diff --git a/configure.ac b/configure.ac index 48d63e87975..9e5a6817023 100644 --- a/configure.ac +++ b/configure.ac @@ -375,7 +375,10 @@ have_selinux=no AC_ARG_ENABLE(selinux, AS_HELP_STRING([--disable-selinux], [Disable optional SELINUX support])) if test "x$enable_selinux" != "xno"; then PKG_CHECK_MODULES([SELINUX], [libselinux >= 2.1.9], - [AC_DEFINE(HAVE_SELINUX, 1, [Define if SELinux is available]) have_selinux=yes], have_selinux=no) + [AC_DEFINE(HAVE_SELINUX, 1, [Define if SELinux is available]) + have_selinux=yes + M4_DEFINES="$M4_DEFINES -DHAVE_SELINUX"], + [have_selinux=no]) if test "x$have_selinux" = xno -a "x$enable_selinux" = xyes; then AC_MSG_ERROR([*** SELinux support requested but libraries not found]) fi @@ -428,6 +431,7 @@ if test "x${have_tcpwrap}" != xno ; then fi have_tcpwrap=no else + M4_DEFINES="$M4_DEFINES -DHAVE_LIBWRAP" have_tcpwrap=yes fi else @@ -464,6 +468,7 @@ if test "x${have_pam}" != xno ; then if test "x$have_pam" = xyes ; then PAM_LIBS="-lpam -lpam_misc" AC_DEFINE(HAVE_PAM, 1, [PAM available]) + M4_DEFINES="$M4_DEFINES -DHAVE_PAM" else have_pam=no fi @@ -566,6 +571,7 @@ if test "x${have_xattr}" = xno; then fi else if test "x${have_smack}" = xauto; then + M4_DEFINES="$M4_DEFINES -DHAVE_SMACK" have_smack=yes fi fi diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4 index 39fe4589684..a8ab9c7aa06 100644 --- a/src/core/load-fragment-gperf.gperf.m4 +++ b/src/core/load-fragment-gperf.gperf.m4 @@ -55,7 +55,8 @@ $1.SystemCallArchitectures, config_parse_syscall_archs, 0, $1.SystemCallErrorNumber, config_parse_syscall_errno, 0, offsetof($1, exec_context)', `$1.SystemCallFilter, config_parse_warn_compat, 0, 0 $1.SystemCallArchitectures, config_parse_warn_compat, 0, 0 -$1.SystemCallErrorNumber, config_parse_warn_compat, 0, 0') +$1.SystemCallErrorNumber, config_parse_warn_compat, 0, 0' +) $1.LimitCPU, config_parse_limit, RLIMIT_CPU, offsetof($1, exec_context.rlimit) $1.LimitFSIZE, config_parse_limit, RLIMIT_FSIZE, offsetof($1, exec_context.rlimit) $1.LimitDATA, config_parse_limit, RLIMIT_DATA, offsetof($1, exec_context.rlimit) @@ -79,11 +80,20 @@ $1.PrivateTmp, config_parse_bool, 0, $1.PrivateNetwork, config_parse_bool, 0, offsetof($1, exec_context.private_network) $1.PrivateDevices, config_parse_bool, 0, offsetof($1, exec_context.private_devices) $1.MountFlags, config_parse_exec_mount_flags, 0, offsetof($1, exec_context) -$1.TCPWrapName, config_parse_unit_string_printf, 0, offsetof($1, exec_context.tcpwrap_name) -$1.PAMName, config_parse_unit_string_printf, 0, offsetof($1, exec_context.pam_name) +m4_ifdef(`HAVE_LIBWRAP', +`$1.TCPWrapName, config_parse_unit_string_printf, 0, offsetof($1, exec_context.tcpwrap_name)', +`$1.TCPWrapName, config_parse_warn_compat, 0, 0' +) +m4_ifdef(`HAVE_PAM', +`$1.PAMName, config_parse_unit_string_printf, 0, offsetof($1, exec_context.pam_name)', +`$1.PAMName, config_parse_warn_compat, 0, 0' +) $1.IgnoreSIGPIPE, config_parse_bool, 0, offsetof($1, exec_context.ignore_sigpipe) $1.UtmpIdentifier, config_parse_unit_string_printf, 0, offsetof($1, exec_context.utmp_id) -$1.SELinuxContext, config_parse_exec_selinux_context, 0, offsetof($1, exec_context)' +m4_ifdef(`HAVE_SELINUX', +`$1.SELinuxContext, config_parse_exec_selinux_context, 0, offsetof($1, exec_context)', +`$1.SELinuxContext, config_parse_warn_compat, 0, 0' +)' )m4_dnl m4_define(`KILL_CONTEXT_CONFIG_ITEMS', `$1.SendSIGKILL, config_parse_bool, 0, offsetof($1, kill_context.send_sigkill) @@ -178,7 +188,8 @@ Service.RestartPreventExitStatus, config_parse_set_status, 0, Service.SuccessExitStatus, config_parse_set_status, 0, offsetof(Service, success_status) m4_ifdef(`HAVE_SYSV_COMPAT', `Service.SysVStartPriority, config_parse_sysv_priority, 0, offsetof(Service, sysv_start_priority)', -`Service.SysVStartPriority, config_parse_warn_compat, 0, 0') +`Service.SysVStartPriority, config_parse_warn_compat, 0, 0' +) Service.NonBlocking, config_parse_bool, 0, offsetof(Service, exec_context.non_blocking) Service.BusName, config_parse_unit_string_printf, 0, offsetof(Service, bus_name) Service.NotifyAccess, config_parse_notify_access, 0, offsetof(Service, notify_access) @@ -224,9 +235,14 @@ Socket.ReusePort, config_parse_bool, 0, Socket.MessageQueueMaxMessages, config_parse_long, 0, offsetof(Socket, mq_maxmsg) Socket.MessageQueueMessageSize, config_parse_long, 0, offsetof(Socket, mq_msgsize) Socket.Service, config_parse_socket_service, 0, 0 -Socket.SmackLabel, config_parse_string, 0, offsetof(Socket, smack) +m4_ifdef(`HAVE_SMACK', +`Socket.SmackLabel, config_parse_string, 0, offsetof(Socket, smack) Socket.SmackLabelIPIn, config_parse_string, 0, offsetof(Socket, smack_ip_in) -Socket.SmackLabelIPOut, config_parse_string, 0, offsetof(Socket, smack_ip_out) +Socket.SmackLabelIPOut, config_parse_string, 0, offsetof(Socket, smack_ip_out)', +`Socket.SmackLabel, config_parse_warn_compat, 0, 0 +Socket.SmackLabelIPIn, config_parse_warn_compat, 0, 0 +Socket.SmackLabelIPOut, config_parse_warn_compat, 0, 0' +) EXEC_CONTEXT_CONFIG_ITEMS(Socket)m4_dnl CGROUP_CONTEXT_CONFIG_ITEMS(Socket)m4_dnl KILL_CONTEXT_CONFIG_ITEMS(Socket)m4_dnl diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 2ee4616a1c4..7260d205788 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -61,7 +61,7 @@ #include "seccomp-util.h" #endif -#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) +#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) || !defined(HAVE_LIBWRAP) || !defined(HAVE_PAM) || !defined(HAVE_SELINUX) || !defined(HAVE_SMACK) int config_parse_warn_compat( const char *unit, const char *filename, @@ -2880,7 +2880,7 @@ void unit_dump_config_items(FILE *f) { const ConfigParserCallback callback; const char *rvalue; } table[] = { -#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) +#if !defined(HAVE_SYSV_COMPAT) || !defined(HAVE_SECCOMP) || !defined(HAVE_LIBWRAP) || !defined(HAVE_PAM) || !defined(HAVE_SELINUX) || !defined(HAVE_SMACK) { config_parse_warn_compat, "NOTSUPPORTED" }, #endif { config_parse_int, "INTEGER" }, @@ -2943,6 +2943,7 @@ void unit_dump_config_items(FILE *f) { { config_parse_environ, "ENVIRON" }, #ifdef HAVE_SECCOMP { config_parse_syscall_filter, "SYSCALLS" }, + { config_parse_syscall_archs, "ARCHS" }, { config_parse_syscall_errno, "ERRNO" }, #endif { config_parse_cpu_shares, "SHARES" }, @@ -2954,6 +2955,11 @@ void unit_dump_config_items(FILE *f) { { config_parse_blockio_device_weight, "DEVICEWEIGHT" }, { config_parse_long, "LONG" }, { config_parse_socket_service, "SERVICE" }, +#ifdef HAVE_SELINUX + { config_parse_exec_selinux_context, "LABEL" }, +#endif + { config_parse_job_mode, "MODE" }, + { config_parse_job_mode_isolate, "BOOLEAN" }, }; const char *prev = NULL;