AM_CONDITIONAL([ENABLE_API_DOCS], [test "x$HAVE_DOXYGEN" != "x"])
+AC_CONFIG_MACRO_DIRS([config])
+
# Apparmor
AC_ARG_ENABLE([apparmor],
[AC_HELP_STRING([--enable-apparmor], [enable apparmor support [default=auto]])],
fi
AM_CONDITIONAL([ENABLE_APPARMOR], [test "x$enable_apparmor" = "xyes"])
-# GnuTLS
-AC_ARG_ENABLE([gnutls],
- [AC_HELP_STRING([--enable-gnutls], [enable GnuTLS support [default=auto]])],
- [], [enable_gnutls=auto])
+# OpenSSL
+# libssl-dev
+AC_ARG_ENABLE([openssl],
+ [AC_HELP_STRING([--enable-openssl], [enable OpenSSL support [default=auto]])],
+ [], [enable_openssl=auto])
+
+if test "$enable_openssl" = "auto" ; then
+ AC_CHECK_LIB([ssl], [OPENSSL_init_ssl], [enable_openssl=yes], [enable_openssl=no])
-if test "$enable_gnutls" = "auto" ; then
- AC_CHECK_LIB([gnutls], [gnutls_hash_fast], [enable_gnutls=yes], [enable_gnutls=no])
fi
-AM_CONDITIONAL([ENABLE_GNUTLS], [test "x$enable_gnutls" = "xyes"])
+AM_CONDITIONAL([ENABLE_OPENSSL], [test "x$enable_openssl" = "xyes"])
-AM_COND_IF([ENABLE_GNUTLS],
- [AC_CHECK_HEADER([gnutls/gnutls.h],[],[AC_MSG_ERROR([You must install the GnuTLS development package in order to compile lxc])])
- AC_CHECK_LIB([gnutls], [gnutls_hash_fast],[true],[AC_MSG_ERROR([You must install the GnuTLS development package in order to compile lxc])])
- AC_SUBST([GNUTLS_LIBS], [-lgnutls])])
+AM_COND_IF([ENABLE_OPENSSL],
+ [AC_CHECK_HEADER([openssl/engine.h],[],[AC_MSG_ERROR([You must install the OpenSSL development package in order to compile lxc])])
+ AC_SUBST([OPENSSL_LIBS], '-lssl -lcrypto')])
# SELinux
AC_ARG_ENABLE([selinux],
OLD_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $SECCOMP_CFLAGS"
AC_CHECK_TYPES([scmp_filter_ctx], [], [], [[#include <seccomp.h>]])
+AC_CHECK_DECLS([seccomp_notify_fd], [], [], [[#include <seccomp.h>]])
AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [], [[#include <seccomp.h>]])
CFLAGS="$OLD_CFLAGS"
[], [enable_commands=yes])
AM_CONDITIONAL([ENABLE_COMMANDS], [test "x$enable_commands" = "xyes"])
+# Build with ASAN commands
+AC_ARG_ENABLE([asan],
+ [AC_HELP_STRING([--enable-asan], [build with address sanitizer enabled [default=no]])],
+ [], [enable_asan=no])
+AM_CONDITIONAL([ENABLE_ASAN], [test "x$enable_asan" = "xyes"])
+
# Optional test binaries
AC_ARG_ENABLE([tests],
[AC_HELP_STRING([--enable-tests], [build test/example binaries [default=no]])],
# - STRERROR_R_CHAR_P if it returns char *
AC_FUNC_STRERROR_R
+# Check if "%m" is supported by printf and Co
+AC_MSG_CHECKING([%m format])
+AC_TRY_RUN([
+#include <stdio.h>
+int main(void)
+{
+ char msg[256];
+ int rc;
+
+ rc = snprintf(msg, sizeof(msg), "%m\n");
+ if ((rc > 1) && (msg[0] != '%'))
+ {
+ return 0;
+ }
+ else
+ {
+ return 1;
+ }
+}],
+[fmt_m=yes], [fmt_m=no], [fmt_m=no])
+if test "x$fmt_m" = "xyes"; then
+ AC_DEFINE([HAVE_M_FORMAT], 1, [Have %m format])
+ AC_MSG_RESULT([yes])
+else
+ AC_MSG_RESULT([no])
+fi
+
# Check for some functions
AC_CHECK_LIB(pthread, main)
AC_CHECK_FUNCS(statvfs)
AX_CHECK_COMPILE_FLAG([-Werror=shift-overflow=2], [CFLAGS="$CFLAGS -Werror=shift-overflow=2"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wdate-time], [CFLAGS="$CFLAGS -Wdate-time"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wnested-externs], [CFLAGS="$CFLAGS -Wnested-externs"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-fasynchronous-unwind-tables], [CFLAGS="$CFLAGS -fasynchronous-unwind-tables"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-pipe], [CFLAGS="$CFLAGS -pipe"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-fexceptions], [CFLAGS="$CFLAGS -fexceptions"],,[-Werror])
-AX_CHECK_LINK_FLAG([-z relro], [LDLAGS="$LDLAGS -z relro"],,[])
-AX_CHECK_LINK_FLAG([-z now], [LDLAGS="$LDLAGS -z now"],,[])
+AX_CHECK_LINK_FLAG([-z relro], [LDFLAGS="$LDFLAGS -z relro"],,[])
+AX_CHECK_LINK_FLAG([-z now], [LDFLAGS="$LDFLAGS -z now"],,[])
CFLAGS="$CFLAGS -Wvla -std=gnu11"
if test "x$enable_werror" = "xyes"; then
])
])
+AC_ARG_ENABLE([memfd-rexec],
+ [AC_HELP_STRING([--enable-memfd-rexec], [enforce liblxc as a memfd to protect against certain symlink attacks [default=yes]])],
+ [], [enable_memfd_rexec=yes])
+AM_CONDITIONAL([ENFORCE_MEMFD_REXEC], [test "x$enable_memfd_rexec" = "xyes"])
+if test "x$enable_memfd_rexec" = "xyes"; then
+ AC_DEFINE([ENFORCE_MEMFD_REXEC], 1, [Rexec liblxc as memfd])
+ AC_MSG_RESULT([yes])
+else
+ AC_MSG_RESULT([no])
+fi
+
# Files requiring some variable expansion
AC_CONFIG_FILES([
Makefile
- distribution: $with_distro
- init script type(s): $init_script
- rpath: $enable_rpath
- - GnuTLS: $enable_gnutls
+ - OpenSSL: $enable_openssl
- Bash integration: $enable_bash
Security features:
- Linux capabilities: $enable_capabilities
- seccomp: $enable_seccomp
- SELinux: $enable_selinux
+ - memfd rexec: $enable_memfd_rexec
PAM:
- PAM module: $enable_pam
Debugging:
- tests: $enable_tests
+ - ASAN: $enable_asan
- mutex debugging: $enable_mutex_debugging
Paths:
projects / mirror_lxc.git / blobdiff