mod_apparmor/pam_apparmor: fix libapparmor search path and add USE_SYSTEM support

This patch adds support for the USE_SYSTEM make flag and adjusts search paths for mod_apparmor and pam_apparmor, as well as fixing up a couple of the (probably ought to be deprecated) tomcat locations where apparmor.h is included. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2025-08-22 01:57:43 +00:00 · 2014-01-09 11:57:13 -08:00 · 2014-01-09 11:57:13 -08:00 · 598f7a0b5b
commit 598f7a0b5b
parent c478f8f0e1
6 changed files with 62 additions and 11 deletions
--- a/changehat/mod_apparmor/Makefile
+++ b/changehat/mod_apparmor/Makefile
@ -41,10 +41,33 @@ APXS:=$(shell if [ -x "/usr/sbin/apxs2" ] ; then \
 	      fi ) 
 APXS_INSTALL_DIR=$(shell ${APXS} -q LIBEXECDIR)
 DESTDIR=
-# Need to pass -Wl twice here to get past both apxs2 and libtool, as
-# libtool will add the path to the RPATH of the library if passed -L/some/path
-LIBAPPARMOR_FLAGS=-I../../libraries/libapparmor/src -Wl,-Wl,-L../../libraries/libapparmor/src/.libs
-LDLIBS=-lapparmor
+ifdef USE_SYSTEM
+  LIBAPPARMOR = $(shell if pkg-config --exists libapparmor ; then \
+                                pkg-config --silence-errors --libs libapparmor ; \
+                        elif ldconfig -p | grep -q libapparmor\.so$$ ; then \
+                                echo -lapparmor ; \
+                        fi )
+  ifeq ($(strip $(LIBAPPARMOR)),)
+    $(error Unable to find libapparmor installed on this system; either \
+            install libapparmor devel packages, set the LIBAPPARMOR variable \
+            manually, or build against in-tree libapparmor)
+  endif # LIBAPPARMOR not set
+  LDLIBS += $(LIBAPPARMOR)
+else
+  LIBAPPARMOR_SRC := ../../libraries/libapparmor/
+  LIBAPPARMOR_INCLUDE = $(LIBAPPARMOR_SRC)/include
+  LIBAPPARMOR_PATH := $(LIBAPPARMOR_SRC)/src/.libs/
+    ifeq ($(realpath $(LIBAPPARMOR_PATH)/libapparmor.a),)
+        $(error $(LIBAPPARMOR_PATH)/libapparmor.a is missing; either build against \
+                the in-tree libapparmor by building it first and then trying again \
+                (see the top-level README for help) or build against the system \
+                libapparmor by adding USE_SYSTEM=1 to your make command.)
+    endif
+  # Need to pass -Wl twice here to get past both apxs2 and libtool, as
+  # libtool will add the path to the RPATH of the library if passed -L/some/path
+  LIBAPPARMOR_FLAGS = -I$(LIBAPPARMOR_INCLUDE) -Wl,-Wl,-L$(LIBAPPARMOR_PATH)
+  LDLIBS = -lapparmor
+endif

 all: $(TARGET) ${MANPAGES} ${HTMLMANPAGES}

--- a/changehat/mod_apparmor/mod_apparmor.c
+++ b/changehat/mod_apparmor/mod_apparmor.c
@ -23,7 +23,7 @@
 #include "apr_strings.h"
 #include "apr_lib.h"

-#include <apparmor.h>
+#include <sys/apparmor.h>
 #include <unistd.h>

 /* #define DEBUG */
--- a/changehat/pam_apparmor/Makefile
+++ b/changehat/pam_apparmor/Makefile
@ -26,9 +26,37 @@ common/Make.rules: $(COMMONDIR)/Make.rules
 	ln -sf $(COMMONDIR) .
 endif

-EXTRA_CFLAGS=$(CFLAGS) -fPIC -shared -Wall -I../../libraries/libapparmor/src/
-LINK_FLAGS=-Xlinker -x -L../../libraries/libapparmor/src/.libs
-LIBS=-lpam -lapparmor
+ifdef USE_SYSTEM
+  LIBAPPARMOR = $(shell if pkg-config --exists libapparmor ; then \
+                                pkg-config --silence-errors --libs libapparmor ; \
+                        elif ldconfig -p | grep -q libapparmor\.so$$ ; then \
+                                echo -lapparmor ; \
+                        fi )
+  ifeq ($(strip $(LIBAPPARMOR)),)
+    $(error Unable to find libapparmor installed on this system; either \
+            install libapparmor devel packages, set the LIBAPPARMOR variable \
+            manually, or build against in-tree libapparmor)
+  endif
+  LIBAPPARMOR_INCLUDE =
+  AA_LDLIBS = $(LIBAPPARMOR)
+  AA_LINK_FLAGS =
+else
+  LIBAPPARMOR_SRC := ../../libraries/libapparmor/
+  LIBAPPARMOR_INCLUDE_PATH = $(LIBAPPARMOR_SRC)/include
+  LIBAPPARMOR_PATH := $(LIBAPPARMOR_SRC)/src/.libs/
+    ifeq ($(realpath $(LIBAPPARMOR_PATH)/libapparmor.a),)
+        $(error $(LIBAPPARMOR_PATH)/libapparmor.a is missing; either build against \
+                the in-tree libapparmor by building it first and then trying again \
+                (see the top-level README for help) or build against the system \
+                libapparmor by adding USE_SYSTEM=1 to your make command.)
+    endif
+  LIBAPPARMOR_INCLUDE = -I$(LIBAPPARMOR_INCLUDE_PATH)
+  AA_LINK_FLAGS = -L$(LIBAPPARMOR_PATH)
+  AA_LDLIBS = -lapparmor
+endif
+EXTRA_CFLAGS=$(CFLAGS) -fPIC -shared -Wall $(LIBAPPARMOR_INCLUDE)
+LINK_FLAGS=-Xlinker -x $(AA_LINK_FLAGS)
+LIBS=-lpam $(AA_LDLIBS)
 OBJECTS=${NAME}.o get_options.o

 all: $(NAME).so
--- a/changehat/pam_apparmor/pam_apparmor.c
+++ b/changehat/pam_apparmor/pam_apparmor.c
@ -27,7 +27,7 @@
 #include <grp.h>
 #include <syslog.h>
 #include <errno.h>
-#include <apparmor.h>
+#include <sys/apparmor.h>
 #include <security/pam_ext.h>
 #include <security/pam_modutil.h>

--- a/changehat/tomcat_apparmor/tomcat_5_0/src/jni_src/JNIChangeHat.c
+++ b/changehat/tomcat_apparmor/tomcat_5_0/src/jni_src/JNIChangeHat.c
@ -13,7 +13,7 @@

 #include "jni.h"
 #include <errno.h>
-#include "sys/apparmor.h"
+#include <sys/apparmor.h>
 #include "com_novell_apparmor_JNIChangeHat.h"

 /* c intermediate lib call for Java -> JNI -> c library execution of the change_hat call */
--- a/changehat/tomcat_apparmor/tomcat_5_5/src/jni_src/JNIChangeHat.c
+++ b/changehat/tomcat_apparmor/tomcat_5_5/src/jni_src/JNIChangeHat.c
@ -13,7 +13,7 @@

 #include "jni.h"
 #include <errno.h>
-#include <apparmor.h>
+#include <sys/apparmor.h>
 #include "com_novell_apparmor_JNIChangeHat.h"

 /* c intermediate lib call for Java -> JNI -> c library execution of the change_hat call */