@@ -612,9 +612,9 @@ libc_extra_cppflags
libc_extra_cflags
libc_cv_cxx_thread_local
CPPUNDEFS
-have_selinux
have_libcap
have_libaudit
+have_selinux
LIBGD
libc_cv_cc_loop_to_function
libc_cv_cc_submachine
@@ -748,6 +748,8 @@ with_gd_lib
with_fp
with_binutils
with_selinux
+with_libcap
+with_libaudit
with_headers
with_default_link
enable_sanity_checks
@@ -1454,6 +1456,8 @@ Optional Packages:
--with-fp if using floating-point hardware [default=yes]
--with-binutils=PATH specify location of binutils (as and ld)
--with-selinux if building with SELinux support
+ --with-libcap if building with libcap support
+ --with-libaudit if building with audit support
--with-headers=PATH location of system headers to use (for example
/usr/src/linux/include) [default=compiler default]
--with-default-link do not use explicit linker scripts
@@ -3303,6 +3307,22 @@ else
fi
+# Check whether --with-libcap was given.
+if test "${with_libcap+set}" = set; then :
+ withval=$with_libcap; with_libcap=$withval
+else
+ with_libcap=auto
+fi
+
+
+# Check whether --with-libaudit was given.
+if test "${with_libaudit+set}" = set; then :
+ withval=$with_libaudit; with_libaudit=$withval
+else
+ with_libaudit=auto
+fi
+
+
# Check whether --with-headers was given.
if test "${with_headers+set}" = set; then :
@@ -6086,8 +6106,13 @@ if test "x$have_selinux" = xyes; then
$as_echo "#define HAVE_SELINUX 1" >>confdefs.h
+fi
+
- # See if we have the libaudit library
+# See if we have the libaudit library.
+if test "x$with_libaudit" = xno; then
+ have_libaudit=no
+else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for audit_log_user_avc_message in -laudit" >&5
$as_echo_n "checking for audit_log_user_avc_message in -laudit... " >&6; }
if ${ac_cv_lib_audit_audit_log_user_avc_message+:} false; then :
@@ -6134,10 +6159,16 @@ fi
$as_echo "#define HAVE_LIBAUDIT 1" >>confdefs.h
+ elif test "x$with_libaudit" = xyes; then
+ as_fn_error $? "auditing explicitly required, but audit library not found" "$LINENO" 5
fi
+fi
- # See if we have the libcap library
+# See if we have the libcap library.
+if test "x$with_libcap" = xno; then
+ have_libcap=no
+else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for cap_init in -lcap" >&5
$as_echo_n "checking for cap_init in -lcap... " >&6; }
if ${ac_cv_lib_cap_cap_init+:} false; then :
@@ -6184,8 +6215,9 @@ fi
$as_echo "#define HAVE_LIBCAP 1" >>confdefs.h
+ elif test "x$with_libcap" = xyes; then
+ as_fn_error $? "libcap explicitly required, but libcap not found" "$LINENO" 5
fi
-
fi
@@ -143,6 +143,16 @@ AC_ARG_WITH([selinux],
[if building with SELinux support]),
[with_selinux=$withval],
[with_selinux=auto])
+AC_ARG_WITH([libcap],
+ AC_HELP_STRING([--with-libcap],
+ [if building with libcap support]),
+ [with_libcap=$withval],
+ [with_libcap=auto])
+AC_ARG_WITH([libaudit],
+ AC_HELP_STRING([--with-libaudit],
+ [if building with audit support]),
+ [with_libaudit=$withval],
+ [with_libaudit=auto])
AC_ARG_WITH([headers],
AC_HELP_STRING([--with-headers=PATH],
@@ -1546,23 +1556,35 @@ fi
# Check if we're building with SELinux support.
if test "x$have_selinux" = xyes; then
AC_DEFINE(HAVE_SELINUX, 1, [SELinux support])
+fi
+AC_SUBST(have_selinux)
- # See if we have the libaudit library
+# See if we have the libaudit library.
+if test "x$with_libaudit" = xno; then
+ have_libaudit=no
+else
AC_CHECK_LIB(audit, audit_log_user_avc_message,
have_libaudit=yes, have_libaudit=no)
if test "x$have_libaudit" = xyes; then
- AC_DEFINE(HAVE_LIBAUDIT, 1, [SELinux libaudit support])
+ AC_DEFINE(HAVE_LIBAUDIT, 1, [libaudit support])
+ elif test "x$with_libaudit" = xyes; then
+ AC_MSG_ERROR([auditing explicitly required, but audit library not found])
fi
- AC_SUBST(have_libaudit)
+fi
+AC_SUBST(have_libaudit)
- # See if we have the libcap library
+# See if we have the libcap library.
+if test "x$with_libcap" = xno; then
+ have_libcap=no
+else
AC_CHECK_LIB(cap, cap_init, have_libcap=yes, have_libcap=no)
if test "x$have_libcap" = xyes; then
- AC_DEFINE(HAVE_LIBCAP, 1, [SELinux libcap support])
+ AC_DEFINE(HAVE_LIBCAP, 1, [libcap support])
+ elif test "x$with_libcap" = xyes; then
+ AC_MSG_ERROR([libcap explicitly required, but libcap not found])
fi
- AC_SUBST(have_libcap)
fi
-AC_SUBST(have_selinux)
+AC_SUBST(have_libcap)
CPPUNDEFS=
dnl Check for silly hacked compilers predefining _FORTIFY_SOURCE.
@@ -2590,7 +2590,7 @@ begin_drop_privileges (void)
static void
finish_drop_privileges (void)
{
-#if defined HAVE_LIBAUDIT && defined HAVE_LIBCAP
+#if defined HAVE_SELINUX && defined HAVE_LIBAUDIT && defined HAVE_LIBCAP
/* We need to preserve the capabilities to connect to the audit daemon. */
cap_t new_caps = preserve_capabilities ();
#endif
@@ -2622,7 +2622,7 @@ finish_drop_privileges (void)
do_exit (4, errno, "setuid");
}
-#if defined HAVE_LIBAUDIT && defined HAVE_LIBCAP
+#if defined HAVE_SELINUX && defined HAVE_LIBAUDIT && defined HAVE_LIBCAP
/* Remove the temporary capabilities. */
install_real_capabilities (new_caps);
#endif