configure.ac 6.53 KB
Newer Older
netblue30's avatar
netblue30 committed
1
AC_PREREQ([2.68])
2
AC_INIT(firejail, 0.9.58.2, netblue30@yahoo.com, , https://firejail.wordpress.com)
netblue30's avatar
netblue30 committed
3 4 5 6 7 8 9 10
AC_CONFIG_SRCDIR([src/firejail/main.c])
#AC_CONFIG_HEADERS([config.h])

AC_PROG_CC
#AC_PROG_CXX
AC_PROG_INSTALL
AC_PROG_RANLIB

11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
HAVE_SPECTRE="no"
AC_MSG_CHECKING(for Spectre mitigation support in gcc or clang compiler)
AS_IF([test "$CC" = "gcc"], [
	HAVE_SPECTRE="yes"
	$CC -mindirect-branch=thunk -c dummy.c || HAVE_SPECTRE="no"
	rm -f dummy.o
	AS_IF([test "$HAVE_SPECTRE" = "yes"], [
		EXTRA_CFLAGS+=" -mindirect-branch=thunk "
	])
])
AS_IF([test "$CC" = "clang"], [
	HAVE_SPECTRE="yes"
	$CC -mretpoline -c dummy.c || HAVE_SPECTRE="no"
	rm -f dummy.o
	AS_IF([test "$HAVE_SPECTRE" = "yes"], [
		EXTRA_CFLAGS+=" -mretpoline "
	])
])
AS_IF([test "$HAVE_SPECTRE" = "yes"], [
	AC_MSG_RESULT(yes)
])
AS_IF([test "$HAVE_SPECTRE" = "no"], [
	AC_MSG_RESULT(... not available)
])
AC_SUBST([EXTRA_CFLAGS])

netblue30's avatar
netblue30 committed
37 38 39 40 41 42 43 44 45 46 47 48 49
HAVE_APPARMOR=""
AC_ARG_ENABLE([apparmor],
    AS_HELP_STRING([--enable-apparmor], [enable apparmor]))
AS_IF([test "x$enable_apparmor" = "xyes"], [
	HAVE_APPARMOR="-DHAVE_APPARMOR"
	AC_SUBST(HAVE_APPARMOR)
])

AS_IF([test "x$enable_apparmor" = "xyes"], [
	AC_CHECK_HEADER(sys/apparmor.h, , [AC_MSG_ERROR(
	[Couldn't find sys/apparmor.h... please install apparmor user space library and development files] )])
])
AS_IF([test "x$enable_apparmor" = "xyes"], [
50
	EXTRA_LDFLAGS+=" -lapparmor "
netblue30's avatar
netblue30 committed
51 52 53
])
AC_SUBST([EXTRA_LDFLAGS])

54 55 56 57 58 59 60 61
HAVE_OVERLAYFS=""
AC_ARG_ENABLE([overlayfs],
    AS_HELP_STRING([--disable-overlayfs], [disable overlayfs]))
AS_IF([test "x$enable_overlayfs" != "xno"], [
	HAVE_OVERLAYFS="-DHAVE_OVERLAYFS"
	AC_SUBST(HAVE_OVERLAYFS)
])

netblue30's avatar
netblue30 committed
62 63 64 65 66 67 68 69
HAVE_PRIVATEHOME=""
AC_ARG_ENABLE([private-home],
    AS_HELP_STRING([--disable-private-home], [disable private home feature]))
AS_IF([test "x$enable_private_home" != "xno"], [
	HAVE_PRIVATE_HOME="-DHAVE_PRIVATE_HOME"
	AC_SUBST(HAVE_PRIVATE_HOME)
])

netblue30's avatar
netblue30 committed
70 71
HAVE_SECCOMP=""
AC_ARG_ENABLE([seccomp],
netblue30's avatar
netblue30 committed
72
    AS_HELP_STRING([--disable-seccomp], [disable seccomp]))
netblue30's avatar
netblue30 committed
73 74 75 76 77 78 79
AS_IF([test "x$enable_seccomp" != "xno"], [
	HAVE_SECCOMP="-DHAVE_SECCOMP"
	AC_SUBST(HAVE_SECCOMP)
])

HAVE_CHROOT=""
AC_ARG_ENABLE([chroot],
netblue30's avatar
netblue30 committed
80
    AS_HELP_STRING([--disable-chroot], [disable chroot]))
netblue30's avatar
netblue30 committed
81 82 83 84 85
AS_IF([test "x$enable_chroot" != "xno"], [
	HAVE_CHROOT="-DHAVE_CHROOT"
	AC_SUBST(HAVE_CHROOT)
])

86 87 88 89 90 91 92 93
HAVE_GLOBALCFG=""
AC_ARG_ENABLE([globalcfg],
    AS_HELP_STRING([--disable-globalcfg], [if the global config file firejail.cfg is not present, continue the program using defaults]))
AS_IF([test "x$enable_globalcfg" != "xno"], [
	HAVE_GLOBALCFG="-DHAVE_GLOBALCFG"
	AC_SUBST(HAVE_GLOBALCFG)
])

94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109
HAVE_NETWORK=""
AC_ARG_ENABLE([network],
    AS_HELP_STRING([--disable-network], [disable network]))
AS_IF([test "x$enable_network" != "xno"], [
	HAVE_NETWORK="-DHAVE_NETWORK"
	AC_SUBST(HAVE_NETWORK)
])

HAVE_USERNS=""
AC_ARG_ENABLE([userns],
    AS_HELP_STRING([--disable-userns], [disable user namespace]))
AS_IF([test "x$enable_userns" != "xno"], [
	HAVE_USERNS="-DHAVE_USERNS"
	AC_SUBST(HAVE_USERNS)
])

netblue30's avatar
netblue30 committed
110 111
HAVE_X11=""
AC_ARG_ENABLE([x11],
netblue30's avatar
netblue30 committed
112
    AS_HELP_STRING([--disable-x11], [disable X11 sandboxing support]))
netblue30's avatar
netblue30 committed
113 114 115 116 117
AS_IF([test "x$enable_x11" != "xno"], [
	HAVE_X11="-DHAVE_X11"
	AC_SUBST(HAVE_X11)
])

118 119 120 121 122 123 124 125
HAVE_FILE_TRANSFER=""
AC_ARG_ENABLE([file-transfer],
    AS_HELP_STRING([--disable-file-transfer], [disable file transfer]))
AS_IF([test "x$enable_file_transfer" != "xno"], [
	HAVE_FILE_TRANSFER="-DHAVE_FILE_TRANSFER"
	AC_SUBST(HAVE_FILE_TRANSFER)
])

126 127 128 129 130 131 132 133
HAVE_WHITELIST=""
AC_ARG_ENABLE([whitelist],
    AS_HELP_STRING([--disable-whitelist], [disable whitelist]))
AS_IF([test "x$enable_whitelist" != "xno"], [
	HAVE_WHITELIST="-DHAVE_WHITELIST"
	AC_SUBST(HAVE_WHITELIST)
])

134 135 136 137 138 139 140 141 142
HAVE_SUID=""
AC_ARG_ENABLE([suid],
    AS_HELP_STRING([--disable-suid], [install as a non-SUID executable]))
AS_IF([test "x$enable_suid" = "xno"],
	[HAVE_SUID="no"],
	[HAVE_SUID="yes"]
)
AC_SUBST(HAVE_SUID)

143 144 145 146 147 148 149
HAVE_FATAL_WARNINGS=""
AC_ARG_ENABLE([fatal_warnings],
    AS_HELP_STRING([--enable-fatal-warnings], [-W -Wall -Werror]))
AS_IF([test "x$enable_fatal_warnings" = "xyes"], [
	HAVE_FATAL_WARNINGS="-W -Wall -Werror"
	AC_SUBST(HAVE_FATAL_WARNINGS)
])
netblue30's avatar
netblue30 committed
150

151 152 153 154 155 156 157 158 159
BUSYBOX_WORKAROUND="no"
AC_ARG_ENABLE([busybox-workaround],
    AS_HELP_STRING([--enable-busybox-workaround], [enable busybox workaround]))
AS_IF([test "x$enable_busybox_workaround" = "xyes"], [
	BUSYBOX_WORKAROUND="yes"
	AC_SUBST(BUSYBOX_WORKAROUND)
])


netblue30's avatar
netblue30 committed
160 161 162 163
HAVE_GCOV=""
AC_ARG_ENABLE([gcov],
    AS_HELP_STRING([--enable-gcov], [Gcov instrumentation]))
AS_IF([test "x$enable_gcov" = "xyes"], [
netblue30's avatar
netblue30 committed
164
	HAVE_GCOV="--coverage -DHAVE_GCOV "
165
	EXTRA_LDFLAGS+=" -lgcov --coverage "
netblue30's avatar
netblue30 committed
166 167 168
	AC_SUBST(HAVE_GCOV)
])

169 170 171 172 173 174 175 176 177
HAVE_CONTRIB_INSTALL="yes"
AC_ARG_ENABLE([contrib-install],
    AS_HELP_STRING([--enable-contrib-install], [install contrib scripts]))
AS_IF([test "x$enable_contrib_install" = "xno"],
	[HAVE_CONTRIB_INSTALL="no"],
	[HAVE_CONTRIB_INSTALL="yes"]
)
AC_SUBST(HAVE_CONTRIB_INSTALL)

netblue30's avatar
netblue30 committed
178 179 180 181 182 183
# checking pthread library
AC_CHECK_LIB([pthread], [main], [], AC_MSG_ERROR([*** POSIX thread support not installed ***]))
AC_CHECK_HEADER(pthread.h,,AC_MSG_ERROR([*** POSIX thread support not installed ***]))
AC_CHECK_HEADER([linux/seccomp.h], HAVE_SECCOMP_H="-DHAVE_SECCOMP_H", HAVE_SECCOMP_H="")
AC_SUBST(HAVE_SECCOMP_H)

netblue30's avatar
netblue30 committed
184 185
# set sysconfdir
if test "$prefix" = /usr; then
186
	test "$sysconfdir" = '${prefix}/etc' && sysconfdir="/etc"
netblue30's avatar
netblue30 committed
187 188
fi

189 190 191
AC_OUTPUT(Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \
src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile \
src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile)
netblue30's avatar
netblue30 committed
192 193 194 195

echo
echo "Configuration options:"
echo "   prefix: $prefix"
netblue30's avatar
netblue30 committed
196
echo "   sysconfdir: $sysconfdir"
netblue30's avatar
netblue30 committed
197 198
echo "   seccomp: $HAVE_SECCOMP"
echo "   <linux/seccomp.h>: $HAVE_SECCOMP_H"
netblue30's avatar
netblue30 committed
199
echo "   apparmor: $HAVE_APPARMOR"
200
echo "   global config: $HAVE_GLOBALCFG"
netblue30's avatar
netblue30 committed
201
echo "   chroot: $HAVE_CHROOT"
202 203
echo "   network: $HAVE_NETWORK"
echo "   user namespace: $HAVE_USERNS"
netblue30's avatar
netblue30 committed
204
echo "   X11 sandboxing support: $HAVE_X11"
205
echo "   whitelisting: $HAVE_WHITELIST"
netblue30's avatar
netblue30 committed
206
echo "   private home support: $HAVE_PRIVATE_HOME"
207
echo "   file transfer support: $HAVE_FILE_TRANSFER"
208
echo "   overlayfs support: $HAVE_OVERLAYFS"
209
echo "   busybox workaround: $BUSYBOX_WORKAROUND"
210
echo "   Spectre compiler patch: $HAVE_SPECTRE"
netblue30's avatar
netblue30 committed
211
echo "   EXTRA_LDFLAGS: $EXTRA_LDFLAGS"
212
echo "   EXTRA_CFLAGS: $EXTRA_CFLAGS"
netblue30's avatar
netblue30 committed
213
echo "   fatal warnings: $HAVE_FATAL_WARNINGS"
netblue30's avatar
netblue30 committed
214
echo "   Gcov instrumentation: $HAVE_GCOV"
215
echo "   Install contrib scripts: $HAVE_CONTRIB_INSTALL"
216
echo "   Install as a SUID executable: $HAVE_SUID"
netblue30's avatar
netblue30 committed
217
echo