Build with apparmor support

Note that this isn't enough to run with apparmor support since the profiles will need more work but it makes testing this a lot simpler. This is heavily based on a patch by Felix Geyer. See: #725144

Build with apparmor support
3061b11a · Guido Günther · 0a6a2764 · 3061b11a · 3061b11a · 3061b11a
Commit 3061b11a authored 11 years ago by Guido Günther
--- a/debian/control
+++ b/debian/control
@@ -37,6 +37,7 @@ Build-Depends:
 libsanlock-dev [linux-any],
 libaudit-dev [linux-any],
 libselinux1-dev (>= 2.0.82) [linux-any],
+ libapparmor-dev [linux-any],
 systemtap-sdt-dev [amd64 armel armhf i386 ia64 powerpc s390],
 # for --with-storage-sheepdog
 sheepdog [linux-any],
@@ -76,7 +77,7 @@ Recommends: netcat-openbsd,
 iproute,
 parted,
 pm-utils
-Suggests: policykit-1, radvd, auditd, systemtap, systemd
+Suggests: policykit-1, radvd, auditd, systemtap, systemd, apparmor
 Breaks: avahi-daemon (<< 0.6.31-3~)
 Description: programs for the libvirt library
 Libvirt is a C toolkit to interact with the virtualization capabilities

--- a/debian/libvirt-bin.install
+++ b/debian/libvirt-bin.install
@@ -2,6 +2,7 @@ usr/bin/*
 usr/sbin/*
 etc/libvirt/*
 etc/sasl2/*
+etc/apparmor.d
 usr/share/polkit-1
 usr/lib/libvirt/libvirt*
 usr/lib/libvirt/connection-driver

--- a/debian/rules
+++ b/debian/rules
@@ -30,6 +30,7 @@ ifneq (,$(findstring $(DEB_HOST_ARCH_OS), linux))
  WITH_INIT_SCRIPT    =	--with-init-script=systemd
  WITH_AUDIT          = --with-audit
  WITH_SELINUX        = --with-selinux --with-secdriver-selinux --with-selinux-mount=/sys/fs/selinux
+  WITH_APPARMOR       = --with-apparmor --with-secdriver-apparmor --with-apparmor-profiles
  ifneq (,$(findstring $(DEB_HOST_ARCH), amd64 armel armhf i386 ia64 powerpc s390))
      WITH_DTRACE     = --with-dtrace
  else
@@ -63,6 +64,7 @@ else
  WITH_INIT_SCRIPT    =	--with-init-script=none
  WITH_AUDIT          = --without-audit
  WITH_SELINUX        = --without-selinux
+  WITH_APPARMOR       = --without-apparmor
  WITH_DTRACE         = --without-dtrace
  WITH_XEN            = --without-xen
  WITH_LIBXL          = --without-libxl
@@ -91,6 +93,7 @@ DEB_CONFIGURE_EXTRA_ARGS :=      \
 	$(WITH_INIT_SCRIPT)      \
 	$(WITH_NUMA)             \
 	$(WITH_SELINUX)          \
+	$(WITH_APPARMOR)         \
 	--without-esx		 \
 	--without-phyp           \
 	$(WITH_CAPNG)		 \
@@ -119,10 +122,11 @@ override_dh_auto_configure:
 override_dh_auto_install:
 	dh_auto_install
 	# Add empty dirs so dh_install doesn't fail on kFreebsd until we have
-	# Polkit/Systemd/systemtap support
+	# Polkit/Systemd/systemtap/apparmor support
 	mkdir -p debian/tmp/usr/share/polkit-1 \
 	         debian/tmp/lib/systemd/system \
-	         debian/tmp/usr/share/systemtap
+	         debian/tmp/usr/share/systemtap \
+	         debian/tmp/etc/apparmor.d/

 override_dh_auto_test:
 	export LD_PRELOAD="";     \