHECK_APPARMOR LIBVIRT_CHECK_AUDIT LIBVIRT_CHECK_LIBATTR +LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_SANLOCK LIBVIRT_CHECK_SASL LIBVIRT_CHECK_SELINUX @@ -1279,34 +1280,6 @@ fi AM_CONDITIONAL([WITH_DTRACE_PROBES], [test "$with_dtrace" != "no"]) -dnl NUMA lib -AC_ARG_WITH([numactl], - AC_HELP_STRING([--with-numactl], [use numactl for host topology info @<:@default=check@:>@]), - [], - [with_numactl=check]) - -NUMACTL_CFLAGS= -NUMACTL_LIBS= -if test "$with_qemu" = "yes" && test "$with_numactl" != "no"; then - old_cflags="$CFLAGS" - old_libs="$LIBS" - if test "$with_numactl" = "check"; then - AC_CHECK_HEADER([numa.h],[],[with_numactl=no]) - AC_CHECK_LIB([numa], [numa_available],[],[with_numactl=no]) - if test "$with_numactl" != "no"; then - with_numactl="yes" - fi - else - fail=0 - AC_CHECK_HEADER([numa.h],[],[fail=1]) - AC_CHECK_LIB([numa], [numa_available],[],[fail=1]) - test $fail = 1 && - AC_MSG_ERROR([You must install the numactl development package in order to compile and run libvirt]) - fi - CFLAGS="$old_cflags" - LIBS="$old_libs" -fi - dnl numad AC_ARG_WITH([numad], AC_HELP_STRING([--with-numad], [use numad to manage CPU placement dynamically @<:@default=check@:>@]), @@ -1314,15 +1287,12 @@ AC_ARG_WITH([numad], [with_numad=check]) if test "$with_numad" != "no" ; then - old_cflags="$CFLAGS" - old_libs="$LIBS" fail=0 AC_PATH_PROG([NUMAD], [numad], [], [/bin:/usr/bin]) if test "$with_numad" = "check"; then - AC_CHECK_HEADER([numa.h], [], [fail=1]) - AC_CHECK_LIB([numa], [numa_available], [], [fail=1]) + test "$with_numactl" = "yes" || fail=1 if test -z "$NUMAD" || test $fail = 1; then with_numad="no" else @@ -1332,27 +1302,16 @@ if test "$with_numad" != "no" ; then test -z "$NUMAD" && AC_MSG_ERROR([You must install numad package to manage CPU and memory placement dynamically]) - AC_CHECK_HEADER([numa.h], [], [fail=1]) - AC_CHECK_LIB([numa], [numa_available], [], [fail=1]) + test "$with_numactl" = "yes" || fail=1 test $fail = 1 && AC_MSG_ERROR([You must install the numactl development package in order to compile and run libvirt]) fi - - CFLAGS="$old_cflags" - LIBS="$old_libs" fi if test "$with_numad" = "yes"; then AC_DEFINE_UNQUOTED([HAVE_NUMAD], 1, [whether numad is available]) AC_DEFINE_UNQUOTED([NUMAD],["$NUMAD"], [Location or name of the numad program]) fi -if test "$with_numactl" = "yes" || test "$with_numad" = "yes"; then - NUMACTL_LIBS="-lnuma" - AC_DEFINE_UNQUOTED([WITH_NUMACTL], 1, [whether numactl-devel is available]) -fi AM_CONDITIONAL([HAVE_NUMAD], [test "$with_numad" != "no"]) -AM_CONDITIONAL([WITH_NUMACTL], [test "$with_numad" != "no" || test "$with_numactl" != "no"]) -AC_SUBST([NUMACTL_CFLAGS]) -AC_SUBST([NUMACTL_LIBS]) dnl pcap lib LIBPCAP_CONFIG="pcap-config" @@ -2748,6 +2707,7 @@ AC_MSG_NOTICE([]) LIBVIRT_RESULT_APPARMOR LIBVIRT_RESULT_AUDIT LIBVIRT_RESULT_LIBATTR +LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_SANLOCK LIBVIRT_RESULT_SASL LIBVIRT_RESULT_SELINUX @@ -2785,11 +2745,6 @@ fi else AC_MSG_NOTICE([ polkit: no]) fi -if test "$with_numactl" = "yes" ; then -AC_MSG_NOTICE([ numactl: $NUMACTL_CFLAGS $NUMACTL_LIBS]) -else -AC_MSG_NOTICE([ numactl: no]) -fi if test "$with_capng" = "yes" ; then AC_MSG_NOTICE([ capng: $CAPNG_CFLAGS $CAPNG_LIBS]) else diff --git a/m4/virt-numactl.m4 b/m4/virt-numactl.m4 new file mode 100644 index 0000000..02244aa --- /dev/null +++ b/m4/virt-numactl.m4 @@ -0,0 +1,9 @@ +dnl The libnuma.so library + +AC_DEFUN([LIBVIRT_CHECK_NUMACTL],[ + LIBVIRT_CHECK_LIB([NUMACTL], [numactl], [numa], [numa_available], [numa.h]) +]) + +AC_DEFUN([LIBVIRT_RESULT_NUMACTL],[ + LIBVIRT_RESULT_LIB([NUMACTL], [numactl]) +]) -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 4 ++-- src/lxc/lxc_container.c | 4 ++-- src/lxc/lxc_controller.c | 4 ++-- src/util/command.c | 4 ++-- src/util/util.c | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/configure.ac b/configure.ac index 28ec3e7..3ef0c7c 100644 --- a/configure.ac +++ b/configure.ac @@ -1464,9 +1464,9 @@ if test "$with_qemu" = "yes" && test "$with_capng" != "no"; then fi if test "$with_capng" = "yes"; then CAPNG_LIBS="-lcap-ng" - AC_DEFINE_UNQUOTED([HAVE_CAPNG], 1, [whether capng is available for privilege reduction]) + AC_DEFINE_UNQUOTED([WITH_CAPNG], 1, [whether capng is available for privilege reduction]) fi -AM_CONDITIONAL([HAVE_CAPNG], [test "$with_capng" != "no"]) +AM_CONDITIONAL([WITH_CAPNG], [test "$with_capng" != "no"]) AC_SUBST([CAPNG_CFLAGS]) AC_SUBST([CAPNG_LIBS]) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 0ae46d7..37cf3d5 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -45,7 +45,7 @@ /* For MS_MOVE */ #include <linux/fs.h> -#if HAVE_CAPNG +#if WITH_CAPNG # include <cap-ng.h> #endif @@ -1686,7 +1686,7 @@ static int lxcContainerSetupMounts(virDomainDefPtr vmDef, */ static int lxcContainerDropCapabilities(bool keepReboot ATTRIBUTE_UNUSED) { -#if HAVE_CAPNG +#if WITH_CAPNG int ret; capng_get_caps_process(); diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 9ab53d3..656adbe 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -43,7 +43,7 @@ #include <sys/stat.h> #include <time.h> -#if HAVE_CAPNG +#if WITH_CAPNG # include <cap-ng.h> #endif @@ -647,7 +647,7 @@ error: static int lxcControllerClearCapabilities(void) { -#if HAVE_CAPNG +#if WITH_CAPNG int ret; capng_clear(CAPNG_SELECT_BOTH); diff --git a/src/util/command.c b/src/util/command.c index 418b198..202f8e5 100644 --- a/src/util/command.c +++ b/src/util/command.c @@ -29,7 +29,7 @@ #include <sys/wait.h> #include <fcntl.h> -#if HAVE_CAPNG +#if WITH_CAPNG # include <cap-ng.h> #endif @@ -161,7 +161,7 @@ virCommandFDSet(int fd, static int virClearCapabilities(void) ATTRIBUTE_UNUSED; -# if HAVE_CAPNG +# if WITH_CAPNG static int virClearCapabilities(void) { int ret; diff --git a/src/util/util.c b/src/util/util.c index 8b1f0dc..ebda87e 100644 --- a/src/util/util.c +++ b/src/util/util.c @@ -58,7 +58,7 @@ # include <pwd.h> # include <grp.h> #endif -#if HAVE_CAPNG +#if WITH_CAPNG # include <cap-ng.h> #endif #if defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 47 ++--------------------------------------------- m4/virt-capng.m4 | 9 +++++++++ 2 files changed, 11 insertions(+), 45 deletions(-) create mode 100644 m4/virt-capng.m4 diff --git a/configure.ac b/configure.ac index 3ef0c7c..2232c5c 100644 --- a/configure.ac +++ b/configure.ac @@ -150,6 +150,7 @@ LIBVIRT_COMPILE_WARNINGS LIBVIRT_CHECK_APPARMOR LIBVIRT_CHECK_AUDIT +LIBVIRT_CHECK_CAPNG LIBVIRT_CHECK_LIBATTR LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_SANLOCK @@ -1431,46 +1432,6 @@ AM_CONDITIONAL([HAVE_LIBSSH2], [test "$with_libssh2_transport" = "yes"]) AC_SUBST([LIBSSH2_CFLAGS]) AC_SUBST([LIBSSH2_LIBS]) -dnl libcap-ng -AC_ARG_WITH([capng], - AC_HELP_STRING([--with-capng], [use libcap-ng to reduce libvirtd privileges @<:@default=check@:>@]), - [], - [with_capng=check]) - -dnl -dnl This check looks for 'capng_updatev' since that was -dnl introduced in 0.4.0 release which need as minimum -dnl -CAPNG_CFLAGS= -CAPNG_LIBS= -if test "$with_qemu" = "yes" && test "$with_capng" != "no"; then - old_cflags="$CFLAGS" - old_libs="$LIBS" - if test "$with_capng" = "check"; then - AC_CHECK_HEADER([cap-ng.h],[],[with_capng=no]) - AC_CHECK_LIB([cap-ng], [capng_updatev],[],[with_capng=no]) - if test "$with_capng" != "no"; then - with_capng="yes" - fi - else - fail=0 - AC_CHECK_HEADER([cap-ng.h],[],[fail=1]) - AC_CHECK_LIB([cap-ng], [capng_updatev],[],[fail=1]) - test $fail = 1 && - AC_MSG_ERROR([You must install the capng >= 0.4.0 development package in order to compile and run libvirt]) - fi - CFLAGS="$old_cflags" - LIBS="$old_libs" -fi -if test "$with_capng" = "yes"; then - CAPNG_LIBS="-lcap-ng" - AC_DEFINE_UNQUOTED([WITH_CAPNG], 1, [whether capng is available for privilege reduction]) -fi -AM_CONDITIONAL([WITH_CAPNG], [test "$with_capng" != "no"]) -AC_SUBST([CAPNG_CFLAGS]) -AC_SUBST([CAPNG_LIBS]) - - dnl virsh libraries AC_CHECK_HEADERS([readline/readline.h]) @@ -2706,6 +2667,7 @@ AC_MSG_NOTICE([Libraries]) AC_MSG_NOTICE([]) LIBVIRT_RESULT_APPARMOR LIBVIRT_RESULT_AUDIT +LIBVIRT_RESULT_CAPNG LIBVIRT_RESULT_LIBATTR LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_SANLOCK @@ -2745,11 +2707,6 @@ fi else AC_MSG_NOTICE([ polkit: no]) fi -if test "$with_capng" = "yes" ; then -AC_MSG_NOTICE([ capng: $CAPNG_CFLAGS $CAPNG_LIBS]) -else -AC_MSG_NOTICE([ capng: no]) -fi if test "$with_xen" = "yes" ; then AC_MSG_NOTICE([ xen: $XEN_CFLAGS $XEN_LIBS]) else diff --git a/m4/virt-capng.m4 b/m4/virt-capng.m4 new file mode 100644 index 0000000..bac894d --- /dev/null +++ b/m4/virt-capng.m4 @@ -0,0 +1,9 @@ +dnl The libcapng.so library + +AC_DEFUN([LIBVIRT_CHECK_CAPNG],[ + LIBVIRT_CHECK_LIB([CAPNG], [capng], [cap-ng], [capng_updatev], [cap-ng.h]) +]) + +AC_DEFUN([LIBVIRT_RESULT_CAPNG],[ + LIBVIRT_RESULT_LIB([CAPNG], [capng]) +]) -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> To simplify use of PKG_CHECK_MODULES in association with a --with-XXX arg, introduce LIBVIRT_CHECK_PKG Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- m4/virt-lib.m4 | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/m4/virt-lib.m4 b/m4/virt-lib.m4 index 86a6aa0..cff9ac7 100644 --- a/m4/virt-lib.m4 +++ b/m4/virt-lib.m4 @@ -197,6 +197,62 @@ AC_DEFUN([LIBVIRT_CHECK_LIB_FALLBACK],[ ]) dnl +dnl Probe for existance of libXXXX and set WITH_XXX +dnl config header var, WITH_XXXX make conditional and +dnl with_XXX configure shell var. +dnl +dnl LIBVIRT_CHECK_PKG([WITH_VAR],[NAME_VAR],[LIBNAME],[FUNCNAME],[HDRNAME]) +dnl +dnl WITH_VAR: Suffix for the WITH_XXX variable in config.h & conditional in make, +dnl and prefix for the XXX_CFLAGS and XXX_LIBS make variables +dnl NAME_VAR: Suffix for the --with-XXX configure arg and $with_XXX configure variable +dnl PKG_NAME: Name of the pkg-config module +dnl PKG_VER: Version of the pkg-config module +dnl +dnl eg +dnl +dnl LIBVIRT_CHECK_PKG([NETCF],[netcf],[netcf], [0.1.4]) +dnl +AC_DEFUN([LIBVIRT_CHECK_PKG],[ + AS_VAR_PUSHDEF([mod_var],[$1]) + AS_VAR_PUSHDEF([config_var],[WITH_$1]) + AS_VAR_PUSHDEF([make_var],[WITH_$1]) + AS_VAR_PUSHDEF([cflags_var],[$1_CFLAGS]) + AS_VAR_PUSHDEF([libs_var],[$1_LIBS]) + AS_VAR_PUSHDEF([name_var],[$2]) + AS_VAR_PUSHDEF([arg_var],[with-$2]) + AS_VAR_PUSHDEF([with_var],[with_$2]) + dnl AS_VAR_PUSHDEF([pkk_name],[$3]) + dnl AS_VAR_PUSHDEF([pkg_ver],[$4]) + + AC_ARG_WITH([name_var], + AC_HELP_STRING([--arg_var], + [with $3 support @<:@default=check@:>@]),[],[with_var][=check]) + + fail=0 + if test "$with_var" != "no" ; then + PKG_CHECK_MODULES(mod_var, $3 >= $4,[ + AS_VAR_SET([with_var],[yes]) + ],[ + if test "$with_var" != "check"; then + fail=1 + fi + AS_VAR_SET([with_var],[no]) + ]) + fi + + if test $fail = 1; then + AC_MSG_ERROR([You must install the $3 pkg-config module to compile libvirt]) + fi + + if test "$with_var" = "yes" ; then + AC_DEFINE_UNQUOTED(config_var, 1, [whether $3 is available]) + fi + + AM_CONDITIONAL(make_var, [test "$with_var" = "yes"]) +]) + +dnl dnl To be called after a LIBVIRT_CHECK_LIB or LIBVIRT_CHECK_LIB_FALLBACK dnl invocation to print the result status dnl -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 42 ++---------------------------------------- m4/virt-netcf.m4 | 23 +++++++++++++++++++++++ 2 files changed, 25 insertions(+), 40 deletions(-) create mode 100644 m4/virt-netcf.m4 diff --git a/configure.ac b/configure.ac index 2232c5c..141d321 100644 --- a/configure.ac +++ b/configure.ac @@ -101,7 +101,6 @@ GNUTLS_REQUIRED="1.0.25" AVAHI_REQUIRED="0.6.0" POLKIT_REQUIRED="0.6" PARTED_REQUIRED="1.8.0" -NETCF_REQUIRED="0.1.4" UDEV_REQUIRED=145 PCIACCESS_REQUIRED=0.10.0 XMLRPC_REQUIRED=1.14.0 @@ -152,6 +151,7 @@ LIBVIRT_CHECK_APPARMOR LIBVIRT_CHECK_AUDIT LIBVIRT_CHECK_CAPNG LIBVIRT_CHECK_LIBATTR +LIBVIRT_CHECK_NETCF LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_SANLOCK LIBVIRT_CHECK_SASL @@ -1499,40 +1499,6 @@ if test "$with_qemu:$with_lxc:$with_network" != "no:no:no"; then fi AM_CONDITIONAL([WITH_BRIDGE], [test "$with_bridge" = "yes"]) -dnl netcf library -AC_ARG_WITH([netcf], - AC_HELP_STRING([--with-netcf], [libnetcf support to configure physical host network interfaces @<:@default=check@:>@]), -[], [with_netcf=check]) - -NETCF_CFLAGS= -NETCF_LIBS= -if test "$with_libvirtd" = "no" ; then - with_netcf=no -fi -if test "$with_netcf" = "yes" || test "$with_netcf" = "check"; then - PKG_CHECK_MODULES(NETCF, netcf >= $NETCF_REQUIRED, - [with_netcf=yes], [ - if test "$with_netcf" = "check" ; then - with_netcf=no - else - AC_MSG_ERROR( - [You must install libnetcf >= $NETCF_REQUIRED to compile libvirt]) - fi - ]) - if test "$with_netcf" = "yes" ; then - AC_DEFINE_UNQUOTED([WITH_NETCF], 1, - [whether libnetcf is available to configure physical host network interfaces]) - AC_CHECK_LIB([netcf], [ncf_change_begin], [netcf_transactions=1], [netcf_transactions=0]) - if test "$netcf_transactions" = "1" ; then - AC_DEFINE_UNQUOTED([HAVE_NETCF_TRANSACTIONS], 1, - [we have sufficiently new version of netcf for transaction network API]) - fi - fi -fi -AM_CONDITIONAL([WITH_NETCF], [test "$with_netcf" = "yes"]) -AC_SUBST([NETCF_CFLAGS]) -AC_SUBST([NETCF_LIBS]) - AC_ARG_WITH([secrets], AC_HELP_STRING([--with-secrets], [with local secrets management driver @<:@default=yes@:>@]),[],[with_secrets=yes]) @@ -2669,6 +2635,7 @@ LIBVIRT_RESULT_APPARMOR LIBVIRT_RESULT_AUDIT LIBVIRT_RESULT_CAPNG LIBVIRT_RESULT_LIBATTR +LIBVIRT_RESULT_NETCF LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_SANLOCK LIBVIRT_RESULT_SASL @@ -2732,11 +2699,6 @@ AC_MSG_NOTICE([ udev: $UDEV_CFLAGS $UDEV_LIBS $PCIACCESS_CFLAGS $PCIACCESS_LI else AC_MSG_NOTICE([ udev: no]) fi -if test "$with_netcf" = "yes" ; then -AC_MSG_NOTICE([ netcf: $NETCF_CFLAGS $NETCF_LIBS]) -else -AC_MSG_NOTICE([ netcf: no]) -fi if test "$with_qemu" = "yes" && test "$LIBPCAP_FOUND" != "no"; then AC_MSG_NOTICE([ pcap: $LIBPCAP_CFLAGS $LIBPCAP_LIBS]) else diff --git a/m4/virt-netcf.m4 b/m4/virt-netcf.m4 new file mode 100644 index 0000000..419beb2 --- /dev/null +++ b/m4/virt-netcf.m4 @@ -0,0 +1,23 @@ +dnl The libnetcf.so library + +AC_DEFUN([LIBVIRT_CHECK_NETCF],[ + LIBVIRT_CHECK_PKG([NETCF], [netcf], [netcf], [0.1.4]) + + if test "$with_netcf" = "yes" ; then + old_CFLAGS="$CFLAGS" + old_LIBS="$CFLAGS" + CFLAGS="$CFLAGS $NETCF_CFLAGS" + LIBS="$LIBS $NETCF_LIBS" + AC_CHECK_FUNC([ncf_change_begin], [netcf_transactions=1], [netcf_transactions=0]) + if test "$netcf_transactions" = "1" ; then + AC_DEFINE_UNQUOTED([HAVE_NETCF_TRANSACTIONS], 1, + [we have sufficiently new version of netcf for transaction network API]) + fi + CFLAGS="$old_CFLAGS" + LIBS="$old_LIBS" + fi +]) + +AC_DEFUN([LIBVIRT_RESULT_NETCF],[ + LIBVIRT_RESULT_LIB([NETCF], [netcf]) +]) -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 4 ++-- src/nwfilter/nwfilter_driver.c | 4 ++-- src/util/virdbus.c | 6 +++--- src/util/virdbus.h | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/configure.ac b/configure.ac index 141d321..07ddecc 100644 --- a/configure.ac +++ b/configure.ac @@ -1063,7 +1063,7 @@ if test "$with_dbus" = "yes" || test "$with_dbus" = "check" ; then fi if test "$with_dbus" = "yes" ; then - AC_DEFINE_UNQUOTED([HAVE_DBUS], 1, [enable communication with DBus]) + AC_DEFINE_UNQUOTED([WITH_DBUS], 1, [enable communication with DBus]) save_LIBS="$LIBS" save_CFLAGS="$CFLAGS" @@ -1073,7 +1073,7 @@ if test "$with_dbus" = "yes" ; then LIBS="$save_LIBS" CFLAGS="$save_CFLAGS" fi -AM_CONDITIONAL([HAVE_DBUS], [test "$have_dbus" = "yes"]) +AM_CONDITIONAL([WITH_DBUS], [test "$have_dbus" = "yes"]) dnl PolicyKit library diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index d2f8c69..772c477 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -170,9 +170,9 @@ nwfilterDriverStartup(int privileged) char *base = NULL; DBusConnection *sysbus = NULL; -#if HAVE_DBUS +#if WITH_DBUS sysbus = virDBusGetSystemBus(); -#endif /* HAVE_DBUS */ +#endif /* WITH_DBUS */ if (VIR_ALLOC(driverState) < 0) goto alloc_err_exit; diff --git a/src/util/virdbus.c b/src/util/virdbus.c index da1b143a..3e8642c 100644 --- a/src/util/virdbus.c +++ b/src/util/virdbus.c @@ -29,7 +29,7 @@ #define VIR_FROM_THIS VIR_FROM_DBUS -#ifdef HAVE_DBUS +#ifdef WITH_DBUS static DBusConnection *systembus = NULL; static virOnceControl once = VIR_ONCE_CONTROL_INITIALIZER; @@ -186,7 +186,7 @@ static void virDBusToggleWatch(DBusWatch *watch, (void)virEventUpdateHandle(info->watch, flags); } -#else /* ! HAVE_DBUS */ +#else /* ! WITH_DBUS */ DBusConnection *virDBusGetSystemBus(void) { virReportError(VIR_ERR_INTERNAL_ERROR, @@ -194,4 +194,4 @@ DBusConnection *virDBusGetSystemBus(void) return NULL; } -#endif /* ! HAVE_DBUS */ +#endif /* ! WITH_DBUS */ diff --git a/src/util/virdbus.h b/src/util/virdbus.h index 92d0db0..bdcc329 100644 --- a/src/util/virdbus.h +++ b/src/util/virdbus.h @@ -22,7 +22,7 @@ #ifndef __VIR_DBUS_H__ # define __VIR_DBUS_H__ -# ifdef HAVE_DBUS +# ifdef WITH_DBUS # include <dbus/dbus.h> # else # define DBusConnection void -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 34 ++-------------------------------- m4/virt-dbus.m4 | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+), 32 deletions(-) create mode 100644 m4/virt-dbus.m4 diff --git a/configure.ac b/configure.ac index 07ddecc..6f4fa90 100644 --- a/configure.ac +++ b/configure.ac @@ -113,7 +113,6 @@ LIBNL_REQUIRED="1.1" LIBSSH2_REQUIRED="1.0" LIBSSH2_TRANSPORT_REQUIRED="1.3" LIBBLKID_REQUIRED="2.17" -DBUS_REQUIRED="1.0.0" dnl Checks for C compiler. AC_PROG_CC @@ -150,6 +149,7 @@ LIBVIRT_COMPILE_WARNINGS LIBVIRT_CHECK_APPARMOR LIBVIRT_CHECK_AUDIT LIBVIRT_CHECK_CAPNG +LIBVIRT_CHECK_DBUS LIBVIRT_CHECK_LIBATTR LIBVIRT_CHECK_NETCF LIBVIRT_CHECK_NUMACTL @@ -1045,37 +1045,6 @@ AC_SUBST([GNUTLS_CFLAGS]) AC_SUBST([GNUTLS_LIBS]) -dnl DBus library -DBUS_CFLAGS= -DBUS_LIBS= -AC_ARG_WITH([dbus], - AC_HELP_STRING([--with-dbus], [enable communication with DBus @<:@default=check@:>@]), - [], - [with_dbus=check]) -if test "$with_dbus" = "yes" || test "$with_dbus" = "check" ; then - PKG_CHECK_MODULES(DBUS, dbus-1 >= $DBUS_REQUIRED, - [with_dbus=yes], [ - if test "$with_dbus" = "check" ; then - with_dbus=no - else - AC_MSG_ERROR([You must install DBus >= $DBUS_REQUIRED to compile libvirt]) - fi]) -fi - -if test "$with_dbus" = "yes" ; then - AC_DEFINE_UNQUOTED([WITH_DBUS], 1, [enable communication with DBus]) - - save_LIBS="$LIBS" - save_CFLAGS="$CFLAGS" - LIBS="$LIBS $DBUS_LIBS" - CFLAGS="$CFLAGS $DBUS_CFLAGS" - AC_CHECK_FUNCS([dbus_watch_get_unix_fd]) - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" -fi -AM_CONDITIONAL([WITH_DBUS], [test "$have_dbus" = "yes"]) - - dnl PolicyKit library POLKIT_CFLAGS= POLKIT_LIBS= @@ -2634,6 +2603,7 @@ AC_MSG_NOTICE([]) LIBVIRT_RESULT_APPARMOR LIBVIRT_RESULT_AUDIT LIBVIRT_RESULT_CAPNG +LIBVIRT_RESULT_DBUS LIBVIRT_RESULT_LIBATTR LIBVIRT_RESULT_NETCF LIBVIRT_RESULT_NUMACTL diff --git a/m4/virt-dbus.m4 b/m4/virt-dbus.m4 new file mode 100644 index 0000000..4107b95 --- /dev/null +++ b/m4/virt-dbus.m4 @@ -0,0 +1,19 @@ +dnl The libdbus.so library + +AC_DEFUN([LIBVIRT_CHECK_DBUS],[ + LIBVIRT_CHECK_PKG([DBUS], [dbus], [dbus-1], [1.0.0]) + + if test "$with_dbus" = "yes" ; then + old_CFLAGS="$CFLAGS" + old_LIBS="$CFLAGS" + CFLAGS="$CFLAGS $DBUS_CFLAGS" + LIBS="$LIBS $DBUS_LIBS" + AC_CHECK_FUNCS([dbus_watch_get_unix_fd]) + CFLAGS="$old_CFLAGS" + LIBS="$old_LIBS" + fi +]) + +AC_DEFUN([LIBVIRT_RESULT_DBUS],[ + LIBVIRT_RESULT_LIB([DBUS], [dbus]) +]) -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 2 +- src/rpc/virnetservermdns.c | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/configure.ac b/configure.ac index 6f4fa90..f3e82d0 100644 --- a/configure.ac +++ b/configure.ac @@ -1141,7 +1141,7 @@ if test "x$with_avahi" = "xyes" || test "x$with_avahi" = "xcheck"; then fi ]) if test "x$with_avahi" = "xyes" ; then - AC_DEFINE_UNQUOTED([HAVE_AVAHI], 1, + AC_DEFINE_UNQUOTED([WITH_AVAHI], 1, [whether Avahi is used to broadcast server presense]) fi fi diff --git a/src/rpc/virnetservermdns.c b/src/rpc/virnetservermdns.c index 7c43c40..dc62b2f 100644 --- a/src/rpc/virnetservermdns.c +++ b/src/rpc/virnetservermdns.c @@ -29,7 +29,7 @@ #include <stdio.h> #include <stdlib.h> -#if HAVE_AVAHI +#if WITH_AVAHI # include <avahi-client/client.h> # include <avahi-client/publish.h> @@ -57,7 +57,7 @@ struct _virNetServerMDNSEntry { struct _virNetServerMDNSGroup { virNetServerMDNSPtr mdns; -#if HAVE_AVAHI +#if WITH_AVAHI AvahiEntryGroup *handle; #endif char *name; @@ -66,14 +66,14 @@ struct _virNetServerMDNSGroup { }; struct _virNetServerMDNS { -#if HAVE_AVAHI +#if WITH_AVAHI AvahiClient *client; AvahiPoll *poller; #endif virNetServerMDNSGroupPtr group; }; -#if HAVE_AVAHI +#if WITH_AVAHI /* Avahi API requires this struct name in the app :-( */ struct AvahiWatch { int watch; @@ -620,7 +620,7 @@ void virNetServerMDNSEntryFree(virNetServerMDNSEntryPtr entry) VIR_FREE(entry); } -#else /* ! HAVE_AVAHI */ +#else /* ! WITH_AVAHI */ static const char *unsupported = N_("avahi not available at build time"); @@ -693,4 +693,4 @@ virNetServerMDNSEntryFree(virNetServerMDNSEntryPtr entry ATTRIBUTE_UNUSED) VIR_DEBUG("%s", _(unsupported)); } -#endif /* ! HAVE_AVAHI */ +#endif /* ! WITH_AVAHI */ -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 34 ++-------------------------------- m4/virt-avahi.m4 | 9 +++++++++ 2 files changed, 11 insertions(+), 32 deletions(-) create mode 100644 m4/virt-avahi.m4 diff --git a/configure.ac b/configure.ac index f3e82d0..e68c338 100644 --- a/configure.ac +++ b/configure.ac @@ -98,7 +98,6 @@ fi dnl Required minimum versions of all libs we depend on LIBXML_REQUIRED="2.6.0" GNUTLS_REQUIRED="1.0.25" -AVAHI_REQUIRED="0.6.0" POLKIT_REQUIRED="0.6" PARTED_REQUIRED="1.8.0" UDEV_REQUIRED=145 @@ -148,6 +147,7 @@ LIBVIRT_COMPILE_WARNINGS LIBVIRT_CHECK_APPARMOR LIBVIRT_CHECK_AUDIT +LIBVIRT_CHECK_AVAHI LIBVIRT_CHECK_CAPNG LIBVIRT_CHECK_DBUS LIBVIRT_CHECK_LIBATTR @@ -1122,32 +1122,6 @@ if test "x$with_firewalld" == "xyes" ; then fi AM_CONDITIONAL([HAVE_FIREWALLD], [test "x$with_firewalld" != "xno"]) -dnl Avahi library -AC_ARG_WITH([avahi], - AC_HELP_STRING([--with-avahi], [use avahi to advertise remote daemon @<:@default=check@:>@]), - [], - [with_avahi=check]) - -AVAHI_CFLAGS= -AVAHI_LIBS= -if test "x$with_avahi" = "xyes" || test "x$with_avahi" = "xcheck"; then - PKG_CHECK_MODULES(AVAHI, avahi-client >= $AVAHI_REQUIRED, - [with_avahi=yes], [ - if test "x$with_avahi" = "xcheck" ; then - with_avahi=no - else - AC_MSG_ERROR( - [You must install Avahi >= $AVAHI_REQUIRED to compile libvirt]) - fi - ]) - if test "x$with_avahi" = "xyes" ; then - AC_DEFINE_UNQUOTED([WITH_AVAHI], 1, - [whether Avahi is used to broadcast server presense]) - fi -fi -AC_SUBST([AVAHI_CFLAGS]) -AC_SUBST([AVAHI_LIBS]) - dnl UUCP style file locks for PTY consoles if test "$with_console_lock_files" != "no"; then @@ -2602,6 +2576,7 @@ AC_MSG_NOTICE([Libraries]) AC_MSG_NOTICE([]) LIBVIRT_RESULT_APPARMOR LIBVIRT_RESULT_AUDIT +LIBVIRT_RESULT_AVAHI LIBVIRT_RESULT_CAPNG LIBVIRT_RESULT_DBUS LIBVIRT_RESULT_LIBATTR @@ -2630,11 +2605,6 @@ AC_MSG_NOTICE([ libssh2: no]) fi AC_MSG_NOTICE([ gnutls: $GNUTLS_CFLAGS $GNUTLS_LIBS]) AC_MSG_NOTICE([firewalld: $with_firewalld]) -if test "$with_avahi" = "yes" ; then -AC_MSG_NOTICE([ avahi: $AVAHI_CFLAGS $AVAHI_LIBS]) -else -AC_MSG_NOTICE([ avahi: no]) -fi if test "$with_polkit" = "yes" ; then if test "$with_polkit0" = "yes" ; then AC_MSG_NOTICE([ polkit: $POLKIT_CFLAGS $POLKIT_LIBS (version 0)]) diff --git a/m4/virt-avahi.m4 b/m4/virt-avahi.m4 new file mode 100644 index 0000000..171ff4a --- /dev/null +++ b/m4/virt-avahi.m4 @@ -0,0 +1,9 @@ +dnl The libavahi.so library + +AC_DEFUN([LIBVIRT_CHECK_AVAHI],[ + LIBVIRT_CHECK_PKG([AVAHI], [avahi], [avahi-client], [0.6.0]) +]) + +AC_DEFUN([LIBVIRT_RESULT_AVAHI],[ + LIBVIRT_RESULT_LIB([AVAHI], [avahi]) +]) -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 4 ++-- src/Makefile.am | 2 +- src/node_device/node_device_driver.c | 4 ++-- src/node_device/node_device_driver.h | 2 +- src/storage/storage_backend_scsi.c | 4 ++-- src/util/storage_file.c | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/configure.ac b/configure.ac index e68c338..e1c8635 100644 --- a/configure.ac +++ b/configure.ac @@ -2251,11 +2251,11 @@ if test "x$with_udev" = "xyes" || test "x$with_udev" = "xcheck"; then ]) fi if test "x$with_udev" = "xyes" ; then - AC_DEFINE_UNQUOTED([HAVE_UDEV], 1, + AC_DEFINE_UNQUOTED([WITH_UDEV], 1, [use UDEV for host device enumeration]) fi fi -AM_CONDITIONAL([HAVE_UDEV], [test "x$with_udev" = "xyes"]) +AM_CONDITIONAL([WITH_UDEV], [test "x$with_udev" = "xyes"]) AC_SUBST([UDEV_CFLAGS]) AC_SUBST([UDEV_LIBS]) AC_SUBST([PCIACCESS_CFLAGS]) diff --git a/src/Makefile.am b/src/Makefile.am index 7c5db89..026aaea 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1154,7 +1154,7 @@ libvirt_driver_nodedev_la_SOURCES += $(NODE_DEVICE_DRIVER_HAL_SOURCES) libvirt_driver_nodedev_la_CFLAGS += $(HAL_CFLAGS) libvirt_driver_nodedev_la_LIBADD += $(HAL_LIBS) endif -if HAVE_UDEV +if WITH_UDEV libvirt_driver_nodedev_la_SOURCES += $(NODE_DEVICE_DRIVER_UDEV_SOURCES) libvirt_driver_nodedev_la_CFLAGS += $(UDEV_CFLAGS) $(PCIACCESS_CFLAGS) libvirt_driver_nodedev_la_LIBADD += $(UDEV_LIBS) $(PCIACCESS_LIBS) diff --git a/src/node_device/node_device_driver.c b/src/node_device/node_device_driver.c index 4c62707..6759815 100644 --- a/src/node_device/node_device_driver.c +++ b/src/node_device/node_device_driver.c @@ -681,7 +681,7 @@ out: } int nodedevRegister(void) { -#if defined(HAVE_HAL) && defined(HAVE_UDEV) +#if defined(HAVE_HAL) && defined(WITH_UDEV) /* Register only one of these two - they conflict */ if (udevNodeRegister() == -1) return halNodeRegister(); @@ -690,7 +690,7 @@ int nodedevRegister(void) { # ifdef HAVE_HAL return halNodeRegister(); # endif -# ifdef HAVE_UDEV +# ifdef WITH_UDEV return udevNodeRegister(); # endif #endif diff --git a/src/node_device/node_device_driver.h b/src/node_device/node_device_driver.h index b34e1af..d1dc134 100644 --- a/src/node_device/node_device_driver.h +++ b/src/node_device/node_device_driver.h @@ -42,7 +42,7 @@ # ifdef HAVE_HAL int halNodeRegister(void); # endif -# ifdef HAVE_UDEV +# ifdef WITH_UDEV int udevNodeRegister(void); # endif diff --git a/src/storage/storage_backend_scsi.c b/src/storage/storage_backend_scsi.c index 9689fb0..b3a36c8 100644 --- a/src/storage/storage_backend_scsi.c +++ b/src/storage/storage_backend_scsi.c @@ -166,7 +166,7 @@ static char * virStorageBackendSCSISerial(const char *dev) { char *serial = NULL; -#ifdef HAVE_UDEV +#ifdef WITH_UDEV virCommandPtr cmd = virCommandNewArgList( "/lib/udev/scsi_id", "--replace-whitespace", @@ -191,7 +191,7 @@ virStorageBackendSCSISerial(const char *dev) virReportOOMError(); } -#ifdef HAVE_UDEV +#ifdef WITH_UDEV cleanup: virCommandFree(cmd); #endif diff --git a/src/util/storage_file.c b/src/util/storage_file.c index 2399e50..d2cb7db 100644 --- a/src/util/storage_file.c +++ b/src/util/storage_file.c @@ -1129,7 +1129,7 @@ const char *virStorageFileGetLVMKey(const char *path) } #endif -#ifdef HAVE_UDEV +#ifdef WITH_UDEV const char *virStorageFileGetSCSIKey(const char *path) { char *key = NULL; -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 55 ++-------------------------------------------------- m4/virt-pciaccess.m4 | 9 +++++++++ m4/virt-udev.m4 | 15 ++++++++++++++ 3 files changed, 26 insertions(+), 53 deletions(-) create mode 100644 m4/virt-pciaccess.m4 create mode 100644 m4/virt-udev.m4 diff --git a/configure.ac b/configure.ac index e1c8635..3172063 100644 --- a/configure.ac +++ b/configure.ac @@ -100,8 +100,6 @@ LIBXML_REQUIRED="2.6.0" GNUTLS_REQUIRED="1.0.25" POLKIT_REQUIRED="0.6" PARTED_REQUIRED="1.8.0" -UDEV_REQUIRED=145 -PCIACCESS_REQUIRED=0.10.0 XMLRPC_REQUIRED=1.14.0 HAL_REQUIRED=0.5.0 DEVMAPPER_REQUIRED=1.0.0 @@ -156,6 +154,7 @@ LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_SANLOCK LIBVIRT_CHECK_SASL LIBVIRT_CHECK_SELINUX +LIBVIRT_CHECK_UDEV LIBVIRT_CHECK_YAJL AC_MSG_CHECKING([for CPUID instruction]) @@ -2215,52 +2214,6 @@ AC_SUBST([HAL_CFLAGS]) AC_SUBST([HAL_LIBS]) -dnl udev/libpciaccess library check for alternate host device enumeration -UDEV_CFLAGS= -UDEV_LIBS= -PCIACCESS_CFLAGS= -PCIACCESS_LIBS= -AC_ARG_WITH([udev], - AC_HELP_STRING([--with-udev], [use libudev for host device enumeration @<:@default=check@:>@]), - [], - [with_udev=check]) - -if test "$with_libvirtd" = "no" ; then - with_udev=no -fi -if test "x$with_udev" = "xyes" || test "x$with_udev" = "xcheck"; then - PKG_CHECK_MODULES(UDEV, libudev >= $UDEV_REQUIRED, - [], [ - if test "x$with_udev" = "xcheck" ; then - with_udev=no - else - AC_MSG_ERROR( - [You must install libudev-devel >= $UDEV_REQUIRED to compile libvirt]) - fi - ]) - if test "x$with_udev" != "xno"; then - PKG_CHECK_MODULES(PCIACCESS, pciaccess >= $PCIACCESS_REQUIRED, - [with_udev=yes], - [ - if test "x$with_udev" = "xcheck" ; then - with_udev=no - else - AC_MSG_ERROR( - [You must install libpciaccess-devel >= $PCIACCESS_REQUIRED to compile libvirt]) - fi - ]) - fi - if test "x$with_udev" = "xyes" ; then - AC_DEFINE_UNQUOTED([WITH_UDEV], 1, - [use UDEV for host device enumeration]) - fi -fi -AM_CONDITIONAL([WITH_UDEV], [test "x$with_udev" = "xyes"]) -AC_SUBST([UDEV_CFLAGS]) -AC_SUBST([UDEV_LIBS]) -AC_SUBST([PCIACCESS_CFLAGS]) -AC_SUBST([PCIACCESS_LIBS]) - with_nodedev=no; if test "$with_hal" = "yes" || test "$with_udev" = "yes"; then @@ -2585,6 +2538,7 @@ LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_SANLOCK LIBVIRT_RESULT_SASL LIBVIRT_RESULT_SELINUX +LIBVIRT_RESULT_UDEV LIBVIRT_RESULT_YAJL AC_MSG_NOTICE([ libxml: $LIBXML_CFLAGS $LIBXML_LIBS]) AC_MSG_NOTICE([ dlopen: $DLOPEN_LIBS]) @@ -2634,11 +2588,6 @@ AC_MSG_NOTICE([ hal: $HAL_CFLAGS $HAL_LIBS]) else AC_MSG_NOTICE([ hal: no]) fi -if test "$with_udev" = "yes" ; then -AC_MSG_NOTICE([ udev: $UDEV_CFLAGS $UDEV_LIBS $PCIACCESS_CFLAGS $PCIACCESS_LIBS]) -else -AC_MSG_NOTICE([ udev: no]) -fi if test "$with_qemu" = "yes" && test "$LIBPCAP_FOUND" != "no"; then AC_MSG_NOTICE([ pcap: $LIBPCAP_CFLAGS $LIBPCAP_LIBS]) else diff --git a/m4/virt-pciaccess.m4 b/m4/virt-pciaccess.m4 new file mode 100644 index 0000000..e40316f --- /dev/null +++ b/m4/virt-pciaccess.m4 @@ -0,0 +1,9 @@ +dnl The libpciaccess.so library + +AC_DEFUN([LIBVIRT_CHECK_PCIACCESS],[ + LIBVIRT_CHECK_PKG([PCIACCESS], [pciaccess], [pciaccess], [0.10.0]) +]) + +AC_DEFUN([LIBVIRT_RESULT_PCIACCESS],[ + LIBVIRT_RESULT_LIB([PCIACCESS], [pciaccess]) +]) diff --git a/m4/virt-udev.m4 b/m4/virt-udev.m4 new file mode 100644 index 0000000..6020c67 --- /dev/null +++ b/m4/virt-udev.m4 @@ -0,0 +1,15 @@ +dnl The libudev.so library + +AC_DEFUN([LIBVIRT_CHECK_UDEV],[ + AC_REQUIRE([LIBVIRT_CHECK_PCIACCESS]) + LIBVIRT_CHECK_PKG([UDEV], [udev], [libudev], [145]) + + if test "$with_udev" = "yes" && test "$with_pciaccess" != "yes" ; then + AC_MSG_ERROR([You must install the pciaccesss module to build with udev]) + fi +]) + +AC_DEFUN([LIBVIRT_RESULT_UDEV],[ + AC_REQUIRE([LIBVIRT_RESULT_PCIACCESS]) + LIBVIRT_RESULT_LIB([UDEV], [udev]) +]) -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 4 ++-- src/Makefile.am | 2 +- src/node_device/node_device_driver.c | 6 +++--- src/node_device/node_device_driver.h | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/configure.ac b/configure.ac index 3172063..ac38918 100644 --- a/configure.ac +++ b/configure.ac @@ -2205,11 +2205,11 @@ if test "x$with_hal" = "xyes" || test "x$with_hal" = "xcheck"; then LIBS="$old_LIBS" fi if test "x$with_hal" = "xyes" ; then - AC_DEFINE_UNQUOTED([HAVE_HAL], 1, + AC_DEFINE_UNQUOTED([WITH_HAL], 1, [use HAL for host device enumeration]) fi fi -AM_CONDITIONAL([HAVE_HAL], [test "x$with_hal" = "xyes"]) +AM_CONDITIONAL([WITH_HAL], [test "x$with_hal" = "xyes"]) AC_SUBST([HAL_CFLAGS]) AC_SUBST([HAL_LIBS]) diff --git a/src/Makefile.am b/src/Makefile.am index 026aaea..bbf9e72 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1149,7 +1149,7 @@ libvirt_driver_nodedev_la_CFLAGS = \ libvirt_driver_nodedev_la_LDFLAGS = $(AM_LDFLAGS) libvirt_driver_nodedev_la_LIBADD = -if HAVE_HAL +if WITH_HAL libvirt_driver_nodedev_la_SOURCES += $(NODE_DEVICE_DRIVER_HAL_SOURCES) libvirt_driver_nodedev_la_CFLAGS += $(HAL_CFLAGS) libvirt_driver_nodedev_la_LIBADD += $(HAL_LIBS) diff --git a/src/node_device/node_device_driver.c b/src/node_device/node_device_driver.c index 6759815..a3adcad 100644 --- a/src/node_device/node_device_driver.c +++ b/src/node_device/node_device_driver.c @@ -58,7 +58,7 @@ static int update_caps(virNodeDeviceObjPtr dev) } -#if defined (__linux__) && defined (HAVE_HAL) +#if defined (__linux__) && defined (WITH_HAL) /* Under libudev changes to the driver name should be picked up as * "change" events, so we don't call update driver name unless we're * using the HAL backend. */ @@ -681,13 +681,13 @@ out: } int nodedevRegister(void) { -#if defined(HAVE_HAL) && defined(WITH_UDEV) +#if defined(WITH_HAL) && defined(WITH_UDEV) /* Register only one of these two - they conflict */ if (udevNodeRegister() == -1) return halNodeRegister(); return 0; #else -# ifdef HAVE_HAL +# ifdef WITH_HAL return halNodeRegister(); # endif # ifdef WITH_UDEV diff --git a/src/node_device/node_device_driver.h b/src/node_device/node_device_driver.h index d1dc134..58d9af4 100644 --- a/src/node_device/node_device_driver.h +++ b/src/node_device/node_device_driver.h @@ -39,7 +39,7 @@ # define LINUX_NEW_DEVICE_WAIT_TIME 60 -# ifdef HAVE_HAL +# ifdef WITH_HAL int halNodeRegister(void); # endif # ifdef WITH_UDEV -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 47 ++--------------------------------------------- m4/virt-hal.m4 | 9 +++++++++ 2 files changed, 11 insertions(+), 45 deletions(-) create mode 100644 m4/virt-hal.m4 diff --git a/configure.ac b/configure.ac index ac38918..065c135 100644 --- a/configure.ac +++ b/configure.ac @@ -101,7 +101,6 @@ GNUTLS_REQUIRED="1.0.25" POLKIT_REQUIRED="0.6" PARTED_REQUIRED="1.8.0" XMLRPC_REQUIRED=1.14.0 -HAL_REQUIRED=0.5.0 DEVMAPPER_REQUIRED=1.0.0 LIBCURL_REQUIRED="7.18.0" OPENWSMAN_REQUIRED="2.2.3" @@ -148,6 +147,7 @@ LIBVIRT_CHECK_AUDIT LIBVIRT_CHECK_AVAHI LIBVIRT_CHECK_CAPNG LIBVIRT_CHECK_DBUS +LIBVIRT_CHECK_HAL LIBVIRT_CHECK_LIBATTR LIBVIRT_CHECK_NETCF LIBVIRT_CHECK_NUMACTL @@ -2174,45 +2174,6 @@ test "$enable_shared" = no && lt_cv_objdir=. LV_LIBTOOL_OBJDIR=${lt_cv_objdir-.} AC_SUBST([LV_LIBTOOL_OBJDIR]) -dnl HAL library check for host device enumeration -HAL_CFLAGS= -HAL_LIBS= -AC_ARG_WITH([hal], - AC_HELP_STRING([--with-hal], [use HAL for host device enumeration @<:@default=check@:>@]), - [], - [with_hal=check]) - -if test "$with_libvirtd" = "no" ; then - with_hal=no -fi -if test "x$with_hal" = "xyes" || test "x$with_hal" = "xcheck"; then - PKG_CHECK_MODULES(HAL, hal >= $HAL_REQUIRED, - [with_hal=yes], [ - if test "x$with_hal" = "xcheck" ; then - with_hal=no - else - AC_MSG_ERROR( - [You must install hal-devel >= $HAL_REQUIRED to compile libvirt]) - fi - ]) - if test "x$with_hal" = "xyes" ; then - old_CFLAGS=$CFLAGS - old_LIBS=$LIBS - CFLAGS="$CFLAGS $HAL_CFLAGS" - LIBS="$LIBS $HAL_LIBS" - AC_CHECK_FUNCS([libhal_get_all_devices],,[with_hal=no]) - CFLAGS="$old_CFLAGS" - LIBS="$old_LIBS" - fi - if test "x$with_hal" = "xyes" ; then - AC_DEFINE_UNQUOTED([WITH_HAL], 1, - [use HAL for host device enumeration]) - fi -fi -AM_CONDITIONAL([WITH_HAL], [test "x$with_hal" = "xyes"]) -AC_SUBST([HAL_CFLAGS]) -AC_SUBST([HAL_LIBS]) - with_nodedev=no; if test "$with_hal" = "yes" || test "$with_udev" = "yes"; @@ -2532,6 +2493,7 @@ LIBVIRT_RESULT_AUDIT LIBVIRT_RESULT_AVAHI LIBVIRT_RESULT_CAPNG LIBVIRT_RESULT_DBUS +LIBVIRT_RESULT_HAL LIBVIRT_RESULT_LIBATTR LIBVIRT_RESULT_NETCF LIBVIRT_RESULT_NUMACTL @@ -2583,11 +2545,6 @@ AC_MSG_NOTICE([xenlight: $LIBXL_CFLAGS $LIBXL_LIBS]) else AC_MSG_NOTICE([xenlight: no]) fi -if test "$with_hal" = "yes" ; then -AC_MSG_NOTICE([ hal: $HAL_CFLAGS $HAL_LIBS]) -else -AC_MSG_NOTICE([ hal: no]) -fi if test "$with_qemu" = "yes" && test "$LIBPCAP_FOUND" != "no"; then AC_MSG_NOTICE([ pcap: $LIBPCAP_CFLAGS $LIBPCAP_LIBS]) else diff --git a/m4/virt-hal.m4 b/m4/virt-hal.m4 new file mode 100644 index 0000000..585e0d8 --- /dev/null +++ b/m4/virt-hal.m4 @@ -0,0 +1,9 @@ +dnl The libhal.so library + +AC_DEFUN([LIBVIRT_CHECK_HAL],[ + LIBVIRT_CHECK_PKG([HAL], [hal], [hal], [0.5.0]) +]) + +AC_DEFUN([LIBVIRT_RESULT_HAL],[ + LIBVIRT_RESULT_LIB([HAL], [hal]) +]) -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 4 ++-- src/Makefile.am | 6 +++--- src/lxc/lxc_container.c | 8 ++++---- src/storage/storage_backend_fs.c | 8 ++++---- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/configure.ac b/configure.ac index 065c135..b6a19b3 100644 --- a/configure.ac +++ b/configure.ac @@ -2241,9 +2241,9 @@ if test "x$with_libblkid" = "xyes" || test "x$with_libblkid" = "xcheck"; then fi if test "x$with_libblkid" = "xyes"; then - AC_DEFINE([HAVE_LIBBLKID], [1], [libblkid is present]) + AC_DEFINE([WITH_LIBBLKID], [1], [libblkid is present]) fi -AM_CONDITIONAL([HAVE_LIBBLKID], [test "x$with_libblkid" = "xyes"]) +AM_CONDITIONAL([WITH_LIBBLKID], [test "x$with_libblkid" = "xyes"]) AC_ARG_WITH([qemu-user], AC_HELP_STRING([--with-qemu-user], [username to run QEMU system instance as @<:@default=root@:>@]), diff --git a/src/Makefile.am b/src/Makefile.am index bbf9e72..4beeed9 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -904,7 +904,7 @@ libvirt_driver_lxc_impl_la_CFLAGS = \ $(LIBNL_CFLAGS) \ -I$(top_srcdir)/src/conf $(AM_CFLAGS) libvirt_driver_lxc_impl_la_LIBADD = $(CAPNG_LIBS) $(LIBNL_LIBS) -if HAVE_LIBBLKID +if WITH_LIBBLKID libvirt_driver_lxc_impl_la_CFLAGS += $(BLKID_CFLAGS) libvirt_driver_lxc_impl_la_LIBADD += $(BLKID_LIBS) endif @@ -1081,7 +1081,7 @@ endif if WITH_SECDRIVER_APPARMOR libvirt_driver_storage_impl_la_LIBADD += $(APPARMOR_LIBS) endif -if HAVE_LIBBLKID +if WITH_LIBBLKID libvirt_driver_storage_impl_la_CFLAGS += $(BLKID_CFLAGS) libvirt_driver_storage_impl_la_LIBADD += $(BLKID_LIBS) endif @@ -1668,7 +1668,7 @@ libvirt_lxc_CFLAGS = \ -I$(top_srcdir)/src/conf \ $(AM_CFLAGS) \ $(LIBNL_CFLAGS) -if HAVE_LIBBLKID +if WITH_LIBBLKID libvirt_lxc_CFLAGS += $(BLKID_CFLAGS) libvirt_lxc_LDADD += $(BLKID_LIBS) endif diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 37cf3d5..0d8c59a 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -49,7 +49,7 @@ # include <cap-ng.h> #endif -#if HAVE_LIBBLKID +#if WITH_LIBBLKID # include <blkid/blkid.h> #endif @@ -793,7 +793,7 @@ cleanup: } -#ifdef HAVE_LIBBLKID +#ifdef WITH_LIBBLKID static int lxcContainerMountDetectFilesystem(const char *src, char **type) { @@ -864,7 +864,7 @@ cleanup: blkid_free_probe(blkid); return ret; } -#else /* ! HAVE_LIBBLKID */ +#else /* ! WITH_LIBBLKID */ static int lxcContainerMountDetectFilesystem(const char *src ATTRIBUTE_UNUSED, char **type) @@ -873,7 +873,7 @@ lxcContainerMountDetectFilesystem(const char *src ATTRIBUTE_UNUSED, *type = NULL; return 0; } -#endif /* ! HAVE_LIBBLKID */ +#endif /* ! WITH_LIBBLKID */ /* * This functions attempts to do automatic detection of filesystem diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c index 92a3228..a1bd75c 100644 --- a/src/storage/storage_backend_fs.c +++ b/src/storage/storage_backend_fs.c @@ -37,7 +37,7 @@ #include <libxml/tree.h> #include <libxml/xpath.h> -#if HAVE_LIBBLKID +#if WITH_LIBBLKID # include <blkid/blkid.h> #endif @@ -548,7 +548,7 @@ virStorageBackendFileSystemStart(virConnectPtr conn ATTRIBUTE_UNUSED, } #endif /* WITH_STORAGE_FS */ -#if HAVE_LIBBLKID +#if WITH_LIBBLKID static virStoragePoolProbeResult virStorageBackendFileSystemProbe(const char *device, const char *format) { @@ -619,7 +619,7 @@ error: return ret; } -#else /* #if HAVE_LIBBLKID */ +#else /* #if WITH_LIBBLKID */ static virStoragePoolProbeResult virStorageBackendFileSystemProbe(const char *device ATTRIBUTE_UNUSED, @@ -632,7 +632,7 @@ virStorageBackendFileSystemProbe(const char *device ATTRIBUTE_UNUSED, return FILESYSTEM_PROBE_ERROR; } -#endif /* #if HAVE_LIBBLKID */ +#endif /* #if WITH_LIBBLKID */ /* some platforms don't support mkfs */ #ifdef MKFS -- 1.7.11.4
From: "Daniel P. Berrange" <berrange@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- configure.ac | 22 ++-------------------- m4/virt-libblkid.m4 | 9 +++++++++ 2 files changed, 11 insertions(+), 20 deletions(-) create mode 100644 m4/virt-libblkid.m4 diff --git a/configure.ac b/configure.ac index b6a19b3..c66527a 100644 --- a/configure.ac +++ b/configure.ac @@ -108,7 +108,6 @@ LIBPCAP_REQUIRED="1.0.0" LIBNL_REQUIRED="1.1" LIBSSH2_REQUIRED="1.0" LIBSSH2_TRANSPORT_REQUIRED="1.3" -LIBBLKID_REQUIRED="2.17" dnl Checks for C compiler. AC_PROG_CC @@ -149,6 +148,7 @@ LIBVIRT_CHECK_CAPNG LIBVIRT_CHECK_DBUS LIBVIRT_CHECK_HAL LIBVIRT_CHECK_LIBATTR +LIBVIRT_CHECK_LIBBLKID LIBVIRT_CHECK_NETCF LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_SANLOCK @@ -2225,25 +2225,6 @@ if test "$with_interface" = "yes" ; then fi AM_CONDITIONAL([WITH_INTERFACE], [test "$with_interface" = "yes"]) -dnl libblkid is used by several storage drivers; therefore we probe -dnl for it unconditionally. -AC_ARG_WITH([libblkid], - [AS_HELP_STRING([--with-libblkid], - [use libblkid to scan for filesystems and partitions @<:@default=check@:>@])], - [], - [with_libblkid=check]) - -if test "x$with_libblkid" = "xyes" || test "x$with_libblkid" = "xcheck"; then - PKG_CHECK_MODULES([BLKID], - [blkid >= $LIBBLKID_REQUIRED], - [with_libblkid="yes"], - [with_libblkid="no"]) -fi - -if test "x$with_libblkid" = "xyes"; then - AC_DEFINE([WITH_LIBBLKID], [1], [libblkid is present]) -fi -AM_CONDITIONAL([WITH_LIBBLKID], [test "x$with_libblkid" = "xyes"]) AC_ARG_WITH([qemu-user], AC_HELP_STRING([--with-qemu-user], [username to run QEMU system instance as @<:@default=root@:>@]), @@ -2495,6 +2476,7 @@ LIBVIRT_RESULT_CAPNG LIBVIRT_RESULT_DBUS LIBVIRT_RESULT_HAL LIBVIRT_RESULT_LIBATTR +LIBVIRT_RESULT_LIBBLKID LIBVIRT_RESULT_NETCF LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_SANLOCK diff --git a/m4/virt-libblkid.m4 b/m4/virt-libblkid.m4 new file mode 100644 index 0000000..880a309 --- /dev/null +++ b/m4/virt-libblkid.m4 @@ -0,0 +1,9 @@ +dnl The libblkid.so library + +AC_DEFUN([LIBVIRT_CHECK_LIBBLKID],[ + LIBVIRT_CHECK_PKG([LIBBLKID], [libblkid], [blkid], [2.17]) +]) + +AC_DEFUN([LIBVIRT_RESULT_LIBBLKID],[ + LIBVIRT_RESULT_LIB([LIBBLKID], [libblkid]) +]) -- 1.7.11.4
On 09/20/2012 09:01 AM, Daniel P. Berrange wrote:
This is an expanded version of this series which added a new SELinux test case
https://www.redhat.com/archives/libvir-list/2012-September/msg01381.html
The change here is to fix some bugs in the previous autoconf macros, and dramatically expand their usage, removing ~700 lines of code from configure.ac
Looks useful, but seems invasive enough that I would prefer to delay my review until after the release. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
participants (2)
-
Daniel P. Berrange -
Eric Blake