Forgot to tag those as V4 of series that add --user option.
On Tue, Sep 22, 2015 at 5:51 PM, Andy Zhou <az...@nicira.com> wrote:
> Add configuration option for enabling or disabling linking with
> libcap-ng. Since capabilities are a security feature, the libcapng
> option is handled as follows:
>
> - no option: use libcapng if it's present
>
> --disable-libcapng: do not use libcapng
>
> --enable-libcapng: do use libcapng and fail configuration if
> it's missing
>
> On Linux, not linking with libcapng makes all OVS daemons fail when
> --user option is specified.
>
> Signed-off-by: Andy Zhou <az...@nicira.com>
> ---
> INSTALL.md | 7 +++++++
> configure.ac | 1 +
> lib/automake.mk | 1 +
> m4/openvswitch.m4 | 36 ++++++++++++++++++++++++++++++++++++
> 4 files changed, 45 insertions(+)
>
> diff --git a/INSTALL.md b/INSTALL.md
> index 9dac430..50ab6c7 100644
> --- a/INSTALL.md
> +++ b/INSTALL.md
> @@ -43,6 +43,13 @@ you will need the following software:
> libssl is installed, then Open vSwitch will automatically build
> with support for it.
>
> + - libcap-ng, written by Steve Grubb, is optional but recommended
> + if you plan to user --user option for running Open vSwitch on
> + Linux with kernel based datapath. libcap-ng is required to run
> + OVS daemons as a non-root user with dropped root privileges. If
> + libcap-ng is installed, then Open vSwitch will automatically
> + build with support for it.
> +
> - Python 2.7.
>
> On Linux, you may choose to compile the kernel module that comes with
> diff --git a/configure.ac b/configure.ac
> index 36387a1..39055fe 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -91,6 +91,7 @@ OVS_CHECK_COVERAGE
> OVS_CHECK_NDEBUG
> OVS_CHECK_NETLINK
> OVS_CHECK_OPENSSL
> +OVS_CHECK_LIBCAPNG
> OVS_CHECK_LOGDIR
> OVS_CHECK_PYTHON
> OVS_CHECK_DOT
> diff --git a/lib/automake.mk b/lib/automake.mk
> index 5fdd08f..d8c00da 100644
> --- a/lib/automake.mk
> +++ b/lib/automake.mk
> @@ -8,6 +8,7 @@
> lib_LTLIBRARIES += lib/libopenvswitch.la
>
> lib_libopenvswitch_la_LIBADD = $(SSL_LIBS)
> +lib_libopenvswitch_la_LIBADD += $(CAPNG_LDADD)
>
> if WIN32
> lib_libopenvswitch_la_LIBADD += ${PTHREAD_LIBS}
> diff --git a/m4/openvswitch.m4 b/m4/openvswitch.m4
> index 087c7e5..a36e07d 100644
> --- a/m4/openvswitch.m4
> +++ b/m4/openvswitch.m4
> @@ -157,6 +157,42 @@ AC_DEFUN([OVS_CHECK_NETLINK],
> [Define to 1 if Netlink protocol is available.])
> fi])
>
> +dnl Checks for libcap-ng.
> +AC_DEFUN([OVS_CHECK_LIBCAPNG],
> + [AC_ARG_ENABLE(
> + [libcapng],
> + [AC_HELP_STRING([--disable-libcapng], [Disable Linux capability
> support])],
> + [case "${enableval}" in
> + (yes) libcapng=true ;;
> + (no) libcapng=false ;;
> + (*) AC_MSG_ERROR([bad value ${enableval} for --enable-libcapng]) ;;
> + esac],
> + [libcapng=check])
> +
> + if test "$libcapng" != false; then
> + AC_CHECK_LIB(cap-ng, [capng_clear], [HAVE_LIBCAPNG=yes])
> +
> + if test "$HAVE_LIBCAPNG" != yes; then
> + if test "$libcapng" == true ; then
> + AC_MSG_ERROR([libcap-ng support requested, but not found])
> + fi
> + if test "$libcapng" == check ; then
> + AC_MSG_WARN([cannot find libcap-ng.
> +--user option will not be supported on Linux.
> +(you may use --disable-libcapng to suppress this warning). ])
> + fi
> + fi
> + fi
> +
> + AC_SUBST([HAVE_LIBCAPNG])
> + AM_CONDITIONAL([HAVE_LIBCAPNG], [test "$HAVE_LIBCAPNG" = yes])
> + if test "$HAVE_LIBCAPNG" = yes; then
> + AC_DEFINE([HAVE_LIBCAPNG], [1],
> + [Define to 1 if libcap-ng is available.])
> + CAPNG_LDADD="-lcap-ng"
> + AC_SUBST([CAPNG_LDADD])
> + fi])
> +
> dnl Checks for OpenSSL.
> AC_DEFUN([OVS_CHECK_OPENSSL],
> [AC_ARG_ENABLE(
> --
> 1.9.1
>
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
