[libvirt] [PATCH] Allow to install apparmor profiles
Make it easy to install the shipped examples. The aim is to have reasonably working templates so that distros only need to minimally patch these and can feed things upstream more easily. This was prompted by http://bugs.debian.org/725144 --- configure.ac | 12 +++++++++++- examples/apparmor/Makefile.am | 18 ++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 2622dfd..97752f4 100644 --- a/configure.ac +++ b/configure.ac @@ -1418,6 +1418,16 @@ elif test "with_secdriver_apparmor" != "no" ; then fi AM_CONDITIONAL([WITH_SECDRIVER_APPARMOR], [test "$with_secdriver_apparmor" != "no"]) +if test "$with_apparmor" != "no"; then +AC_ARG_WITH([apparmor-profiles], + [AS_HELP_STRING([--with-apparmor-profiles], + [install apparmor profiles @<:@default=no@:>@])], + [with_apparmor_profiles=yes], + [with_apparmor_profiles=no]) +else + with_apparmor_profiles="no" +fi +AM_CONDITIONAL([WITH_APPARMOR_PROFILES], [test "$with_apparmor_profiles" != "no"]) dnl DTrace static probes AC_ARG_WITH([dtrace], @@ -2607,7 +2617,7 @@ AC_MSG_NOTICE([]) AC_MSG_NOTICE([Security Drivers]) AC_MSG_NOTICE([]) AC_MSG_NOTICE([ SELinux: $with_secdriver_selinux ($SELINUX_MOUNT)]) -AC_MSG_NOTICE([AppArmor: $with_secdriver_apparmor]) +AC_MSG_NOTICE([AppArmor: $with_secdriver_apparmor (install profiles: $with_apparmor_profiles)]) AC_MSG_NOTICE([]) AC_MSG_NOTICE([Driver Loadable Modules]) AC_MSG_NOTICE([]) diff --git a/examples/apparmor/Makefile.am b/examples/apparmor/Makefile.am index 79cf5c9..6e69440 100644 --- a/examples/apparmor/Makefile.am +++ b/examples/apparmor/Makefile.am @@ -19,3 +19,21 @@ EXTRA_DIST= \ libvirt-qemu \ usr.lib.libvirt.virt-aa-helper \ usr.sbin.libvirtd + +if WITH_APPARMOR_PROFILES +apparmordir = $(sysconfdir)/apparmor.d/ +apparmor_DATA = \ + usr.lib.libvirt.virt-aa-helper \ + usr.sbin.libvirtd \ + $(NULL) + +abstractionsdir = $(apparmordir)/abstractions +abstractions_DATA = \ + libvirt-qemu \ + $(NULL) + +templatesdir = $(apparmordir)/libvirtd +templates_DATA = \ + TEMPLATE \ + $(NULL) +endif WITH_APPARMOR_PROFILES -- 1.8.5.1
On 01/07/2014 09:19 AM, Guido Günther wrote:
Make it easy to install the shipped examples. The aim is to have reasonably working templates so that distros only need to minimally patch these and can feed things upstream more easily.
This was prompted by http://bugs.debian.org/725144 --- configure.ac | 12 +++++++++++- examples/apparmor/Makefile.am | 18 ++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-)
ACK. Shouldn't cause any negative impact to distros not using apparmor, and adds value for ease-of-distribution for those who do. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
On Tue, Jan 07, 2014 at 09:50:10AM -0700, Eric Blake wrote:
On 01/07/2014 09:19 AM, Guido Günther wrote:
Make it easy to install the shipped examples. The aim is to have reasonably working templates so that distros only need to minimally patch these and can feed things upstream more easily.
This was prompted by http://bugs.debian.org/725144 --- configure.ac | 12 +++++++++++- examples/apparmor/Makefile.am | 18 ++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-)
ACK. Shouldn't cause any negative impact to distros not using apparmor, and adds value for ease-of-distribution for those who do.
Pushed. Thanks. -- Guido
participants (2)
-
Eric Blake -
Guido Günther