apparmor

author: netblue30 <netblue30@yahoo.com> 2016-08-02 10:03:28 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-08-02 10:03:28 -0400
commit: 355c86b0ff225bdc48b27fb4dfcb6232e4ec7b29 (patch)
tree: 4bc45dad2214b25b279a0d2475c5f7b38269e3d3 /configure
parent: Merge pull request #679 from manevich/xephyr (diff)
download: firejail-355c86b0ff225bdc48b27fb4dfcb6232e4ec7b29.tar.gz
firejail-355c86b0ff225bdc48b27fb4dfcb6232e4ec7b29.tar.zst
firejail-355c86b0ff225bdc48b27fb4dfcb6232e4ec7b29.zip
1 files changed, 267 insertions, 225 deletions
diff --git a/configure b/configure
index 050b4df9c..0f6f8f7fb 100755
--- a/configure
+++ b/configure
@@ -625,9 +625,6 @@ ac_includes_default="\
 ac_subst_vars='LTLIBOBJS
 LIBOBJS
 HAVE_SECCOMP_H
-EGREP
-GREP
-CPP
 HAVE_FATAL_WARNINGS
 HAVE_WHITELIST
 HAVE_FILE_TRANSFER
@@ -638,6 +635,11 @@ HAVE_GLOBALCFG
 HAVE_BIND
 HAVE_CHROOT
 HAVE_SECCOMP
+EXTRA_LDFLAGS
+EGREP
+GREP
+CPP
+HAVE_APPARMOR
 RANLIB
 INSTALL_DATA
 INSTALL_SCRIPT
@@ -690,6 +692,7 @@ SHELL'
 ac_subst_files=''
 ac_user_opts='
 enable_option_checking
+enable_apparmor
 enable_seccomp
 enable_chroot
 enable_bind
@@ -1319,6 +1322,7 @@ Optional Features:
  --disable-option-checking  ignore unrecognized --enable/--with options
  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --enable-apparmor       enable apparmor
  --disable-seccomp       disable seccomp
  --disable-chroot        disable chroot
  --disable-bind          disable bind
@@ -1462,52 +1466,6 @@ fi
 } # ac_fn_c_try_compile
-# ac_fn_c_try_link LINENO
-# -----------------------
-# Try to link conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_link ()
-{
-  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-  rm -f conftest.$ac_objext conftest$ac_exeext
-  if { { ac_try="$ac_link"
-case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
-  (eval "$ac_link") 2>conftest.err
-  ac_status=$?
-  if test -s conftest.err; then
-    grep -v '^ *+' conftest.err >conftest.er1
-    cat conftest.er1 >&5
-    mv -f conftest.er1 conftest.err
-  fi
-  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-  test $ac_status = 0; } && {
-         test -z "$ac_c_werror_flag" ||
-         test ! -s conftest.err
-       } && test -s conftest$ac_exeext && {
-         test "$cross_compiling" = yes ||
-         test -x conftest$ac_exeext
-       }; then :
-  ac_retval=0
-else
-  $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-        ac_retval=1
-fi
-  # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
-  # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
-  # interfere with the next link command; also delete a directory that is
-  # left behind by Apple's compiler.  We do this before executing the actions.
-  rm -rf conftest.dSYM conftest_ipa8_conftest.oo
-  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-  as_fn_set_status $ac_retval
-} # ac_fn_c_try_link
 # ac_fn_c_try_cpp LINENO
 # ----------------------
 # Try to preprocess conftest.$ac_ext, and return whether this succeeded.
@@ -1708,6 +1666,52 @@ $as_echo "$ac_res" >&6; }
  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
 } # ac_fn_c_check_header_compile
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext conftest$ac_exeext
+  if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+         test -z "$ac_c_werror_flag" ||
+         test ! -s conftest.err
+       } && test -s conftest$ac_exeext && {
+         test "$cross_compiling" = yes ||
+         test -x conftest$ac_exeext
+       }; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+        ac_retval=1
+fi
+  # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+  # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+  # interfere with the next link command; also delete a directory that is
+  # left behind by Apple's compiler.  We do this before executing the actions.
+  rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+} # ac_fn_c_try_link
 cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
@@ -3069,189 +3073,23 @@ else
 fi
-HAVE_SECCOMP=""
+# Allow to build without apparmor support by calling:
-# Check whether --enable-seccomp was given.
+# ./configure --disable-apparmor
-if test "${enable_seccomp+set}" = set; then :
+# This makes it possible to run snaps in devmode on almost any host,
-  enableval=$enable_seccomp;
+# regardless of the kernel version.
-fi
+HAVE_APPARMOR=""
+# Check whether --enable-apparmor was given.
-if test "x$enable_seccomp" != "xno"; then :
+if test "${enable_apparmor+set}" = set; then :
+  enableval=$enable_apparmor;
-        HAVE_SECCOMP="-DHAVE_SECCOMP"
-fi
-HAVE_CHROOT=""
-# Check whether --enable-chroot was given.
-if test "${enable_chroot+set}" = set; then :
-  enableval=$enable_chroot;
-fi
-if test "x$enable_chroot" != "xno"; then :
-        HAVE_CHROOT="-DHAVE_CHROOT"
-fi
-HAVE_BIND=""
-# Check whether --enable-bind was given.
-if test "${enable_bind+set}" = set; then :
-  enableval=$enable_bind;
-fi
-if test "x$enable_bind" != "xno"; then :
-        HAVE_BIND="-DHAVE_BIND"
-fi
-HAVE_GLOBALCFG=""
-# Check whether --enable-globalcfg was given.
-if test "${enable_globalcfg+set}" = set; then :
-  enableval=$enable_globalcfg;
-fi
-if test "x$enable_globalcfg" != "xno"; then :
-        HAVE_GLOBALCFG="-DHAVE_GLOBALCFG"
-fi
-HAVE_NETWORK=""
-# Check whether --enable-network was given.
-if test "${enable_network+set}" = set; then :
-  enableval=$enable_network;
-fi
-# Check whether --enable-network was given.
-if test "${enable_network+set}" = set; then :
-  enableval=$enable_network;
-fi
-if test "x$enable_network" != "xno"; then :
-        HAVE_NETWORK="-DHAVE_NETWORK"
-        if test "x$enable_network" = "xrestricted"; then :
-               HAVE_NETWORK="$HAVE_NETWORK -DHAVE_NETWORK_RESTRICTED"
-fi
-fi
-HAVE_USERNS=""
-# Check whether --enable-userns was given.
-if test "${enable_userns+set}" = set; then :
-  enableval=$enable_userns;
-fi
-if test "x$enable_userns" != "xno"; then :
-        HAVE_USERNS="-DHAVE_USERNS"
-fi
-HAVE_X11=""
-# Check whether --enable-x11 was given.
-if test "${enable_x11+set}" = set; then :
-  enableval=$enable_x11;
-fi
-if test "x$enable_x11" != "xno"; then :
-        HAVE_X11="-DHAVE_X11"
-fi
-HAVE_FILE_TRANSFER=""
-# Check whether --enable-file-transfer was given.
-if test "${enable_file_transfer+set}" = set; then :
-  enableval=$enable_file_transfer;
-fi
-if test "x$enable_file_transfer" != "xno"; then :
-        HAVE_FILE_TRANSFER="-DHAVE_FILE_TRANSFER"
-fi
-HAVE_WHITELIST=""
-# Check whether --enable-whitelist was given.
-if test "${enable_whitelist+set}" = set; then :
-  enableval=$enable_whitelist;
-fi
-if test "x$enable_whitelist" != "xno"; then :
-        HAVE_WHITELIST="-DHAVE_WHITELIST"
-fi
-HAVE_FATAL_WARNINGS=""
-# Check whether --enable-fatal_warnings was given.
-if test "${enable_fatal_warnings+set}" = set; then :
-  enableval=$enable_fatal_warnings;
-fi
-if test "x$enable_fatal_warnings" = "xyes"; then :
-        HAVE_FATAL_WARNINGS="-W -Wall -Werror"
 fi
+if test "x$enable_apparmor" = "xyes"; then :
-# checking pthread library
+        HAVE_APPARMOR="-DHAVE_APPARMOR"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5
-$as_echo_n "checking for main in -lpthread... " >&6; }
-if ${ac_cv_lib_pthread_main+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lpthread  $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-int
-main ()
-{
-return main ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_pthread_main=yes
-else
-  ac_cv_lib_pthread_main=no
 fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_main" >&5
-$as_echo "$ac_cv_lib_pthread_main" >&6; }
-if test "x$ac_cv_lib_pthread_main" = xyes; then :
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_LIBPTHREAD 1
-_ACEOF
-  LIBS="-lpthread $LIBS"
-else
-  as_fn_error $? "*** POSIX thread support not installed ***" "$LINENO" 5
-fi
 ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
@@ -3650,6 +3488,208 @@ fi
 done
+if test "x$enable_apparmor" = "xyes"; then :
+        ac_fn_c_check_header_mongrel "$LINENO" "sys/apparmor.h" "ac_cv_header_sys_apparmor_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_apparmor_h" = xyes; then :
+else
+  as_fn_error $? "Couldn't find sys/apparmor.h... please install apparmor user space library and development files " "$LINENO" 5
+fi
+fi
+if test "x$enable_apparmor" = "xyes"; then :
+        EXTRA_LDFLAGS="-lapparmor"
+fi
+HAVE_SECCOMP=""
+# Check whether --enable-seccomp was given.
+if test "${enable_seccomp+set}" = set; then :
+  enableval=$enable_seccomp;
+fi
+if test "x$enable_seccomp" != "xno"; then :
+        HAVE_SECCOMP="-DHAVE_SECCOMP"
+fi
+HAVE_CHROOT=""
+# Check whether --enable-chroot was given.
+if test "${enable_chroot+set}" = set; then :
+  enableval=$enable_chroot;
+fi
+if test "x$enable_chroot" != "xno"; then :
+        HAVE_CHROOT="-DHAVE_CHROOT"
+fi
+HAVE_BIND=""
+# Check whether --enable-bind was given.
+if test "${enable_bind+set}" = set; then :
+  enableval=$enable_bind;
+fi
+if test "x$enable_bind" != "xno"; then :
+        HAVE_BIND="-DHAVE_BIND"
+fi
+HAVE_GLOBALCFG=""
+# Check whether --enable-globalcfg was given.
+if test "${enable_globalcfg+set}" = set; then :
+  enableval=$enable_globalcfg;
+fi
+if test "x$enable_globalcfg" != "xno"; then :
+        HAVE_GLOBALCFG="-DHAVE_GLOBALCFG"
+fi
+HAVE_NETWORK=""
+# Check whether --enable-network was given.
+if test "${enable_network+set}" = set; then :
+  enableval=$enable_network;
+fi
+# Check whether --enable-network was given.
+if test "${enable_network+set}" = set; then :
+  enableval=$enable_network;
+fi
+if test "x$enable_network" != "xno"; then :
+        HAVE_NETWORK="-DHAVE_NETWORK"
+        if test "x$enable_network" = "xrestricted"; then :
+               HAVE_NETWORK="$HAVE_NETWORK -DHAVE_NETWORK_RESTRICTED"
+fi
+fi
+HAVE_USERNS=""
+# Check whether --enable-userns was given.
+if test "${enable_userns+set}" = set; then :
+  enableval=$enable_userns;
+fi
+if test "x$enable_userns" != "xno"; then :
+        HAVE_USERNS="-DHAVE_USERNS"
+fi
+HAVE_X11=""
+# Check whether --enable-x11 was given.
+if test "${enable_x11+set}" = set; then :
+  enableval=$enable_x11;
+fi
+if test "x$enable_x11" != "xno"; then :
+        HAVE_X11="-DHAVE_X11"
+fi
+HAVE_FILE_TRANSFER=""
+# Check whether --enable-file-transfer was given.
+if test "${enable_file_transfer+set}" = set; then :
+  enableval=$enable_file_transfer;
+fi
+if test "x$enable_file_transfer" != "xno"; then :
+        HAVE_FILE_TRANSFER="-DHAVE_FILE_TRANSFER"
+fi
+HAVE_WHITELIST=""
+# Check whether --enable-whitelist was given.
+if test "${enable_whitelist+set}" = set; then :
+  enableval=$enable_whitelist;
+fi
+if test "x$enable_whitelist" != "xno"; then :
+        HAVE_WHITELIST="-DHAVE_WHITELIST"
+fi
+HAVE_FATAL_WARNINGS=""
+# Check whether --enable-fatal_warnings was given.
+if test "${enable_fatal_warnings+set}" = set; then :
+  enableval=$enable_fatal_warnings;
+fi
+if test "x$enable_fatal_warnings" = "xyes"; then :
+        HAVE_FATAL_WARNINGS="-W -Wall -Werror"
+fi
+# checking pthread library
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5
+$as_echo_n "checking for main in -lpthread... " >&6; }
+if ${ac_cv_lib_pthread_main+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lpthread  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int
+main ()
+{
+return main ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_pthread_main=yes
+else
+  ac_cv_lib_pthread_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_main" >&5
+$as_echo "$ac_cv_lib_pthread_main" >&6; }
+if test "x$ac_cv_lib_pthread_main" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBPTHREAD 1
+_ACEOF
+  LIBS="-lpthread $LIBS"
+else
+  as_fn_error $? "*** POSIX thread support not installed ***" "$LINENO" 5
+fi
 ac_fn_c_check_header_mongrel "$LINENO" "pthread.h" "ac_cv_header_pthread_h" "$ac_includes_default"
 if test "x$ac_cv_header_pthread_h" = xyes; then :
@@ -4855,6 +4895,7 @@ echo "   prefix: $prefix"
 echo "   sysconfdir: $sysconfdir"
 echo "   seccomp: $HAVE_SECCOMP"
 echo "   <linux/seccomp.h>: $HAVE_SECCOMP_H"
+echo "   apparmor: $HAVE_APPARMOR"
 echo "   global config: $HAVE_GLOBALCFG"
 echo "   chroot: $HAVE_CHROOT"
 echo "   bind: $HAVE_BIND"
@@ -4866,6 +4907,7 @@ echo "   file transfer support: $HAVE_FILE_TRANSFER"
 echo "   fatal warnings: $HAVE_FATAL_WARNINGS"
 printf "   uid_min: "; grep UID_MIN uids.h
 printf "   gid_min: "; grep GID_MIN uids.h
+printf "   EXTRA_LDFLAGS: $EXTRA_LDFLAGS"
 echo
author	netblue30 <netblue30@yahoo.com>	2016-08-02 10:03:28 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-08-02 10:03:28 -0400
commit	355c86b0ff225bdc48b27fb4dfcb6232e4ec7b29 (patch)
tree	4bc45dad2214b25b279a0d2475c5f7b38269e3d3 /configure
parent	Merge pull request #679 from manevich/xephyr (diff)
download	firejail-355c86b0ff225bdc48b27fb4dfcb6232e4ec7b29.tar.gz firejail-355c86b0ff225bdc48b27fb4dfcb6232e4ec7b29.tar.zst firejail-355c86b0ff225bdc48b27fb4dfcb6232e4ec7b29.zip

diff --git a/configure b/configure index 050b4df9c..0f6f8f7fb 100755 --- a/configure +++ b/configure
@@ -625,9 +625,6 @@ ac_includes_default="\
625	ac_subst_vars='LTLIBOBJS	625	ac_subst_vars='LTLIBOBJS
626	LIBOBJS	626	LIBOBJS
627	HAVE_SECCOMP_H	627	HAVE_SECCOMP_H
628	EGREP
629	GREP
630	CPP
631	HAVE_FATAL_WARNINGS	628	HAVE_FATAL_WARNINGS
632	HAVE_WHITELIST	629	HAVE_WHITELIST
633	HAVE_FILE_TRANSFER	630	HAVE_FILE_TRANSFER
@@ -638,6 +635,11 @@ HAVE_GLOBALCFG
638	HAVE_BIND	635	HAVE_BIND
639	HAVE_CHROOT	636	HAVE_CHROOT
640	HAVE_SECCOMP	637	HAVE_SECCOMP
		638	EXTRA_LDFLAGS
		639	EGREP
		640	GREP
		641	CPP
		642	HAVE_APPARMOR
641	RANLIB	643	RANLIB
642	INSTALL_DATA	644	INSTALL_DATA
643	INSTALL_SCRIPT	645	INSTALL_SCRIPT
@@ -690,6 +692,7 @@ SHELL'
690	ac_subst_files=''	692	ac_subst_files=''
691	ac_user_opts='	693	ac_user_opts='
692	enable_option_checking	694	enable_option_checking
		695	enable_apparmor
693	enable_seccomp	696	enable_seccomp
694	enable_chroot	697	enable_chroot
695	enable_bind	698	enable_bind
@@ -1319,6 +1322,7 @@ Optional Features:
1319	--disable-option-checking ignore unrecognized --enable/--with options	1322	--disable-option-checking ignore unrecognized --enable/--with options
1320	--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)	1323	--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
1321	--enable-FEATURE[=ARG] include FEATURE [ARG=yes]	1324	--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
		1325	--enable-apparmor enable apparmor
1322	--disable-seccomp disable seccomp	1326	--disable-seccomp disable seccomp
1323	--disable-chroot disable chroot	1327	--disable-chroot disable chroot
1324	--disable-bind disable bind	1328	--disable-bind disable bind
@@ -1462,52 +1466,6 @@ fi
1462		1466
1463	} # ac_fn_c_try_compile	1467	} # ac_fn_c_try_compile
1464		1468
1465	# ac_fn_c_try_link LINENO
1466	# -----------------------
1467	# Try to link conftest.$ac_ext, and return whether this succeeded.
1468	ac_fn_c_try_link ()
1469	{
1470	as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
1471	rm -f conftest.$ac_objext conftest$ac_exeext
1472	if { { ac_try="$ac_link"
1473	case "(($ac_try" in
1474	\" \| \` \| \\) ac_try_echo=\$ac_try;;
1475	*) ac_try_echo=$ac_try;;
1476	esac
1477	eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
1478	$as_echo "$ac_try_echo"; } >&5
1479	(eval "$ac_link") 2>conftest.err
1480	ac_status=$?
1481	if test -s conftest.err; then
1482	grep -v '^ *+' conftest.err >conftest.er1
1483	cat conftest.er1 >&5
1484	mv -f conftest.er1 conftest.err
1485	fi
1486	$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
1487	test $ac_status = 0; } && {
1488	test -z "$ac_c_werror_flag" \|\|
1489	test ! -s conftest.err
1490	} && test -s conftest$ac_exeext && {
1491	test "$cross_compiling" = yes \|\|
1492	test -x conftest$ac_exeext
1493	}; then :
1494	ac_retval=0
1495	else
1496	$as_echo "$as_me: failed program was:" >&5
1497	sed 's/^/\| /' conftest.$ac_ext >&5
1498
1499	ac_retval=1
1500	fi
1501	# Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
1502	# created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
1503	# interfere with the next link command; also delete a directory that is
1504	# left behind by Apple's compiler. We do this before executing the actions.
1505	rm -rf conftest.dSYM conftest_ipa8_conftest.oo
1506	eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1507	as_fn_set_status $ac_retval
1508
1509	} # ac_fn_c_try_link
1510
1511	# ac_fn_c_try_cpp LINENO	1469	# ac_fn_c_try_cpp LINENO
1512	# ----------------------	1470	# ----------------------
1513	# Try to preprocess conftest.$ac_ext, and return whether this succeeded.	1471	# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
@@ -1708,6 +1666,52 @@ $as_echo "$ac_res" >&6; }
1708	eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno	1666	eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
1709		1667
1710	} # ac_fn_c_check_header_compile	1668	} # ac_fn_c_check_header_compile
		1669
		1670	# ac_fn_c_try_link LINENO
		1671	# -----------------------
		1672	# Try to link conftest.$ac_ext, and return whether this succeeded.
		1673	ac_fn_c_try_link ()
		1674	{
		1675	as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
		1676	rm -f conftest.$ac_objext conftest$ac_exeext
		1677	if { { ac_try="$ac_link"
		1678	case "(($ac_try" in
		1679	\" \| \` \| \\) ac_try_echo=\$ac_try;;
		1680	*) ac_try_echo=$ac_try;;
		1681	esac
		1682	eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
		1683	$as_echo "$ac_try_echo"; } >&5
		1684	(eval "$ac_link") 2>conftest.err
		1685	ac_status=$?
		1686	if test -s conftest.err; then
		1687	grep -v '^ *+' conftest.err >conftest.er1
		1688	cat conftest.er1 >&5
		1689	mv -f conftest.er1 conftest.err
		1690	fi
		1691	$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
		1692	test $ac_status = 0; } && {
		1693	test -z "$ac_c_werror_flag" \|\|
		1694	test ! -s conftest.err
		1695	} && test -s conftest$ac_exeext && {
		1696	test "$cross_compiling" = yes \|\|
		1697	test -x conftest$ac_exeext
		1698	}; then :
		1699	ac_retval=0
		1700	else
		1701	$as_echo "$as_me: failed program was:" >&5
		1702	sed 's/^/\| /' conftest.$ac_ext >&5
		1703
		1704	ac_retval=1
		1705	fi
		1706	# Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
		1707	# created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
		1708	# interfere with the next link command; also delete a directory that is
		1709	# left behind by Apple's compiler. We do this before executing the actions.
		1710	rm -rf conftest.dSYM conftest_ipa8_conftest.oo
		1711	eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
		1712	as_fn_set_status $ac_retval
		1713
		1714	} # ac_fn_c_try_link
1711	cat >config.log <<_ACEOF	1715	cat >config.log <<_ACEOF
1712	This file contains any messages produced by compilers while	1716	This file contains any messages produced by compilers while
1713	running configure, to aid debugging if configure makes a mistake.	1717	running configure, to aid debugging if configure makes a mistake.
@@ -3069,189 +3073,23 @@ else
3069	fi	3073	fi
3070		3074
3071		3075
3072	HAVE_SECCOMP=""	3076	# Allow to build without apparmor support by calling:
3073	# Check whether --enable-seccomp was given.	3077	# ./configure --disable-apparmor
3074	if test "${enable_seccomp+set}" = set; then :	3078	# This makes it possible to run snaps in devmode on almost any host,
3075	enableval=$enable_seccomp;	3079	# regardless of the kernel version.
3076	fi	3080	HAVE_APPARMOR=""
3077		3081	# Check whether --enable-apparmor was given.
3078	if test "x$enable_seccomp" != "xno"; then :	3082	if test "${enable_apparmor+set}" = set; then :
3079		3083	enableval=$enable_apparmor;
3080	HAVE_SECCOMP="-DHAVE_SECCOMP"
3081
3082
3083	fi
3084
3085	HAVE_CHROOT=""
3086	# Check whether --enable-chroot was given.
3087	if test "${enable_chroot+set}" = set; then :
3088	enableval=$enable_chroot;
3089	fi
3090
3091	if test "x$enable_chroot" != "xno"; then :
3092
3093	HAVE_CHROOT="-DHAVE_CHROOT"
3094
3095
3096	fi
3097
3098	HAVE_BIND=""
3099	# Check whether --enable-bind was given.
3100	if test "${enable_bind+set}" = set; then :
3101	enableval=$enable_bind;
3102	fi
3103
3104	if test "x$enable_bind" != "xno"; then :
3105
3106	HAVE_BIND="-DHAVE_BIND"
3107
3108
3109	fi
3110
3111	HAVE_GLOBALCFG=""
3112	# Check whether --enable-globalcfg was given.
3113	if test "${enable_globalcfg+set}" = set; then :
3114	enableval=$enable_globalcfg;
3115	fi
3116
3117	if test "x$enable_globalcfg" != "xno"; then :
3118
3119	HAVE_GLOBALCFG="-DHAVE_GLOBALCFG"
3120
3121
3122	fi
3123
3124	HAVE_NETWORK=""
3125	# Check whether --enable-network was given.
3126	if test "${enable_network+set}" = set; then :
3127	enableval=$enable_network;
3128	fi
3129
3130	# Check whether --enable-network was given.
3131	if test "${enable_network+set}" = set; then :
3132	enableval=$enable_network;
3133	fi
3134
3135	if test "x$enable_network" != "xno"; then :
3136
3137	HAVE_NETWORK="-DHAVE_NETWORK"
3138	if test "x$enable_network" = "xrestricted"; then :
3139
3140	HAVE_NETWORK="$HAVE_NETWORK -DHAVE_NETWORK_RESTRICTED"
3141
3142	fi
3143
3144
3145	fi
3146
3147	HAVE_USERNS=""
3148	# Check whether --enable-userns was given.
3149	if test "${enable_userns+set}" = set; then :
3150	enableval=$enable_userns;
3151	fi
3152
3153	if test "x$enable_userns" != "xno"; then :
3154
3155	HAVE_USERNS="-DHAVE_USERNS"
3156
3157
3158	fi
3159
3160	HAVE_X11=""
3161	# Check whether --enable-x11 was given.
3162	if test "${enable_x11+set}" = set; then :
3163	enableval=$enable_x11;
3164	fi
3165
3166	if test "x$enable_x11" != "xno"; then :
3167
3168	HAVE_X11="-DHAVE_X11"
3169
3170
3171	fi
3172
3173	HAVE_FILE_TRANSFER=""
3174	# Check whether --enable-file-transfer was given.
3175	if test "${enable_file_transfer+set}" = set; then :
3176	enableval=$enable_file_transfer;
3177	fi
3178
3179	if test "x$enable_file_transfer" != "xno"; then :
3180
3181	HAVE_FILE_TRANSFER="-DHAVE_FILE_TRANSFER"
3182
3183
3184	fi
3185
3186	HAVE_WHITELIST=""
3187	# Check whether --enable-whitelist was given.
3188	if test "${enable_whitelist+set}" = set; then :
3189	enableval=$enable_whitelist;
3190	fi
3191
3192	if test "x$enable_whitelist" != "xno"; then :
3193
3194	HAVE_WHITELIST="-DHAVE_WHITELIST"
3195
3196
3197	fi
3198
3199	HAVE_FATAL_WARNINGS=""
3200	# Check whether --enable-fatal_warnings was given.
3201	if test "${enable_fatal_warnings+set}" = set; then :
3202	enableval=$enable_fatal_warnings;
3203	fi
3204
3205	if test "x$enable_fatal_warnings" = "xyes"; then :
3206
3207	HAVE_FATAL_WARNINGS="-W -Wall -Werror"
3208
3209
3210	fi	3084	fi
3211		3085
		3086	if test "x$enable_apparmor" = "xyes"; then :
3212		3087
3213	# checking pthread library	3088	HAVE_APPARMOR="-DHAVE_APPARMOR"
3214
3215	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5
3216	$as_echo_n "checking for main in -lpthread... " >&6; }
3217	if ${ac_cv_lib_pthread_main+:} false; then :
3218	$as_echo_n "(cached) " >&6
3219	else
3220	ac_check_lib_save_LIBS=$LIBS
3221	LIBS="-lpthread $LIBS"
3222	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
3223	/* end confdefs.h. */
3224		3089
3225		3090
3226	int
3227	main ()
3228	{
3229	return main ();
3230	;
3231	return 0;
3232	}
3233	_ACEOF
3234	if ac_fn_c_try_link "$LINENO"; then :
3235	ac_cv_lib_pthread_main=yes
3236	else
3237	ac_cv_lib_pthread_main=no
3238	fi	3091	fi
3239	rm -f core conftest.err conftest.$ac_objext \
3240	conftest$ac_exeext conftest.$ac_ext
3241	LIBS=$ac_check_lib_save_LIBS
3242	fi
3243	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_main" >&5
3244	$as_echo "$ac_cv_lib_pthread_main" >&6; }
3245	if test "x$ac_cv_lib_pthread_main" = xyes; then :
3246	cat >>confdefs.h <<_ACEOF
3247	#define HAVE_LIBPTHREAD 1
3248	_ACEOF
3249		3092
3250	LIBS="-lpthread $LIBS"
3251
3252	else
3253	as_fn_error $? "* POSIX thread support not installed *" "$LINENO" 5
3254	fi
3255		3093
3256	ac_ext=c	3094	ac_ext=c
3257	ac_cpp='$CPP $CPPFLAGS'	3095	ac_cpp='$CPP $CPPFLAGS'
@@ -3650,6 +3488,208 @@ fi
3650	done	3488	done
3651		3489
3652		3490
		3491	if test "x$enable_apparmor" = "xyes"; then :
		3492
		3493	ac_fn_c_check_header_mongrel "$LINENO" "sys/apparmor.h" "ac_cv_header_sys_apparmor_h" "$ac_includes_default"
		3494	if test "x$ac_cv_header_sys_apparmor_h" = xyes; then :
		3495
		3496	else
		3497	as_fn_error $? "Couldn't find sys/apparmor.h... please install apparmor user space library and development files " "$LINENO" 5
		3498	fi
		3499
		3500
		3501
		3502	fi
		3503	if test "x$enable_apparmor" = "xyes"; then :
		3504
		3505	EXTRA_LDFLAGS="-lapparmor"
		3506
		3507	fi
		3508
		3509
		3510	HAVE_SECCOMP=""
		3511	# Check whether --enable-seccomp was given.
		3512	if test "${enable_seccomp+set}" = set; then :
		3513	enableval=$enable_seccomp;
		3514	fi
		3515
		3516	if test "x$enable_seccomp" != "xno"; then :
		3517
		3518	HAVE_SECCOMP="-DHAVE_SECCOMP"
		3519
		3520
		3521	fi
		3522
		3523	HAVE_CHROOT=""
		3524	# Check whether --enable-chroot was given.
		3525	if test "${enable_chroot+set}" = set; then :
		3526	enableval=$enable_chroot;
		3527	fi
		3528
		3529	if test "x$enable_chroot" != "xno"; then :
		3530
		3531	HAVE_CHROOT="-DHAVE_CHROOT"
		3532
		3533
		3534	fi
		3535
		3536	HAVE_BIND=""
		3537	# Check whether --enable-bind was given.
		3538	if test "${enable_bind+set}" = set; then :
		3539	enableval=$enable_bind;
		3540	fi
		3541
		3542	if test "x$enable_bind" != "xno"; then :
		3543
		3544	HAVE_BIND="-DHAVE_BIND"
		3545
		3546
		3547	fi
		3548
		3549	HAVE_GLOBALCFG=""
		3550	# Check whether --enable-globalcfg was given.
		3551	if test "${enable_globalcfg+set}" = set; then :
		3552	enableval=$enable_globalcfg;
		3553	fi
		3554
		3555	if test "x$enable_globalcfg" != "xno"; then :
		3556
		3557	HAVE_GLOBALCFG="-DHAVE_GLOBALCFG"
		3558
		3559
		3560	fi
		3561
		3562	HAVE_NETWORK=""
		3563	# Check whether --enable-network was given.
		3564	if test "${enable_network+set}" = set; then :
		3565	enableval=$enable_network;
		3566	fi
		3567
		3568	# Check whether --enable-network was given.
		3569	if test "${enable_network+set}" = set; then :
		3570	enableval=$enable_network;
		3571	fi
		3572
		3573	if test "x$enable_network" != "xno"; then :
		3574
		3575	HAVE_NETWORK="-DHAVE_NETWORK"
		3576	if test "x$enable_network" = "xrestricted"; then :
		3577
		3578	HAVE_NETWORK="$HAVE_NETWORK -DHAVE_NETWORK_RESTRICTED"
		3579
		3580	fi
		3581
		3582
		3583	fi
		3584
		3585	HAVE_USERNS=""
		3586	# Check whether --enable-userns was given.
		3587	if test "${enable_userns+set}" = set; then :
		3588	enableval=$enable_userns;
		3589	fi
		3590
		3591	if test "x$enable_userns" != "xno"; then :
		3592
		3593	HAVE_USERNS="-DHAVE_USERNS"
		3594
		3595
		3596	fi
		3597
		3598	HAVE_X11=""
		3599	# Check whether --enable-x11 was given.
		3600	if test "${enable_x11+set}" = set; then :
		3601	enableval=$enable_x11;
		3602	fi
		3603
		3604	if test "x$enable_x11" != "xno"; then :
		3605
		3606	HAVE_X11="-DHAVE_X11"
		3607
		3608
		3609	fi
		3610
		3611	HAVE_FILE_TRANSFER=""
		3612	# Check whether --enable-file-transfer was given.
		3613	if test "${enable_file_transfer+set}" = set; then :
		3614	enableval=$enable_file_transfer;
		3615	fi
		3616
		3617	if test "x$enable_file_transfer" != "xno"; then :
		3618
		3619	HAVE_FILE_TRANSFER="-DHAVE_FILE_TRANSFER"
		3620
		3621
		3622	fi
		3623
		3624	HAVE_WHITELIST=""
		3625	# Check whether --enable-whitelist was given.
		3626	if test "${enable_whitelist+set}" = set; then :
		3627	enableval=$enable_whitelist;
		3628	fi
		3629
		3630	if test "x$enable_whitelist" != "xno"; then :
		3631
		3632	HAVE_WHITELIST="-DHAVE_WHITELIST"
		3633
		3634
		3635	fi
		3636
		3637	HAVE_FATAL_WARNINGS=""
		3638	# Check whether --enable-fatal_warnings was given.
		3639	if test "${enable_fatal_warnings+set}" = set; then :
		3640	enableval=$enable_fatal_warnings;
		3641	fi
		3642
		3643	if test "x$enable_fatal_warnings" = "xyes"; then :
		3644
		3645	HAVE_FATAL_WARNINGS="-W -Wall -Werror"
		3646
		3647
		3648	fi
		3649
		3650
		3651	# checking pthread library
		3652	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5
		3653	$as_echo_n "checking for main in -lpthread... " >&6; }
		3654	if ${ac_cv_lib_pthread_main+:} false; then :
		3655	$as_echo_n "(cached) " >&6
		3656	else
		3657	ac_check_lib_save_LIBS=$LIBS
		3658	LIBS="-lpthread $LIBS"
		3659	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
		3660	/* end confdefs.h. */
		3661
		3662
		3663	int
		3664	main ()
		3665	{
		3666	return main ();
		3667	;
		3668	return 0;
		3669	}
		3670	_ACEOF
		3671	if ac_fn_c_try_link "$LINENO"; then :
		3672	ac_cv_lib_pthread_main=yes
		3673	else
		3674	ac_cv_lib_pthread_main=no
		3675	fi
		3676	rm -f core conftest.err conftest.$ac_objext \
		3677	conftest$ac_exeext conftest.$ac_ext
		3678	LIBS=$ac_check_lib_save_LIBS
		3679	fi
		3680	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_main" >&5
		3681	$as_echo "$ac_cv_lib_pthread_main" >&6; }
		3682	if test "x$ac_cv_lib_pthread_main" = xyes; then :
		3683	cat >>confdefs.h <<_ACEOF
		3684	#define HAVE_LIBPTHREAD 1
		3685	_ACEOF
		3686
		3687	LIBS="-lpthread $LIBS"
		3688
		3689	else
		3690	as_fn_error $? "* POSIX thread support not installed *" "$LINENO" 5
		3691	fi
		3692
3653	ac_fn_c_check_header_mongrel "$LINENO" "pthread.h" "ac_cv_header_pthread_h" "$ac_includes_default"	3693	ac_fn_c_check_header_mongrel "$LINENO" "pthread.h" "ac_cv_header_pthread_h" "$ac_includes_default"
3654	if test "x$ac_cv_header_pthread_h" = xyes; then :	3694	if test "x$ac_cv_header_pthread_h" = xyes; then :
3655		3695
@@ -4855,6 +4895,7 @@ echo " prefix: $prefix"
4855	echo " sysconfdir: $sysconfdir"	4895	echo " sysconfdir: $sysconfdir"
4856	echo " seccomp: $HAVE_SECCOMP"	4896	echo " seccomp: $HAVE_SECCOMP"
4857	echo " <linux/seccomp.h>: $HAVE_SECCOMP_H"	4897	echo " <linux/seccomp.h>: $HAVE_SECCOMP_H"
		4898	echo " apparmor: $HAVE_APPARMOR"
4858	echo " global config: $HAVE_GLOBALCFG"	4899	echo " global config: $HAVE_GLOBALCFG"
4859	echo " chroot: $HAVE_CHROOT"	4900	echo " chroot: $HAVE_CHROOT"
4860	echo " bind: $HAVE_BIND"	4901	echo " bind: $HAVE_BIND"
@@ -4866,6 +4907,7 @@ echo " file transfer support: $HAVE_FILE_TRANSFER"
4866	echo " fatal warnings: $HAVE_FATAL_WARNINGS"	4907	echo " fatal warnings: $HAVE_FATAL_WARNINGS"
4867	printf " uid_min: "; grep UID_MIN uids.h	4908	printf " uid_min: "; grep UID_MIN uids.h
4868	printf " gid_min: "; grep GID_MIN uids.h	4909	printf " gid_min: "; grep GID_MIN uids.h
		4910	printf " EXTRA_LDFLAGS: $EXTRA_LDFLAGS"
4869	echo	4911	echo
4870		4912
4871		4913