X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=configure.ac;h=a041f2fdb0521c4721b0d5eb7bda15246e627094;hb=33d7d28f4517e57021343f0016228913e6555dd1;hp=63df7466cb879a0b2f6e2666d48aaa276bcd2731;hpb=190f9aeedcc73753428fdaf5178ee5d16ab840d2;p=mirror_lxc.git diff --git a/configure.ac b/configure.ac index 63df7466c..a041f2fdb 100644 --- a/configure.ac +++ b/configure.ac @@ -2,19 +2,21 @@ # Process this file with autoconf to produce a configure script. m4_define([lxc_devel], 1) -m4_define([lxc_version_major], 2) +m4_define([lxc_version_major], 3) m4_define([lxc_version_minor], 1) m4_define([lxc_version_micro], 0) m4_define([lxc_version_beta], []) m4_define([lxc_abi_major], 1) -m4_define([lxc_abi_minor], 3) +m4_define([lxc_abi_minor], 5) m4_define([lxc_abi_micro], 0) m4_define([lxc_abi], [lxc_abi_major.lxc_abi_minor.lxc_abi_micro]) m4_define([lxc_version_base], [lxc_version_major.lxc_version_minor.lxc_version_micro]) m4_define([lxc_version], - [ifelse(lxc_version_beta, [], [lxc_version_base], [lxc_version_base.lxc_version_beta])]) + [ifelse(lxc_devel, 1, + ifelse(lxc_version_beta, [], [lxc_version_base], [lxc_version_base.lxc_version_beta])-devel, + ifelse(lxc_version_beta, [], [lxc_version_base], [lxc_version_base.lxc_version_beta]))]) AC_INIT([lxc], [lxc_version]) @@ -43,6 +45,22 @@ AC_CANONICAL_HOST AM_PROG_CC_C_O AC_GNU_SOURCE +# Test if we have a new enough compiler. +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#define GCC_VERSION \ + (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) + +#define CLANG_VERSION \ + (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__) + +#if GCC_VERSION < 40700 && CLANG_VERSION < 10000 +#error Sorry, your compiler is too old - please upgrade it +#endif + ]])], [valid_compiler=yes], [valid_compiler=no]) +if test "x$valid_compiler" = "xno"; then + AC_MSG_ERROR([Sorry, your compiler is too old - please upgrade it]) +fi + # libtool LT_INIT AC_SUBST([LIBTOOL_DEPS]) @@ -50,7 +68,7 @@ AC_SUBST([LIBTOOL_DEPS]) # Detect the distribution. This is used for the default configuration and # for some distro-specific build options. AC_MSG_CHECKING([host distribution]) -AC_ARG_WITH(distro, AS_HELP_STRING([--with-distro=DISTRO], [Specify the Linux distribution to target: One of redhat, oracle, centos, fedora, suse, gentoo, debian, arch, slackware, plamo, paldo, openmandriva, pardus, sparclinux, altlinux.])) +AC_ARG_WITH(distro, AS_HELP_STRING([--with-distro=DISTRO], [Specify the Linux distribution to target: One of redhat, redhatenterpriseserver, oracle, centos, fedora, suse, gentoo, debian, arch, slackware, plamo, paldo, openmandriva, pardus, sparclinux, altlinux.])) if type lsb_release >/dev/null 2>&1 && test "z$with_distro" = "z"; then with_distro=`lsb_release -is` fi @@ -87,7 +105,7 @@ case $with_distro in distroconf=default.conf.lxcbr distrosysconf="$sysconfdir/default" ;; - redhat|centos|fedora|oracle|oracleserver|sparclinux|altlinux|suse|opensuse*|plamo|pld) + redhat|redhatenterpriseserver|centos|fedora|oracle|oracleserver|sparclinux|altlinux|suse|opensuse*|plamo|pld) distroconf=default.conf.lxcbr distrosysconf="$sysconfdir/sysconfig" ;; @@ -114,7 +132,7 @@ case "$with_init_script" in fedora|altlinux|opensuse*) init_script=systemd ;; - redhat|oracle|oracleserver|sparclinux|plamo) + redhat|redhatenterpriseserver|oracle|oracleserver|sparclinux|plamo) init_script=sysvinit ;; centos) @@ -171,13 +189,6 @@ AC_ARG_ENABLE([werror], [do not treat warnings as errors])], [], [enable_werror=yes]) -# Allow enabling deprecated executables -AC_ARG_ENABLE([deprecated], - [AC_HELP_STRING([--enable-deprecated], - [enable deprecated executables [default=no]])], - [], [enable_deprecated=false]) -AM_CONDITIONAL([ENABLE_DEPRECATED], [test "x$enable_deprecated" = "xyes"]) - # Allow disabling rpath AC_ARG_ENABLE([rpath], [AC_HELP_STRING([--enable-rpath], [set rpath in executables [default=no]])], @@ -246,6 +257,8 @@ fi AM_CONDITIONAL([ENABLE_API_DOCS], [test "x$HAVE_DOXYGEN" != "x"]) +AC_CONFIG_MACRO_DIRS([config]) + # Apparmor AC_ARG_ENABLE([apparmor], [AC_HELP_STRING([--enable-apparmor], [enable apparmor support [default=auto]])], @@ -256,25 +269,21 @@ if test "$enable_apparmor" = "auto" ; then fi AM_CONDITIONAL([ENABLE_APPARMOR], [test "x$enable_apparmor" = "xyes"]) -AM_COND_IF([ENABLE_APPARMOR], - [AC_CHECK_HEADER([sys/apparmor.h],[],[AC_MSG_ERROR([You must install the AppArmor development package in order to compile lxc])]) - AC_CHECK_LIB([apparmor], [aa_change_profile],[],[AC_MSG_ERROR([You must install the AppArmor development package in order to compile lxc])]) - AC_SUBST([APPARMOR_LIBS], [-lapparmor])]) +# OpenSSL +# libssl-dev +AC_ARG_ENABLE([openssl], + [AC_HELP_STRING([--enable-openssl], [enable OpenSSL support [default=auto]])], + [], [enable_openssl=auto]) -# GnuTLS -AC_ARG_ENABLE([gnutls], - [AC_HELP_STRING([--enable-gnutls], [enable GnuTLS support [default=auto]])], - [], [enable_gnutls=auto]) +if test "$enable_openssl" = "auto" ; then + AC_CHECK_LIB([ssl], [OPENSSL_init_ssl], [enable_openssl=yes], [enable_openssl=no]) -if test "$enable_gnutls" = "auto" ; then - AC_CHECK_LIB([gnutls], [gnutls_hash_fast], [enable_gnutls=yes], [enable_gnutls=no]) fi -AM_CONDITIONAL([ENABLE_GNUTLS], [test "x$enable_gnutls" = "xyes"]) +AM_CONDITIONAL([ENABLE_OPENSSL], [test "x$enable_openssl" = "xyes"]) -AM_COND_IF([ENABLE_GNUTLS], - [AC_CHECK_HEADER([gnutls/gnutls.h],[],[AC_MSG_ERROR([You must install the GnuTLS development package in order to compile lxc])]) - AC_CHECK_LIB([gnutls], [gnutls_hash_fast],[],[AC_MSG_ERROR([You must install the GnuTLS development package in order to compile lxc])]) - AC_SUBST([GNUTLS_LIBS], [-lgnutls])]) +AM_COND_IF([ENABLE_OPENSSL], + [AC_CHECK_HEADER([openssl/engine.h],[],[AC_MSG_ERROR([You must install the OpenSSL development package in order to compile lxc])]) + AC_SUBST([OPENSSL_LIBS], '-lssl -lcrypto')]) # SELinux AC_ARG_ENABLE([selinux], @@ -308,55 +317,32 @@ AM_COND_IF([ENABLE_SECCOMP], ]) ]) -# cgmanager -AC_ARG_ENABLE([cgmanager], - [AC_HELP_STRING([--enable-cgmanager], [enable cgmanager support [default=auto]])], - [], [enable_cgmanager=auto]) - -if test "x$enable_cgmanager" = "xauto" ; then - AC_CHECK_LIB([cgmanager],[cgmanager_create],[enable_cgmanager=yes],[enable_cgmanager=no],[-lnih -lnih-dbus -ldbus-1]) -fi -AM_CONDITIONAL([ENABLE_CGMANAGER], [test "x$enable_cgmanager" = "xyes"]) - -AM_COND_IF([ENABLE_CGMANAGER], - [PKG_CHECK_MODULES([CGMANAGER], [libcgmanager]) - PKG_CHECK_MODULES([NIH], [libnih >= 1.0.2]) - PKG_CHECK_MODULES([NIH_DBUS], [libnih-dbus >= 1.0.0]) - PKG_CHECK_MODULES([DBUS], [dbus-1 >= 1.2.16]) - ]) - -AC_MSG_CHECKING(for get_pid_cgroup_abs_sync) -save_LIBS=$LIBS -AC_SEARCH_LIBS([cgmanager_get_pid_cgroup_abs_sync], [cgmanager], [have_abs_cgroups=yes], [have_abs_cgroups=no], [-lnih -lnih-dbus -ldbus-1]) -LIBS=$save_LIBS -if test "x$have_abs_cgroups" = "xyes"; then - AC_DEFINE([HAVE_CGMANAGER_GET_PID_CGROUP_ABS_SYNC], 1, [Have cgmanager_get_pid_cgroup_abs_sync]) - AC_MSG_RESULT([yes]) -else - AC_MSG_RESULT([no]) -fi - -AC_MSG_CHECKING(for cgmanager_list_controllers) -save_LIBS=$LIBS -AC_SEARCH_LIBS([cgmanager_list_controllers_sync], [cgmanager], [have_list_controllers=yes], [have_list_controllers=no], [-lnih -lnih-dbus -ldbus-1]) -LIBS=$save_LIBS -if test "x$have_list_controllers" = "xyes"; then - AC_DEFINE([HAVE_CGMANAGER_LIST_CONTROLLERS], 1, [Have cgmanager_list_controllers]) - AC_MSG_RESULT([yes]) -else - AC_MSG_RESULT([no]) -fi - +AC_MSG_CHECKING(for static libcap) # Check for static libcap, make sure the function checked for differs from the # the one checked below so the cache doesn't give a wrong answer OLD_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS -static" -AC_CHECK_LIB([cap],[cap_init],[have_static_libcap=yes],[have_static_libcap=no]) +OLD_CPPFLAGS="$CPPFLAGS" +OLD_LDFLAGS="$LDFLAGS" +OLD_LIBS="$LIBS" +CFLAGS="" +CPPFLAGS="" +LDFLAGS="-static" +LIBS="-lcap" +AC_LINK_IFELSE([ + AC_LANG_SOURCE( + [[int main() { return 0; }]] + )],[have_static_libcap=yes],[have_static_libcap=no]) AM_CONDITIONAL([HAVE_STATIC_LIBCAP], [test "x$have_static_libcap" = "xyes"]) if test "x$have_static_libcap" = "xyes"; then AC_DEFINE([HAVE_STATIC_LIBCAP], 1, [Have static libcap]) + AC_MSG_RESULT([yes]) +else + AC_MSG_RESULT([no]) fi +CPPFLAGS="$OLD_CPPFLAGS" CFLAGS="$OLD_CFLAGS" +LDFLAGS="$OLD_LDFLAGS" +LIBS="$OLD_LIBS" # Linux capabilities @@ -380,6 +366,7 @@ AM_COND_IF([ENABLE_CAP], OLD_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $SECCOMP_CFLAGS" AC_CHECK_TYPES([scmp_filter_ctx], [], [], [[#include ]]) +AC_CHECK_DECLS([seccomp_notify_fd], [], [], [[#include ]]) AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [], [[#include ]]) CFLAGS="$OLD_CFLAGS" @@ -389,29 +376,6 @@ AC_ARG_ENABLE([examples], [], [enable_examples=yes]) AM_CONDITIONAL([ENABLE_EXAMPLES], [test "x$enable_examples" = "xyes"]) -# Python3 module and scripts -AC_ARG_ENABLE([python], - [AC_HELP_STRING([--enable-python], [enable python binding [default=auto]])], - [], [enable_python=auto]) - -if test "x$enable_python" = "xauto"; then - PKG_CHECK_MODULES([PYTHONDEV], [python3 >= 3.2],[enable_python=yes],[enable_python=no]) - if test "$CC" = "clang"; then - enable_python=no - fi -fi - -if test "x$enable_python" = "xyes" && test "$CC" = "clang"; then - AC_MSG_ERROR([Python3 is incompatible with the clang compiler]) -fi - -AM_CONDITIONAL([ENABLE_PYTHON], [test "x$enable_python" = "xyes"]) - -AM_COND_IF([ENABLE_PYTHON], - [AM_PATH_PYTHON([3.2], [], [AC_MSG_ERROR([You must install python3])]) - PKG_CHECK_MODULES([PYTHONDEV], [python3 >= 3.2],[],[AC_MSG_ERROR([You must install python3-dev])]) - AC_DEFINE_UNQUOTED([ENABLE_PYTHON], 1, [Python3 is available])]) - # Enable dumping stack traces AC_ARG_ENABLE([mutex-debugging], [AC_HELP_STRING([--enable-mutex-debugging], [Makes mutexes to report error and provide stack trace [default=no]])], @@ -442,53 +406,6 @@ m4_ifdef([PKG_CHECK_VAR], [], ])# PKG_CHECK_VAR ]) -# Lua module and scripts -AC_ARG_ENABLE([lua], - [AC_HELP_STRING([--enable-lua], [enable lua binding [default=auto]])], - [], [enable_lua=auto]) - -AC_ARG_WITH([lua-pc], - [AS_HELP_STRING( - [--with-lua-pc=PKG], - [Specify pkg-config package name for lua] - )], [], [with_lua_pc=no]) - -if test "x$enable_lua" = "xyes" -a "x$with_lua_pc" != "xno"; then - # exit with error if not found - PKG_CHECK_MODULES([LUA], [$with_lua_pc], [LUAPKGCONFIG=$with_lua_pc]) -fi - -if test "x$enable_lua" = "xauto" -a "x$with_lua_pc" != "xno"; then - PKG_CHECK_MODULES([LUA], [$with_lua_pc], - [LUAPKGCONFIG=$with_lua_pc - enable_lua=yes], - [enable_lua=no]) -fi - -if test "x$enable_lua" != "xno"; then - PKG_CHECK_MODULES([LUA], [lua], [LUAPKGCONFIG=lua], - [PKG_CHECK_MODULES([LUA], [lua5.2], [LUAPKGCONFIG=lua5.2], - [PKG_CHECK_MODULES([LUA], [lua5.1], [LUAPKGCONFIG=lua5.1], - [AS_IF([test "x$enable_lua" = "xyes"], - [AC_MSG_ERROR([Lua not found. Please use --with-lua-pc=PKG])], - [enable_lua=no])] - )] - )]) - AS_IF([test "x$LUAPKGCONFIG" != "x"], [enable_lua=yes]) -fi - -AM_CONDITIONAL([ENABLE_LUA], - [test "x$enable_lua" = "xyes"]) - -AM_COND_IF([ENABLE_LUA], - [AC_MSG_CHECKING([Lua version]) - PKG_CHECK_VAR([LUA_VERSION], [$LUAPKGCONFIG], [V],, - [PKG_CHECK_VAR([LUA_VERSION], [$LUAPKGCONFIG], [major_version])]) - AC_MSG_RESULT([$LUA_VERSION]) - AC_SUBST([LUA_LIBDIR], [$libdir/lua/$LUA_VERSION]) - AC_SUBST([LUA_SHAREDIR], [$datadir/lua/$LUA_VERSION]) - ]) - # Optional bash integration AC_ARG_ENABLE([bash], [AC_HELP_STRING([--enable-bash], [build bash integration [default=yes]])], @@ -503,6 +420,24 @@ AM_COND_IF([ENABLE_BASH], AC_SUBST(bashcompdir) ]) +# Build the command line tools +AC_ARG_ENABLE([tools], + [AC_HELP_STRING([--enable-tools], [build the command line tools [default=yes]])], + [], [enable_tools=yes]) +AM_CONDITIONAL([ENABLE_TOOLS], [test "x$enable_tools" = "xyes"]) + +# Build the liblxc commands +AC_ARG_ENABLE([commands], + [AC_HELP_STRING([--enable-commands], [build the liblxc commands [default=yes]])], + [], [enable_commands=yes]) +AM_CONDITIONAL([ENABLE_COMMANDS], [test "x$enable_commands" = "xyes"]) + +# Build with ASAN commands +AC_ARG_ENABLE([asan], + [AC_HELP_STRING([--enable-asan], [build with address sanitizer enabled [default=no]])], + [], [enable_asan=no]) +AM_CONDITIONAL([ENABLE_ASAN], [test "x$enable_asan" = "xyes"]) + # Optional test binaries AC_ARG_ENABLE([tests], [AC_HELP_STRING([--enable-tests], [build test/example binaries [default=no]])], @@ -558,7 +493,14 @@ AC_ARG_WITH([cgroup-pattern], [AC_HELP_STRING( [--with-cgroup-pattern=pattern], [pattern for container cgroups] - )], [], [with_cgroup_pattern=['lxc/%n']]) + )], [], [with_cgroup_pattern=['lxc.payload/%n']]) + +# The path for the apparmor_parser's cache for generated apparmor profiles +AC_ARG_WITH([apparmor-cache-dir], + [AC_HELP_STRING( + [--with-apparmor-cache-dir=dir], + [path for apparmor_parser cache] + )], [], [with_apparmor_cache_dir=['${localstatedir}/cache/lxc/apparmor']]) # Container log path. By default, use $lxcpath. AC_MSG_CHECKING([Whether to place logfiles in container config path]) @@ -606,6 +548,7 @@ AS_AC_EXPAND(LXCBINHOOKDIR, "$libexecdir/lxc/hooks") AS_AC_EXPAND(LXCINITDIR, "$libexecdir") AS_AC_EXPAND(LOGPATH, "$with_log_path") AS_AC_EXPAND(RUNTIME_PATH, "$with_runtime_path") +AS_AC_EXPAND(APPARMOR_CACHE_DIR, "$with_apparmor_cache_dir") AC_SUBST(DEFAULT_CGROUP_PATTERN, ["$with_cgroup_pattern"]) # We need the install path so criu knows where to reference the hook scripts. @@ -633,6 +576,43 @@ else fi AM_CONDITIONAL([IS_BIONIC], [test "x$is_bionic" = "xyes"]) +# Configuration examples +AC_ARG_ENABLE([pam], + [AC_HELP_STRING([--enable-pam], [enable pam module [default=no]])], + [], [enable_pam=no]) +AM_CONDITIONAL([ENABLE_PAM], [test "x$enable_pam" = "xyes"]) + +AM_COND_IF([ENABLE_PAM], + [AC_ARG_WITH( + [pamdir], + [AS_HELP_STRING([--with-pamdir=PATH],[Specify the directory where PAM modules are stored, + or "none" if PAM modules are not to be built])], + [pamdir="${withval}"], + [ + if test "${prefix}" = "/usr"; then + pamdir="/lib${libdir##*/lib}/security" + else + pamdir="\$(libdir)/security" + fi + ] + )]) + +AM_CONDITIONAL([HAVE_PAM], [test x"$pamdir" != "xnone"]) +AM_COND_IF([ENABLE_PAM], + [if test "z$pamdir" != "znone"; then + AC_ARG_VAR([PAM_CFLAGS], [C compiler flags for pam]) + AC_ARG_VAR([PAM_LIBS], [linker flags for pam]) + AC_CHECK_LIB( + [pam], + [pam_authenticate], + [PAM_LIBS="-lpam"], + [AC_MSG_ERROR([*** libpam not found.]) + ]) + + AC_SUBST(PAM_LIBS) + AC_SUBST([pamdir]) + fi]) + # Some systems lack PR_CAPBSET_DROP definition => HAVE_DECL_PR_CAPBSET_DROP AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include ]) @@ -641,7 +621,12 @@ AC_CHECK_DECLS([PR_SET_NO_NEW_PRIVS], [], [], [#include ]) AC_CHECK_DECLS([PR_GET_NO_NEW_PRIVS], [], [], [#include ]) # Check for some headers -AC_CHECK_HEADERS([sys/signalfd.h pty.h ifaddrs.h sys/memfd.h sys/personality.h utmpx.h sys/timerfd.h sys/resource.h]) +AC_CHECK_HEADERS([pty.h sys/memfd.h sys/personality.h sys/resource.h sys/signalfd.h sys/timerfd.h utmpx.h]) + +AC_CHECK_HEADER([ifaddrs.h], + AM_CONDITIONAL(HAVE_IFADDRS_H, true) + AC_DEFINE(HAVE_IFADDRS_H, 1, [Have ifaddrs.h]), + AM_CONDITIONAL(HAVE_IFADDRS_H, false)) # lookup major()/minor()/makedev() AC_HEADER_MAJOR @@ -649,12 +634,48 @@ AC_HEADER_MAJOR # Check for some syscalls functions AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create]) +# Check for strerror_r() support. Defines: +# - HAVE_STRERROR_R if available +# - HAVE_DECL_STRERROR_R if defined +# - STRERROR_R_CHAR_P if it returns char * +AC_FUNC_STRERROR_R + +# Check if "%m" is supported by printf and Co +AC_MSG_CHECKING([%m format]) +AC_TRY_RUN([ +#include +int main(void) +{ + char msg[256]; + int rc; + + rc = snprintf(msg, sizeof(msg), "%m\n"); + if ((rc > 1) && (msg[0] != '%')) + { + return 0; + } + else + { + return 1; + } +}], +[fmt_m=yes], [fmt_m=no], [fmt_m=no]) +if test "x$fmt_m" = "xyes"; then + AC_DEFINE([HAVE_M_FORMAT], 1, [Have %m format]) + AC_MSG_RESULT([yes]) +else + AC_MSG_RESULT([no]) +fi + # Check for some functions AC_CHECK_LIB(pthread, main) -AC_CHECK_FUNCS(pthread_atfork) AC_CHECK_FUNCS(statvfs) AC_CHECK_LIB(util, openpty) AC_CHECK_FUNCS([openpty hasmntopt setmntent endmntent utmpxname]) +AC_CHECK_FUNCS([getgrgid_r], + AM_CONDITIONAL(HAVE_GETGRGID_R, true) + AC_DEFINE(HAVE_GETGRGID_R,1,[Have getgrgid_r]), + AM_CONDITIONAL(HAVE_GETGRGID_R, false)) AC_CHECK_FUNCS([getline], AM_CONDITIONAL(HAVE_GETLINE, true) AC_DEFINE(HAVE_GETLINE,1,[Have getline]), @@ -667,6 +688,10 @@ AC_CHECK_FUNCS([fgetln], AM_CONDITIONAL(HAVE_FGETLN, true) AC_DEFINE(HAVE_FGETLN,1,[Have fgetln]), AM_CONDITIONAL(HAVE_FGETLN, false)) +AC_CHECK_FUNCS([keyctl], + AM_CONDITIONAL(HAVE_KEYCTL, true) + AC_DEFINE(HAVE_KEYCTL,1,[Have keyctl]), + AM_CONDITIONAL(HAVE_KEYCTL, false)) AC_CHECK_FUNCS([prlimit], AM_CONDITIONAL(HAVE_PRLIMIT, true) AC_DEFINE(HAVE_PRLIMIT,1,[Have prlimit]), @@ -675,9 +700,24 @@ AC_CHECK_FUNCS([prlimit64], AM_CONDITIONAL(HAVE_PRLIMIT64, true) AC_DEFINE(HAVE_PRLIMIT64,1,[Have prlimit64]), AM_CONDITIONAL(HAVE_PRLIMIT64, false)) +AC_CHECK_FUNCS([pthread_setcancelstate], + AM_CONDITIONAL(HAVE_PTHREAD_SETCANCELSTATE, true) + AC_DEFINE(HAVE_PTHREAD_SETCANCELSTATE,1,[Have pthread_setcancelstate]), + AM_CONDITIONAL(HAVE_PTHREAD_SETCANCELSTATE, false)) +AC_CHECK_FUNCS([strlcpy], + AM_CONDITIONAL(HAVE_STRLCPY, true) + AC_DEFINE(HAVE_STRLCPY,1,[Have strlcpy]), + AM_CONDITIONAL(HAVE_STRLCPY, false)) +AC_CHECK_FUNCS([strlcat], + AM_CONDITIONAL(HAVE_STRLCAT, true) + AC_DEFINE(HAVE_STRLCAT,1,[Have strlcat]), + AM_CONDITIONAL(HAVE_STRLCAT, false)) + +# HAVE_STRUCT_RTNL_LINK_STATS64={0,1} +AC_CHECK_TYPES([struct rtnl_link_stats64], [], [], [[#include ]]) # Check for some libraries -AC_SEARCH_LIBS(sem_open, [rt pthread]) +AX_PTHREAD AC_SEARCH_LIBS(clock_gettime, [rt]) # Check for some standard binaries @@ -687,11 +727,74 @@ AC_PROG_SED # See if we support thread-local storage. LXC_CHECK_TLS -if test "x$GCC" = "xyes"; then - CFLAGS="$CFLAGS -Wall" - if test "x$enable_werror" = "xyes"; then - CFLAGS="$CFLAGS -Werror" - fi +# Hardening flags +AX_CHECK_COMPILE_FLAG([-fdiagnostics-color], [CFLAGS="$CFLAGS -fdiagnostics-color"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Wimplicit-fallthrough=5], [CFLAGS="$CFLAGS -Wimplicit-fallthrough=5"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Wcast-align], [CFLAGS="$CFLAGS -Wcast-align"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Wstrict-prototypes], [CFLAGS="$CFLAGS -Wstrict-prototypes"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-fno-strict-aliasing], [CFLAGS="$CFLAGS -fno-strict-aliasing"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-fstack-clash-protection], [CFLAGS="$CFLAGS -fstack-clash-protection"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-fstack-protector-strong], [CFLAGS="$CFLAGS -fstack-protector-strong"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([--param=ssp-buffer-size=4], [CFLAGS="$CFLAGS --param=ssp-buffer-size=4"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-g], [CFLAGS="$CFLAGS -g"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([--mcet -fcf-protection], [CFLAGS="$CFLAGS --mcet -fcf-protection"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Werror=implicit-function-declaration], [CFLAGS="$CFLAGS -Werror=implicit-function-declaration"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Wlogical-op], [CFLAGS="$CFLAGS -Wlogical-op"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Wmissing-include-dirs], [CFLAGS="$CFLAGS -Wmissing-include-dirs"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Wold-style-definition], [CFLAGS="$CFLAGS -Wold-style-definition"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Winit-self], [CFLAGS="$CFLAGS -Winit-self"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Wfloat-equal], [CFLAGS="$CFLAGS -Wfloat-equal"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Wsuggest-attribute=noreturn], [CFLAGS="$CFLAGS -Wsuggest-attribute=noreturn"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Werror=return-type], [CFLAGS="$CFLAGS -Werror=return-type"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Werror=incompatible-pointer-types], [CFLAGS="$CFLAGS -Werror=incompatible-pointer-types"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Wformat=2], [CFLAGS="$CFLAGS -Wformat=2"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Wshadow], [CFLAGS="$CFLAGS -Wshadow"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Wendif-labels], [CFLAGS="$CFLAGS -Wendif-labels"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Werror=overflow], [CFLAGS="$CFLAGS -Werror=overflow"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-fdiagnostics-show-option], [CFLAGS="$CFLAGS -fdiagnostics-show-option"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Werror=shift-count-overflow], [CFLAGS="$CFLAGS -Werror=shift-count-overflow"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Werror=shift-overflow=2], [CFLAGS="$CFLAGS -Werror=shift-overflow=2"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Wdate-time], [CFLAGS="$CFLAGS -Wdate-time"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Wnested-externs], [CFLAGS="$CFLAGS -Wnested-externs"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-fasynchronous-unwind-tables], [CFLAGS="$CFLAGS -fasynchronous-unwind-tables"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-pipe], [CFLAGS="$CFLAGS -pipe"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-fexceptions], [CFLAGS="$CFLAGS -fexceptions"],,[-Werror]) + +AX_CHECK_LINK_FLAG([-z relro], [LDFLAGS="$LDFLAGS -z relro"],,[]) +AX_CHECK_LINK_FLAG([-z now], [LDFLAGS="$LDFLAGS -z now"],,[]) + +CFLAGS="$CFLAGS -Wvla -std=gnu11" +if test "x$enable_werror" = "xyes"; then + CFLAGS="$CFLAGS -Werror" +fi + +AC_ARG_ENABLE([thread-safety], + [AC_HELP_STRING([--enable-thread-safety], [enforce thread-safety otherwise fail the build [default=yes]])], + [], [enable_thread_safety=yes]) +AM_CONDITIONAL([ENFORCE_THREAD_SAFETY], [test "x$enable_thread_safety" = "xyes"]) + +AC_ARG_ENABLE([dlog], + [AC_HELP_STRING([--enable-dlog], [enable dlog support [default=no]])], + [], [enable_dlog=no]) +AM_CONDITIONAL([ENABLE_DLOG], [test "x$enable_dlog" = "xyes"]) + +AM_COND_IF([ENABLE_DLOG], + [PKG_CHECK_MODULES([DLOG],[dlog],[],[ + AC_CHECK_HEADER([dlog.h],[],[AC_MSG_ERROR([You must install the dlog development package in order to compile lxc])]) + AC_CHECK_LIB([dlog], [dlog_print],[],[AC_MSG_ERROR([You must install the dlog development package in order to compile lxc])]) + AC_SUBST([DLOG_LIBS], [-ldlog]) + ]) + ]) + +AC_ARG_ENABLE([memfd-rexec], + [AC_HELP_STRING([--enable-memfd-rexec], [enforce liblxc as a memfd to protect against certain symlink attacks [default=yes]])], + [], [enable_memfd_rexec=yes]) +AM_CONDITIONAL([ENFORCE_MEMFD_REXEC], [test "x$enable_memfd_rexec" = "xyes"]) +if test "x$enable_memfd_rexec" = "xyes"; then + AC_DEFINE([ENFORCE_MEMFD_REXEC], 1, [Rexec liblxc as memfd]) + AC_MSG_RESULT([yes]) +else + AC_MSG_RESULT([no]) fi # Files requiring some variable expansion @@ -702,6 +805,7 @@ AC_CONFIG_FILES([ config/Makefile config/apparmor/Makefile + config/apparmor/abstractions/start-container config/selinux/Makefile config/bash/Makefile config/bash/lxc @@ -721,43 +825,10 @@ AC_CONFIG_FILES([ config/init/upstart/Makefile config/etc/Makefile config/templates/Makefile - config/templates/alpine.common.conf - config/templates/alpine.userns.conf - config/templates/archlinux.common.conf - config/templates/archlinux.userns.conf - config/templates/centos.common.conf - config/templates/centos.userns.conf config/templates/common.conf config/templates/common.conf.d/Makefile - config/templates/debian.common.conf - config/templates/debian.userns.conf - config/templates/fedora.common.conf - config/templates/fedora.userns.conf - config/templates/gentoo.common.conf - config/templates/gentoo.moresecure.conf - config/templates/gentoo.userns.conf config/templates/nesting.conf - config/templates/opensuse.common.conf - config/templates/opensuse.userns.conf - config/templates/oracle.common.conf - config/templates/oracle.userns.conf - config/templates/plamo.common.conf - config/templates/plamo.userns.conf - config/templates/slackware.common.conf - config/templates/slackware.userns.conf - config/templates/ubuntu-cloud.common.conf - config/templates/ubuntu-cloud.lucid.conf - config/templates/ubuntu-cloud.userns.conf - config/templates/ubuntu.common.conf - config/templates/ubuntu.lucid.conf - config/templates/ubuntu.userns.conf - config/templates/openwrt.common.conf - config/templates/sparclinux.common.conf - config/templates/sparclinux.userns.conf - config/templates/voidlinux.common.conf - config/templates/voidlinux.userns.conf - config/templates/sabayon.common.conf - config/templates/sabayon.userns.conf + config/templates/oci.common.conf config/templates/userns.conf config/yum/Makefile config/sysconfig/Makefile @@ -770,7 +841,6 @@ AC_CONFIG_FILES([ doc/lxc-cgroup.sgml doc/lxc-checkconfig.sgml doc/lxc-checkpoint.sgml - doc/lxc-clone.sgml doc/lxc-config.sgml doc/lxc-console.sgml doc/lxc-copy.sgml @@ -783,7 +853,6 @@ AC_CONFIG_FILES([ doc/lxc-ls.sgml doc/lxc-monitor.sgml doc/lxc-snapshot.sgml - doc/lxc-start-ephemeral.sgml doc/lxc-start.sgml doc/lxc-stop.sgml doc/lxc-top.sgml @@ -819,7 +888,6 @@ AC_CONFIG_FILES([ doc/ja/lxc-cgroup.sgml doc/ja/lxc-checkconfig.sgml doc/ja/lxc-checkpoint.sgml - doc/ja/lxc-clone.sgml doc/ja/lxc-config.sgml doc/ja/lxc-console.sgml doc/ja/lxc-copy.sgml @@ -832,7 +900,6 @@ AC_CONFIG_FILES([ doc/ja/lxc-ls.sgml doc/ja/lxc-monitor.sgml doc/ja/lxc-snapshot.sgml - doc/ja/lxc-start-ephemeral.sgml doc/ja/lxc-start.sgml doc/ja/lxc-stop.sgml doc/ja/lxc-top.sgml @@ -857,7 +924,6 @@ AC_CONFIG_FILES([ doc/ko/lxc-cgroup.sgml doc/ko/lxc-checkconfig.sgml doc/ko/lxc-checkpoint.sgml - doc/ko/lxc-clone.sgml doc/ko/lxc-config.sgml doc/ko/lxc-console.sgml doc/ko/lxc-copy.sgml @@ -870,7 +936,6 @@ AC_CONFIG_FILES([ doc/ko/lxc-ls.sgml doc/ko/lxc-monitor.sgml doc/ko/lxc-snapshot.sgml - doc/ko/lxc-start-ephemeral.sgml doc/ko/lxc-start.sgml doc/ko/lxc-stop.sgml doc/ko/lxc-top.sgml @@ -889,43 +954,20 @@ AC_CONFIG_FILES([ doc/ko/see_also.sgml hooks/Makefile + hooks/dhclient templates/Makefile - templates/lxc-alpine - templates/lxc-altlinux - templates/lxc-archlinux templates/lxc-busybox - templates/lxc-centos - templates/lxc-cirros - templates/lxc-debian templates/lxc-download - templates/lxc-fedora - templates/lxc-fedora-legacy - templates/lxc-gentoo + templates/lxc-local templates/lxc-oci - templates/lxc-openmandriva - templates/lxc-opensuse - templates/lxc-oracle - templates/lxc-plamo - templates/lxc-pld - templates/lxc-slackware - templates/lxc-sshd - templates/lxc-ubuntu - templates/lxc-ubuntu-cloud - templates/lxc-sparclinux - templates/lxc-voidlinux - templates/lxc-sabayon src/Makefile src/lxc/Makefile src/lxc/lxc.functions - src/lxc/tools/lxc-checkconfig - src/lxc/tools/lxc-start-ephemeral - src/lxc/tools/lxc-update-config + src/lxc/cmd/lxc-checkconfig + src/lxc/cmd/lxc-update-config src/lxc/version.h - src/python-lxc/Makefile - - src/lua-lxc/Makefile src/tests/Makefile src/tests/lxc-test-usernic @@ -937,12 +979,45 @@ AC_OUTPUT cat << EOF ---------------------------- +Binaries + - Command Line Tools: + - lxc-attach: $enable_tools + - lxc-autostart: $enable_tools + - lxc-cgroup: $enable_tools + - lxc-checkpoint: $enable_tools + - lxc-config: $enable_tools + - lxc-console: $enable_tools + - lxc-copy: $enable_tools + - lxc-create: $enable_tools + - lxc-destroy: $enable_tools + - lxc-device: $enable_tools + - lxc-execute: $enable_tools + - lxc-freeze: $enable_tools + - lxc-info: $enable_tools + - lxc-ls: $enable_tools + - lxc-monitor: $enable_tools + - lxc-snapshot: $enable_tools + - lxc-start: $enable_tools + - lxc-stop: $enable_tools + - lxc-top: $enable_tools + - lxc-unfreeze: $enable_tools + - lxc-unshare: $enable_tools + - lxc-wait: $enable_tools + + - liblxc Commands: + - lxc-checkconfig: $enable_commands + - lxc-update-config: $enable_commands + - lxc-init: $enable_commands + - lxc-monitord: $enable_commands + - lxc-user-nic: $enable_commands + - lxc-usernsexec: $enable_commands + Environment: - compiler: $CC - distribution: $with_distro - init script type(s): $init_script - rpath: $enable_rpath - - GnuTLS: $enable_gnutls + - OpenSSL: $enable_openssl - Bash integration: $enable_bash Security features: @@ -950,11 +1025,11 @@ Security features: - Linux capabilities: $enable_capabilities - seccomp: $enable_seccomp - SELinux: $enable_selinux - - cgmanager: $enable_cgmanager + - memfd rexec: $enable_memfd_rexec -Bindings: - - lua: $enable_lua - - python3: $enable_python +PAM: + - PAM module: $enable_pam + - cgroup PAM module: $pamdir Documentation: - examples: $enable_examples @@ -963,18 +1038,15 @@ Documentation: Debugging: - tests: $enable_tests + - ASAN: $enable_asan - mutex debugging: $enable_mutex_debugging Paths: - Logs in configpath: $enable_configpath_log -EOF - -if test "x$ac_cv_func_pthread_atfork" = "xno" ; then -cat << EOF -WARNING: Threading not supported on your platform +Thread-safety: + - enforce: $enable_thread_safety - You are compiling LXC for bionic target which lacks certain threading related functionality used by LXC API (like pthread_atfork). - Please note that, because of the missing functionality, multithreaded usage of LXC API cause some problems. +Dlog: + - enable: $enable_dlog EOF -fi