[apparmor] [patch 2/3] parser: Add make variable to build against local or system libapparmor [v2]
Steve Beattie
steve at nxnw.org
Tue Dec 24 20:59:34 UTC 2013
By default, statically link against the in-tree libapparmor. If the
in-tree libapparmor is not yet built, print a helpful error message. To
build against the system libapparmor, the SYSTEM_LIBAPPARMOR make
variable can be set on the command line like so:
$ make SYSTEM_LIBAPPARMOR=1
This patch also fixes issues around the inclusion of the apparmor.h
header. Previously, the in-tree apparmor.h was always being included
even if the parser was being linked against the system libapparmor.
It modifies the apparmor.h include path based on the previous patch
separating them out in the libapparmor source. This was needed because
header file name collisions were already occurring.
For source files needing to include apparmor.h, the make targets were
also updated to depend on the local apparmor.h when building against
the in-tree libapparmor. When building against the system libapparmor,
the variable used in the dependency list is empty. Likewise, a
libapparmor.a dependency is added to the apparmor_parser target when
building against the in-tree apparmor.
Patch history:
v1: from Tyler Hicks <tyhicks at canonical.com>
- initial version
v2: revert to altering the include search path rather than including
the apparmor.h header directly via cpp arguments, alter the
include statements to <sys/apparmor.h> which will work against
either in-tree or (default) system paths.
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Signed-off-by: Steve Beattie <steve at nxnw.org>
---
parser/Makefile | 45 +++++++++++++++++++++++++++++++++++----------
parser/dbus.c | 2 +-
parser/parser_main.c | 2 +-
parser/parser_misc.c | 2 +-
parser/parser_regex.c | 2 +-
parser/parser_yacc.y | 2 +-
6 files changed, 40 insertions(+), 15 deletions(-)
Index: b/parser/Makefile
===================================================================
--- a/parser/Makefile
+++ b/parser/Makefile
@@ -56,9 +56,7 @@ CFLAGS = -g -pg -fprofile-arcs -ftest-co
endif
endif #CFLAGS
-LIBAPPARMOR_PATH=../libraries/libapparmor/src/
-LIBAPPARMOR_LDPATH=$(LIBAPPARMOR_PATH)/.libs/
-EXTRA_CXXFLAGS = ${CFLAGS} ${CXX_WARNINGS} -std=gnu++0x -D_GNU_SOURCE -I$(LIBAPPARMOR_PATH)
+EXTRA_CXXFLAGS = ${CFLAGS} ${CXX_WARNINGS} -std=gnu++0x -D_GNU_SOURCE
EXTRA_CFLAGS = ${EXTRA_CXXFLAGS} ${CPP_WARNINGS}
#LEXLIB := -lfl
@@ -90,9 +88,26 @@ OBJECTS = $(SRCS:.c=.o)
AAREDIR= libapparmor_re
AAREOBJECT = ${AAREDIR}/libapparmor_re.a
AAREOBJECTS = $(AAREOBJECT)
-AARE_LDFLAGS=-static-libgcc -static-libstdc++ -L. -L$(LIBAPPARMOR_LDPATH)
+AARE_LDFLAGS = -static-libgcc -static-libstdc++ -L.
AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
+ifdef SYSTEM_LIBAPPARMOR
+ # Using the system libapparmor so Makefile dependencies can't be used
+ LIBAPPARMOR_A =
+ INCLUDE_APPARMOR =
+ APPARMOR_H =
+else
+ LIBAPPARMOR_SRC = ../libraries/libapparmor/
+ LOCAL_LIBAPPARMOR_INCLUDE = $(LIBAPPARMOR_SRC)/include
+ LOCAL_LIBAPPARMOR_LDPATH = $(LIBAPPARMOR_SRC)/src/.libs
+
+ LIBAPPARMOR_A = $(LOCAL_LIBAPPARMOR_LDPATH)/libapparmor.a
+ INCLUDE_APPARMOR = -I$(LOCAL_LIBAPPARMOR_INCLUDE)
+ AARE_LDFLAGS += -L$(LOCAL_LIBAPPARMOR_LDPATH)
+ APPARMOR_H = $(LOCAL_LIBAPPARMOR_INCLUDE)/sys/apparmor.h
+endif
+EXTRA_CFLAGS += $(INCLUDE_APPARMOR)
+
LEX_C_FILES = parser_lex.c
YACC_C_FILES = parser_yacc.c parser_yacc.h
@@ -156,7 +171,17 @@ all: arch indep
coverage:
$(MAKE) clean apparmor_parser COVERAGE=1
-apparmor_parser: $(OBJECTS) $(AAREOBJECTS)
+ifndef SYSTEM_LIBAPPARMOR
+$(LIBAPPARMOR_A):
+ @if [ ! -f $@ ]; then \
+ echo "error: $@ is missing. Pick one of these possible solutions:" 1>&2; \
+ echo " 1) Build against the in-tree libapparmor by building it first and then trying again. See the top-level README for help." 1>&2; \
+ echo " 2) Build against the system libapparmor by adding SYSTEM_LIBAPPARMOR=1 to your make command." 1>&2;\
+ return 1; \
+ fi
+endif
+
+apparmor_parser: $(OBJECTS) $(AAREOBJECTS) $(LIBAPPARMOR_A)
$(CXX) $(LDFLAGS) $(EXTRA_CFLAGS) -o $@ $(OBJECTS) $(LIBS) \
${LEXLIB} $(AAREOBJECTS) $(AARE_LDFLAGS) $(AALIB)
@@ -169,13 +194,13 @@ parser_lex.c: parser_lex.l parser_yacc.h
parser_lex.o: parser_lex.c parser.h parser_yacc.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_misc.o: parser_misc.c parser.h parser_yacc.h profile.h af_names.h cap_names.h
+parser_misc.o: parser_misc.c parser.h parser_yacc.h profile.h af_names.h cap_names.h $(APPARMOR_H)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_yacc.o: parser_yacc.c parser_yacc.h
+parser_yacc.o: parser_yacc.c parser_yacc.h $(APPARMOR_H)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_main.o: parser_main.c parser.h parser_version.h libapparmor_re/apparmor_re.h
+parser_main.o: parser_main.c parser.h parser_version.h libapparmor_re/apparmor_re.h $(APPARMOR_H)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_interface.o: parser_interface.c parser.h profile.h libapparmor_re/apparmor_re.h
@@ -187,7 +212,7 @@ parser_include.o: parser_include.c parse
parser_merge.o: parser_merge.c parser.h profile.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_regex.o: parser_regex.c parser.h profile.h libapparmor_re/apparmor_re.h
+parser_regex.o: parser_regex.c parser.h profile.h libapparmor_re/apparmor_re.h $(APPARMOR_H)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_symtab.o: parser_symtab.c parser.h
@@ -211,7 +236,7 @@ mount.o: mount.c mount.h parser.h immuni
lib.o: lib.c lib.h parser.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-dbus.o: dbus.c dbus.h parser.h immunix.h parser_yacc.h
+dbus.o: dbus.c dbus.h parser.h immunix.h parser_yacc.h $(APPARMOR_H)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
profile.o: profile.cc profile.h parser.h
Index: b/parser/dbus.c
===================================================================
--- a/parser/dbus.c
+++ b/parser/dbus.c
@@ -18,7 +18,7 @@
#include <stdlib.h>
#include <string.h>
-#include <apparmor.h>
+#include <sys/apparmor.h>
#include "parser.h"
#include "profile.h"
Index: b/parser/parser_main.c
===================================================================
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -41,7 +41,7 @@
#include <sys/sysctl.h>
#include <sys/types.h>
#include <sys/stat.h>
-#include <apparmor.h>
+#include <sys/apparmor.h>
#include "lib.h"
#include "parser.h"
Index: b/parser/parser_misc.c
===================================================================
--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@@ -37,7 +37,7 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
-#include <apparmor.h>
+#include <sys/apparmor.h>
#include "parser.h"
#include "profile.h"
Index: b/parser/parser_regex.c
===================================================================
--- a/parser/parser_regex.c
+++ b/parser/parser_regex.c
@@ -21,7 +21,7 @@
#include <string.h>
#include <libintl.h>
#include <linux/limits.h>
-#include <apparmor.h>
+#include <sys/apparmor.h>
#define _(s) gettext(s)
#include <string>
Index: b/parser/parser_yacc.y
===================================================================
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@@ -27,7 +27,7 @@
#include <errno.h>
#include <fcntl.h>
#include <libintl.h>
-#include <apparmor.h>
+#include <sys/apparmor.h>
#define _(s) gettext(s)
/* #define DEBUG */
More information about the AppArmor
mailing list