From nobody Mon Feb 9 10:30:41 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1594893800; cv=none; d=zohomail.com; s=zohoarc; b=DAdCDdVinADH6celGv0fKPkD7SgHI2aZ0ZPfuPPKd66GItWdGh/Xq2q8BOjtQo3T/7BDLlC9LGmMBH+THty5eiefRps06jTsK907SsIWLJhcQEYeR5UaxFlmYE4ozTgjQp3zt+IZGVMha0uzzVy4CnwyNdDZAmcTTZ5OYBLB/UA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1594893800; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=DI3eWQSv+tuGo/opiyVIA8JbOltkHKIx+sR+API/zqI=; b=CWiLwf0fC2Cmm+G7UNiRHXdXKls1reQcKXUz0luDC7+PM1lomD5jk4lKTslRJ9l9XTvv7bYfG3M8h2pltw3dLHGce1ZH2E9Z6ghY7jqQHO8oZIUQ26qaCl7SApzt4Z8Pv29G1GfvFGlqk85pa3sxiCInBt69yh9qibNwXMFZrlg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1594893800825874.7693481010921; Thu, 16 Jul 2020 03:03:20 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-373-zLi_mGpaPzaZMmvPjGdAxg-1; Thu, 16 Jul 2020 06:03:17 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7DD0C80048A; Thu, 16 Jul 2020 10:03:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5B0BA79501; Thu, 16 Jul 2020 10:03:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 262D81809547; Thu, 16 Jul 2020 10:03:01 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 06GA2pHM016747 for ; Thu, 16 Jul 2020 06:02:51 -0400 Received: by smtp.corp.redhat.com (Postfix) id 9118B2B6E2; Thu, 16 Jul 2020 10:02:51 +0000 (UTC) Received: from antique-work.redhat.com (unknown [10.40.194.85]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0B3892B6DB for ; Thu, 16 Jul 2020 10:02:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1594893799; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=DI3eWQSv+tuGo/opiyVIA8JbOltkHKIx+sR+API/zqI=; b=TEdPiI6GTUdaJUjbiSRZ73IkccsNWFbAFtzjw+XUOi7hIW8wobxYtUzqoZl1JX2u4aHwLb cPgjxTFa1y7zgVDvw04/hFkRK6CxnnZBmhMjMen+QR4IAPNVyUKc9QAmUl7D2lFfF13gn9 BJP0LBGi3sRueXkkpgi7tKPjTdAxmdo= X-MC-Unique: zLi_mGpaPzaZMmvPjGdAxg-1 From: Pavel Hrdina To: libvir-list@redhat.com Subject: [libvirt PATCH 093/351] meson: add secdriver build options Date: Thu, 16 Jul 2020 11:55:29 +0200 Message-Id: <685a9655369384af40b66f1f36361738afda269b.1594891445.git.phrdina@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Signed-off-by: Pavel Hrdina --- configure.ac | 13 --------- m4/virt-secdriver-apparmor.m4 | 50 ----------------------------------- m4/virt-secdriver-selinux.m4 | 43 ------------------------------ meson.build | 18 +++++++++++++ meson_options.txt | 4 +++ 5 files changed, 22 insertions(+), 106 deletions(-) delete mode 100644 m4/virt-secdriver-apparmor.m4 delete mode 100644 m4/virt-secdriver-selinux.m4 diff --git a/configure.ac b/configure.ac index f2947074e5f..fdc7755716c 100644 --- a/configure.ac +++ b/configure.ac @@ -144,14 +144,6 @@ dnl Need to test if pkg-config exists PKG_PROG_PKG_CONFIG =20 =20 -dnl Security driver checks -LIBVIRT_SECDRIVER_ARG_SELINUX -LIBVIRT_SECDRIVER_ARG_APPARMOR - -LIBVIRT_SECDRIVER_CHECK_SELINUX -LIBVIRT_SECDRIVER_CHECK_APPARMOR - - LIBVIRT_ARG_WITH_FEATURE([SECRETS], [local secrets management driver], [ye= s]) =20 if test "$with_libvirtd" =3D "no"; then @@ -314,11 +306,6 @@ LIBVIRT_STORAGE_RESULT_GLUSTER LIBVIRT_STORAGE_RESULT_ZFS LIBVIRT_STORAGE_RESULT_VSTORAGE AC_MSG_NOTICE([]) -AC_MSG_NOTICE([Security Drivers]) -AC_MSG_NOTICE([]) -LIBVIRT_SECDRIVER_RESULT_SELINUX -LIBVIRT_SECDRIVER_RESULT_APPARMOR -AC_MSG_NOTICE([]) AC_MSG_NOTICE([Driver Loadable Modules]) AC_MSG_NOTICE([]) LIBVIRT_RESULT_DRIVER_MODULES diff --git a/m4/virt-secdriver-apparmor.m4 b/m4/virt-secdriver-apparmor.m4 deleted file mode 100644 index 1894e66ed55..00000000000 --- a/m4/virt-secdriver-apparmor.m4 +++ /dev/null @@ -1,50 +0,0 @@ -dnl The AppArmor security driver -dnl -dnl Copyright (C) 2016 Red Hat, Inc. -dnl -dnl This library is free software; you can redistribute it and/or -dnl modify it under the terms of the GNU Lesser General Public -dnl License as published by the Free Software Foundation; either -dnl version 2.1 of the License, or (at your option) any later version. -dnl -dnl This library is distributed in the hope that it will be useful, -dnl but WITHOUT ANY WARRANTY; without even the implied warranty of -dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -dnl Lesser General Public License for more details. -dnl -dnl You should have received a copy of the GNU Lesser General Public -dnl License along with this library. If not, see -dnl . -dnl - -AC_DEFUN([LIBVIRT_SECDRIVER_ARG_APPARMOR], [ - LIBVIRT_ARG_WITH([SECDRIVER_APPARMOR], [use AppArmor security driver], [= check]) -]) - -AC_DEFUN([LIBVIRT_SECDRIVER_CHECK_APPARMOR], [ - AC_REQUIRE([LIBVIRT_CHECK_APPARMOR]) - - if test "$with_apparmor" !=3D "yes" ; then - if test "$with_secdriver_apparmor" =3D "check" ; then - with_secdriver_apparmor=3Dno - fi - if test "$with_secdriver_apparmor" !=3D "no" ; then - AC_MSG_ERROR([You must install the AppArmor development package in o= rder to compile libvirt]) - fi - elif test "with_secdriver_apparmor" !=3D "no" ; then - with_secdriver_apparmor=3Dyes - AC_DEFINE_UNQUOTED([WITH_SECDRIVER_APPARMOR], 1, [whether AppArmor sec= urity driver is available]) - fi - AM_CONDITIONAL([WITH_SECDRIVER_APPARMOR], [test "$with_secdriver_apparmo= r" !=3D "no"]) - - LIBVIRT_ARG_WITH([APPARMOR_PROFILES], [install apparmor profiles], [no]) - if test "$with_apparmor" =3D "no"; then - with_apparmor_profiles=3D"no" - fi - AM_CONDITIONAL([WITH_APPARMOR_PROFILES], [test "$with_apparmor_profiles"= !=3D "no"]) -]) - -AC_DEFUN([LIBVIRT_SECDRIVER_RESULT_APPARMOR], [ - LIBVIRT_RESULT([AppArmor], [$with_secdriver_apparmor], - [install profiles: $with_apparmor_profiles]) -]) diff --git a/m4/virt-secdriver-selinux.m4 b/m4/virt-secdriver-selinux.m4 deleted file mode 100644 index 4174249a510..00000000000 --- a/m4/virt-secdriver-selinux.m4 +++ /dev/null @@ -1,43 +0,0 @@ -dnl The SElinux security driver -dnl -dnl Copyright (C) 2016 Red Hat, Inc. -dnl -dnl This library is free software; you can redistribute it and/or -dnl modify it under the terms of the GNU Lesser General Public -dnl License as published by the Free Software Foundation; either -dnl version 2.1 of the License, or (at your option) any later version. -dnl -dnl This library is distributed in the hope that it will be useful, -dnl but WITHOUT ANY WARRANTY; without even the implied warranty of -dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -dnl Lesser General Public License for more details. -dnl -dnl You should have received a copy of the GNU Lesser General Public -dnl License along with this library. If not, see -dnl . -dnl - -AC_DEFUN([LIBVIRT_SECDRIVER_ARG_SELINUX], [ - LIBVIRT_ARG_WITH([SECDRIVER_SELINUX], [use SELinux security driver], [ch= eck]) -]) - -AC_DEFUN([LIBVIRT_SECDRIVER_CHECK_SELINUX], [ - AC_REQUIRE([LIBVIRT_CHECK_SELINUX]) - - if test "$with_selinux" !=3D "yes" ; then - if test "$with_secdriver_selinux" =3D "check" ; then - with_secdriver_selinux=3Dno - fi - if test "$with_secdriver_selinux" !=3D "no"; then - AC_MSG_ERROR([You must install the libselinux development package an= d enable SELinux with the --with-selinux=3Dyes in order to compile libvirt = --with-secdriver-selinux=3Dyes]) - fi - elif test "$with_secdriver_selinux" !=3D "no"; then - with_secdriver_selinux=3Dyes - AC_DEFINE_UNQUOTED([WITH_SECDRIVER_SELINUX], 1, [whether SELinux secur= ity driver is available]) - fi - AM_CONDITIONAL([WITH_SECDRIVER_SELINUX], [test "$with_secdriver_selinux"= !=3D "no"]) -]) - -AC_DEFUN([LIBVIRT_SECDRIVER_RESULT_SELINUX], [ - LIBVIRT_RESULT([SELinux], [$with_secdriver_selinux]) -]) diff --git a/meson.build b/meson.build index 19b51890abb..eacfd57ee49 100644 --- a/meson.build +++ b/meson.build @@ -1824,6 +1824,18 @@ elif get_option('driver_vz').enabled() error('Parallels Virtualization SDK is needed to build the Virtuozzo dri= ver.') endif =20 +if not get_option('secdriver_apparmor').disabled() and apparmor_dep.found() + conf.set('WITH_SECDRIVER_APPARMOR', 1) +elif get_option('secdriver_apparmor').enabled() + error('You must install the AppArmor development package in order to com= pile libvirt.') +endif + +if not get_option('secdriver_selinux').disabled() and selinux_dep.found() + conf.set('WITH_SECDRIVER_SELINUX', 1) +elif get_option('secdriver_selinux').enabled() + error('You must install the libselinux development package in order to c= ompile libvirt.') +endif + =20 # define top include directory =20 @@ -1860,6 +1872,12 @@ driver_summary =3D { } summary(driver_summary, section: 'Drivers', bool_yn: true) =20 +secdriver_summary =3D { + 'SELinux': conf.has('WITH_SECDRIVER_SELINUX'), + 'AppArmor': conf.has('WITH_SECDRIVER_APPARMOR'), +} +summary(secdriver_summary, section: 'Security Drivers', bool_yn: true) + libs_summary =3D { 'acl': acl_dep.found(), 'apparmor': apparmor_dep.found(), diff --git a/meson_options.txt b/meson_options.txt index d6963fabd3c..fd370244f56 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -64,3 +64,7 @@ option('driver_vbox', type: 'feature', value: 'enabled', = description: 'VirtualBo option('vbox_xpcomc_dir', type: 'string', value: '', description: 'Locatio= n of directory containing VirtualBox XPCOMC library') option('driver_vmware', type: 'feature', value: 'enabled', description: 'V= Mware driver') option('driver_vz', type: 'feature', value: 'auto', description: 'Virtuozz= o driver') + +option('secdriver_apparmor', type: 'feature', value: 'auto', description: = 'use AppArmor security driver') +option('apparmor_profiles', type: 'boolean', value: false, description: 'i= nstall apparmor profiles') +option('secdriver_selinux', type: 'feature', value: 'auto', description: '= use SELinux security driver') --=20 2.26.2