clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 02:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

sapi/fpm/config.m4: add a new --with-fpm-apparmor configure flag.

Browse Source 
The existing AC_FPM_APPARMOR macro (which is always run when FPM is
enabled) checks for the existence of libapparmor, and adds it to $LIBS
if found. The result is an "automagic" dependency on libapparmor that
depends not only on the user's configuration, but also on the build
host's environment.

In particular, this can cause problems if the user just happens to
have libapparmor installed (for testing or development) when he builds
PHP. Later, he may remove libapparmor, not realizing that PHP depends
on it. At that point, FPM will cease to work due to the missing library.

This commit adds a new configure flag called "--with-fpm-apparmor",
defaulting to "no", that enables or disables the feature. The new flag
is used to signal the user's intent; whether or not he wants to use
AppArmor. If he does, then we still check for the existence and
usability of libapparmor; however, it is now an error for the library
to be missing when --with-fpm-apparmor is requested.

Gentoo-bug: https://bugs.gentoo.org/637402
PHP-bug: https://bugs.php.net/bug.php?id=75519
This commit is contained in:
Michael Orlitzky 2017-12-26 20:08:37 -05:00 committed by Jakub Zelenka
parent 6bc375f40a
commit 40cdc5f298
1 changed files with 16 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
sapi/fpm/config.m4
View File

@ -488,22 +488,6 @@ AC_DEFUN([AC_FPM_SELECT],
])
])
AC_DEFUN([AC_FPM_APPARMOR],
[
AC_MSG_CHECKING([for apparmor])
SAVED_LIBS="$LIBS"
LIBS="$LIBS -lapparmor"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/apparmor.h>]], [[change_hat("test", 0);]])], [
AC_DEFINE([HAVE_APPARMOR], 1, [do we have apparmor support?])
AC_MSG_RESULT([yes])
], [
LIBS="$SAVED_LIBS"
AC_MSG_RESULT([no])
])
])
AC_MSG_CHECKING(for FPM build)
if test "$PHP_FPM" != "no"; then
AC_MSG_RESULT($PHP_FPM)
@ -521,7 +505,6 @@ if test "$PHP_FPM" != "no"; then
AC_FPM_DEVPOLL
AC_FPM_EPOLL
AC_FPM_SELECT
AC_FPM_APPARMOR
PHP_ARG_WITH([fpm-user],,
[AS_HELP_STRING([[--with-fpm-user[=USER]]],
@ -548,6 +531,12 @@ if test "$PHP_FPM" != "no"; then
[no],
[no])
PHP_ARG_WITH([fpm-apparmor],,
[AS_HELP_STRING([--with-fpm-apparmor],
[Support AppArmor confinement through libapparmor])],
[no],
[no])
if test "$PHP_FPM_SYSTEMD" != "no" ; then
PKG_CHECK_MODULES([SYSTEMD], [libsystemd >= 209])
@ -580,6 +569,16 @@ if test "$PHP_FPM" != "no"; then
])
fi
if test "x$PHP_FPM_APPARMOR" != "xno" ; then
AC_CHECK_HEADERS([sys/apparmor.h])
AC_CHECK_LIB(apparmor, change_hat, [
PHP_ADD_LIBRARY(apparmor)
AC_DEFINE(HAVE_APPARMOR, 1, [ AppArmor confinement available ])
],[
AC_MSG_ERROR(libapparmor required but not found)
])
fi
PHP_SUBST_OLD(php_fpm_systemd)
AC_DEFINE_UNQUOTED(PHP_FPM_SYSTEMD, "$php_fpm_systemd", [fpm systemd service type])