mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-09 01:18:00 +03:00
7cbd8c4230
Currently, nbdkit support will automatically be enabled as long as the pidfd_open(2) syscall is available. Optionally, libnbd is used to generate more user-friendly error messages. In theory this is all good, since use of nbdkit is supposed to be transparent to the user. In practice, however, there is a problem: if support for it is enabled at build time and the necessary runtime components are installed, nbdkit will always be preferred, with no way for the user to opt out. This will arguably be fine in the long run, but right now none of the platforms that we target ships with a SELinux policy that allows libvirt to launch nbdkit, and the AppArmor policy that we maintain ourselves hasn't been updated either. So, in practice, as of today having nbdkit installed on the host makes network disks completely unusable unless you're willing to compromise the overall security of the system by disabling SELinux/AppArmor. In order to make the transition smoother, provide a convenient way for users and distro packagers to disable nbdkit support at compile time until SELinux and AppArmor are ready. In the process, detection is completely overhauled. libnbd is made mandatory when nbdkit support is enabled, since availability across operating systems is comparable and offering users the option to make error messages worse doesn't make a lot of sense; we also make sure that an explicit request from the user to enable/disable nbdkit support is either complied with, or results in a build failure when that's not possible. Last but not least, we avoid linking against libnbd when nbdkit support is disabled. At the RPM level, we disable the feature when building against anything older than Fedora 40, which still doesn't have the necessary SELinux bits but will hopefully gain them by the time it's released. We also allow nbdkit support to be disabled at build time the same way as other optional features, that is, by passing "--define '_without_nbdkit 1'" to rpmbuild. Finally, if nbdkit support has been disabled, installing libvirt will no longer drag it in as a (weak) dependency. Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
111 lines
9.6 KiB
Meson
111 lines
9.6 KiB
Meson
option('no_git', type: 'boolean', value: false, description: 'Disable git submodule update')
|
|
option('packager', type: 'string', value: '', description: 'Extra packager name')
|
|
option('packager_version', type: 'string', value: '', description: 'Extra packager version')
|
|
option('system', type: 'boolean', value: false, description: 'Set install paths to system ones')
|
|
option('runstatedir', type: 'string', value: '', description: 'State directory for temporary sockets, pid files, etc')
|
|
option('initconfdir', type: 'string', value: '', description: 'directory for init script configuration files')
|
|
option('expensive_tests', type: 'feature', value: 'auto', description: 'set the default for enabling expensive tests (long timeouts)')
|
|
option('test_coverage', type: 'boolean', value: false, description: 'turn on code coverage instrumentation')
|
|
option('git_werror', type: 'feature', value: 'auto', description: 'use -Werror if building from GIT')
|
|
option('rpath', type: 'feature', value: 'auto', description: 'whether to include rpath information in installed binaries and libraries')
|
|
option('docdir', type: 'string', value: '', description: 'documentation installation directory')
|
|
option('docs', type: 'feature', value: 'auto', description: 'whether to generate documentation')
|
|
option('tests', type: 'feature', value: 'auto', description: 'whether to build tests')
|
|
|
|
|
|
# build dependencies options
|
|
option('apparmor', type: 'feature', value: 'auto', description: 'apparmor support')
|
|
option('attr', type: 'feature', value: 'auto', description: 'attr support')
|
|
option('audit', type: 'feature', value: 'auto', description: 'audit support')
|
|
option('bash_completion', type: 'feature', value: 'auto', description: 'bash-completion support')
|
|
option('bash_completion_dir', type: 'string', value: '', description: 'directory containing bash completion scripts')
|
|
option('blkid', type: 'feature', value: 'auto', description: 'blkid support')
|
|
option('capng', type: 'feature', value: 'auto', description: 'cap-ng support')
|
|
option('curl', type: 'feature', value: 'auto', description: 'curl support')
|
|
option('fuse', type: 'feature', value: 'auto', description: 'fuse support')
|
|
option('glusterfs', type: 'feature', value: 'auto', description: 'glusterfs support')
|
|
option('libiscsi', type: 'feature', value: 'auto', description: 'libiscsi support')
|
|
option('libnl', type: 'feature', value: 'auto', description: 'libnl support')
|
|
option('libpcap', type: 'feature', value: 'auto', description: 'libpcap support')
|
|
option('libssh', type: 'feature', value: 'auto', description: 'libssh support')
|
|
option('libssh2', type: 'feature', value: 'auto', description: 'libssh2 support')
|
|
option('netcf', type: 'feature', value: 'auto', description: 'netcf support')
|
|
option('nls', type: 'feature', value: 'auto', description: 'nls support')
|
|
option('numactl', type: 'feature', value: 'auto', description: 'numactl support')
|
|
option('openwsman', type: 'feature', value: 'auto', description: 'openwsman support')
|
|
option('pciaccess', type: 'feature', value: 'auto', description: 'pciaccess support')
|
|
option('polkit', type: 'feature', value: 'auto', description: 'use PolicyKit for UNIX socket access checks')
|
|
option('readline', type: 'feature', value: 'auto', description: 'readline support')
|
|
option('sanlock', type: 'feature', value: 'auto', description: 'sanlock support')
|
|
option('sasl', type: 'feature', value: 'auto', description: 'sasl support')
|
|
option('selinux', type: 'feature', value: 'auto', description: 'selinux support')
|
|
option('selinux_mount', type: 'string', value: '', description: 'set SELinux mount point')
|
|
option('udev', type: 'feature', value: 'auto', description: 'udev support')
|
|
option('wireshark_dissector', type: 'feature', value: 'auto', description: 'wireshark support')
|
|
option('wireshark_plugindir', type: 'string', value: '', description: 'wireshark plugins directory for use when installing wireshark plugin')
|
|
option('yajl', type: 'feature', value: 'auto', description: 'yajl support')
|
|
|
|
|
|
# build driver options
|
|
option('driver_bhyve', type: 'feature', value: 'auto', description: 'bhyve driver')
|
|
option('driver_esx', type: 'feature', value: 'auto', description: 'esx driver')
|
|
option('driver_hyperv', type: 'feature', value: 'auto', description: 'Hyper-V driver')
|
|
option('driver_interface', type: 'feature', value: 'auto', description: 'host interface driver')
|
|
option('driver_libvirtd', type: 'feature', value: 'auto', description: 'libvirtd driver')
|
|
option('driver_libxl', type: 'feature', value: 'auto', description: 'libxenlight driver')
|
|
option('driver_lxc', type: 'feature', value: 'auto', description: 'Linux Container driver')
|
|
option('driver_ch', type: 'feature', value: 'auto', description: 'Cloud-Hypervisor driver')
|
|
option('ch_user', type: 'string', value: '', description: 'username to run Cloud-Hypervisor system instance as')
|
|
option('ch_group', type: 'string', value: '', description: 'groupname to run Cloud-Hypervisor system instance as')
|
|
option('driver_network', type: 'feature', value: 'auto', description: 'virtual network driver')
|
|
option('driver_openvz', type: 'feature', value: 'auto', description: 'OpenVZ driver')
|
|
option('driver_qemu', type: 'feature', value: 'auto', description: 'QEMU/KVM driver')
|
|
option('qemu_user', type: 'string', value: '', description: 'username to run QEMU system instance as')
|
|
option('qemu_group', type: 'string', value: '', description: 'groupname to run QEMU system instance as')
|
|
option('qemu_moddir', type: 'string', value: '', description: 'set the directory where QEMU modules are located')
|
|
option('qemu_datadir', type: 'string', value: '', description: 'set the directory where QEMU shared data is located')
|
|
option('driver_remote', type: 'feature', value: 'auto', description: 'remote driver')
|
|
option('remote_default_mode', type: 'combo', choices: ['legacy', 'direct'], value: 'direct', description: 'remote driver default mode')
|
|
option('driver_secrets', type: 'feature', value: 'auto', description: 'local secrets management driver')
|
|
option('driver_test', type: 'feature', value: 'auto', description: 'test driver')
|
|
option('driver_vbox', type: 'feature', value: 'auto', description: 'VirtualBox XPCOMC driver')
|
|
option('vbox_xpcomc_dir', type: 'string', value: '', description: 'Location of directory containing VirtualBox XPCOMC library')
|
|
option('driver_vmware', type: 'feature', value: 'auto', description: 'VMware driver')
|
|
option('driver_vz', type: 'feature', value: 'auto', description: 'Virtuozzo driver')
|
|
|
|
option('secdriver_apparmor', type: 'feature', value: 'auto', description: 'use AppArmor security driver')
|
|
option('apparmor_profiles', type: 'feature', value: 'auto', description: 'install apparmor profiles')
|
|
option('secdriver_selinux', type: 'feature', value: 'auto', description: 'use SELinux security driver')
|
|
|
|
|
|
# storage driver options
|
|
option('storage_dir', type: 'feature', value: 'auto', description: 'directory backend for the storage driver')
|
|
option('storage_disk', type: 'feature', value: 'auto', description: 'GPartd Disk backend for the storage driver')
|
|
option('storage_fs', type: 'feature', value: 'auto', description: 'FileSystem backend for the storage driver')
|
|
option('storage_gluster', type: 'feature', value: 'auto', description: 'Gluster backend for the storage driver')
|
|
option('storage_iscsi', type: 'feature', value: 'auto', description: 'iscsi backend for the storage driver')
|
|
option('storage_iscsi_direct', type: 'feature', value: 'auto', description: 'iscsi-direct backend for the storage driver')
|
|
option('storage_lvm', type: 'feature', value: 'auto', description: 'LVM backend for the storage driver')
|
|
option('storage_mpath', type: 'feature', value: 'auto', description: 'mpath backend for the storage driver')
|
|
option('storage_rbd', type: 'feature', value: 'auto', description: 'RADOS Block Device backend for the storage driver')
|
|
option('storage_scsi', type: 'feature', value: 'auto', description: 'SCSI backend for the storage driver')
|
|
option('storage_vstorage', type: 'feature', value: 'auto', description: 'Virtuozzo storage backend for the storage driver')
|
|
option('storage_zfs', type: 'feature', value: 'auto', description: 'ZFS backend for the storage driver')
|
|
|
|
|
|
# build feature options
|
|
option('chrdev_lock_files', type: 'string', value: '', description: 'location for UUCP style lock files for character devices (leave empty for default paths on some platforms)')
|
|
option('dtrace', type: 'feature', value: 'auto', description: 'use dtrace for static probing')
|
|
option('firewalld', type: 'feature', value: 'auto', description: 'firewalld support')
|
|
option('firewalld_zone', type: 'feature', value: 'auto', description: 'whether to install firewalld libvirt zone')
|
|
option('host_validate', type: 'feature', value: 'auto', description: 'build virt-host-validate')
|
|
option('init_script', type: 'combo', choices: ['systemd', 'openrc', 'check', 'none'], value: 'check', description: 'Style of init script to install')
|
|
option('loader_nvram', type: 'string', value: '', description: 'Pass list of pairs of <loader>:<nvram> paths. Both pairs and list items are separated by a colon.')
|
|
option('login_shell', type: 'feature', value: 'auto', description: 'build virt-login-shell')
|
|
option('nss', type: 'feature', value: 'auto', description: 'enable Name Service Switch plugin for resolving guest IP addresses')
|
|
option('numad', type: 'feature', value: 'auto', description: 'use numad to manage CPU placement dynamically')
|
|
option('nbdkit', type: 'feature', value: 'auto', description: 'use nbdkit to access network disks')
|
|
option('pm_utils', type: 'feature', value: 'auto', description: 'use pm-utils for power management')
|
|
option('sysctl_config', type: 'feature', value: 'auto', description: 'Whether to install sysctl configs')
|
|
option('tls_priority', type: 'string', value: 'NORMAL', description: 'set the default TLS session priority string')
|