mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
sapi/fpm/config.m4: add a new --with-fpm-apparmor configure flag.
The existing AC_FPM_APPARMOR macro (which is always run when FPM is enabled) checks for the existence of libapparmor, and adds it to $LIBS if found. The result is an "automagic" dependency on libapparmor that depends not only on the user's configuration, but also on the build host's environment. In particular, this can cause problems if the user just happens to have libapparmor installed (for testing or development) when he builds PHP. Later, he may remove libapparmor, not realizing that PHP depends on it. At that point, FPM will cease to work due to the missing library. This commit adds a new configure flag called "--with-fpm-apparmor", defaulting to "no", that enables or disables the feature. The new flag is used to signal the user's intent; whether or not he wants to use AppArmor. If he does, then we still check for the existence and usability of libapparmor; however, it is now an error for the library to be missing when --with-fpm-apparmor is requested. Gentoo-bug: https://bugs.gentoo.org/637402 PHP-bug: https://bugs.php.net/bug.php?id=75519
This commit is contained in:
parent
6bc375f40a
commit
40cdc5f298
@ -488,22 +488,6 @@ AC_DEFUN([AC_FPM_SELECT],
|
||||
])
|
||||
])
|
||||
|
||||
AC_DEFUN([AC_FPM_APPARMOR],
|
||||
[
|
||||
AC_MSG_CHECKING([for apparmor])
|
||||
|
||||
SAVED_LIBS="$LIBS"
|
||||
LIBS="$LIBS -lapparmor"
|
||||
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/apparmor.h>]], [[change_hat("test", 0);]])], [
|
||||
AC_DEFINE([HAVE_APPARMOR], 1, [do we have apparmor support?])
|
||||
AC_MSG_RESULT([yes])
|
||||
], [
|
||||
LIBS="$SAVED_LIBS"
|
||||
AC_MSG_RESULT([no])
|
||||
])
|
||||
])
|
||||
|
||||
AC_MSG_CHECKING(for FPM build)
|
||||
if test "$PHP_FPM" != "no"; then
|
||||
AC_MSG_RESULT($PHP_FPM)
|
||||
@ -521,7 +505,6 @@ if test "$PHP_FPM" != "no"; then
|
||||
AC_FPM_DEVPOLL
|
||||
AC_FPM_EPOLL
|
||||
AC_FPM_SELECT
|
||||
AC_FPM_APPARMOR
|
||||
|
||||
PHP_ARG_WITH([fpm-user],,
|
||||
[AS_HELP_STRING([[--with-fpm-user[=USER]]],
|
||||
@ -548,6 +531,12 @@ if test "$PHP_FPM" != "no"; then
|
||||
[no],
|
||||
[no])
|
||||
|
||||
PHP_ARG_WITH([fpm-apparmor],,
|
||||
[AS_HELP_STRING([--with-fpm-apparmor],
|
||||
[Support AppArmor confinement through libapparmor])],
|
||||
[no],
|
||||
[no])
|
||||
|
||||
if test "$PHP_FPM_SYSTEMD" != "no" ; then
|
||||
PKG_CHECK_MODULES([SYSTEMD], [libsystemd >= 209])
|
||||
|
||||
@ -580,6 +569,16 @@ if test "$PHP_FPM" != "no"; then
|
||||
])
|
||||
fi
|
||||
|
||||
if test "x$PHP_FPM_APPARMOR" != "xno" ; then
|
||||
AC_CHECK_HEADERS([sys/apparmor.h])
|
||||
AC_CHECK_LIB(apparmor, change_hat, [
|
||||
PHP_ADD_LIBRARY(apparmor)
|
||||
AC_DEFINE(HAVE_APPARMOR, 1, [ AppArmor confinement available ])
|
||||
],[
|
||||
AC_MSG_ERROR(libapparmor required but not found)
|
||||
])
|
||||
fi
|
||||
|
||||
PHP_SUBST_OLD(php_fpm_systemd)
|
||||
AC_DEFINE_UNQUOTED(PHP_FPM_SYSTEMD, "$php_fpm_systemd", [fpm systemd service type])
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user