[apparmor] [PATCH] build on non-Linux systems again
John Johansen
john.johansen at canonical.com
Sat May 5 19:24:23 UTC 2012
On 05/05/2012 12:12 PM, Kees Cook wrote:
> This uses sys/capability.h instead of linux/capability.h, so that AppArmor
> can build on non-Linux systems again.
>
> Signed-off-by: Kees Cook <kees at ubuntu.com>
>
Hrmm, we need something different here
r2008 was added specifically because using sys/capability.h was causing builds
to fail. My memory is really fuzzy but I think there where two issues a libcap2
dependency, and some capabilities missing from the sys/ variant that where
present in the linux variant.
>
> Index: apparmor-debian/common/Make.rules
> ===================================================================
> --- apparmor-debian.orig/common/Make.rules 2012-04-24 11:23:59.000000000 -0700
> +++ apparmor-debian/common/Make.rules 2012-05-05 09:46:19.614215990 -0700
> @@ -157,10 +157,10 @@
> # =====================
>
> # emits defined capabilities in a simple list, e.g. "CAP_NAME CAP_NAME2"
> -CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort)
> +CAPABILITIES=$(shell echo "\#include <sys/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort)
>
> .PHONY: list_capabilities
> -list_capabilities: /usr/include/linux/capability.h
> +list_capabilities:
> @echo "$(CAPABILITIES)"
>
> # =====================
>
More information about the AppArmor
mailing list