use autoconf to crete build scripts depending on landlock presence (fix #417)

2025-04-12 15:17:14 +03:00 · 2024-01-04 22:45:10 +01:00 · 2024-01-04 22:45:10 +01:00 · 780e536aeb
commit 780e536aeb
parent ed0ab12a16
6 changed files with 4500 additions and 11 deletions
--- a/2
+++ b/2
@ -4,6 +4,8 @@ vNEXT:

 	Reintroduced --ssl as an alias to --tls.

+	Introduce autoconf to adapt to landlock presence.
+
 v2.0.1:	
 	Fix resolve_on_forward setting, which would crash
 	sslh reliably.
--- a/Makefile.in
+++ b/Makefile.in
@ -3,13 +3,13 @@ VERSION=$(shell ./genver.sh -r)

 # Configuration -- you probably need to `make clean` if you
 # change any of these
+# landlock is checked by `configure` and set in config.h
 ENABLE_SANITIZER= # Enable ASAN/LSAN/UBSAN
 ENABLE_REGEX=1  # Enable regex probes
 USELIBCONFIG=1	# Use libconfig? (necessary to use configuration files)
 USELIBEV=1	# Use libev?
 USELIBWRAP?=	# Use libwrap?
 USELIBCAP=	# Use libcap?
-USELANDLOCK=1	# Use the landlock LSM?
 USESYSTEMD=     # Make use of systemd socket activation
 USELIBBSD?=     # Use libbsd (needed to update process name in `ps`)
 COV_TEST= 	# Perform test coverage?
@ -78,12 +78,6 @@ ifneq ($(strip $(USELIBEV)),)
        CONDITIONAL_TARGETS+=sslh-ev
 endif

-ifneq ($(strip $(USELANDLOCK)),)
-        CPPFLAGS+=-DLANDLOCK
-endif
-
-
-
 all: sslh-fork sslh-select $(MAN) echosrv $(CONDITIONAL_TARGETS)

 %.o: %.c %.h version.h
@ -123,6 +117,9 @@ echosrv-conf.c echosrv-conf.h: echosrv.cfg
 echosrv: version.h echosrv-conf.c echosrv.o echosrv-conf.o argtable3.o
 	$(CC) $(CFLAGS) $(LDFLAGS) -o echosrv echosrv.o echosrv-conf.o argtable3.o $(LIBS)

+
+landlock.o: config.h
+
 $(MAN): sslh.pod Makefile
 	pod2man --section=8 --release=$(VERSION) --center=" " sslh.pod | gzip -9 - > $(MAN)

--- a/config.h.in
+++ b/config.h.in
@ -0,0 +1,9 @@
+
+
+#ifndef CONFIG_H
+/* Template for config.h, filled by `configure`. */
+
+/* Landlock sandboxing Linux LSM */
+#undef HAVE_LANDLOCK
+
+#endif
--- a/4469
+++ b/4469
--- a/configure.ac
+++ b/configure.ac
@ -0,0 +1,9 @@
+
+dnl Use autoconf to generate the `configure` script from this and Makefile.in
+
+AC_INIT
+AC_CONFIG_HEADERS(config.h)
+AC_CONFIG_FILES([Makefile])
+
+AC_CHECK_HEADERS(linux/landlock.h, AC_DEFINE(HAVE_LANDLOCK), [])
+AC_OUTPUT
--- a/landlock.c
+++ b/landlock.c
@ -20,14 +20,16 @@
 #
 */

-#ifdef LANDLOCK
+#include "config.h"
+#include "log.h"
+
+#ifdef HAVE_LANDLOCK

 #define _GNU_SOURCE
 #include <linux/landlock.h>
 #include <sys/prctl.h>
 #include <sys/syscall.h>

-#include "log.h"

 #ifndef landlock_create_ruleset
 static inline int
@ -103,9 +105,10 @@ void setup_landlock(void)
    print_message(msg_config, "Landlock: all restricted\n");
 }

-#else
+#else /* HAVE_LANDLOCK */
 void setup_landlock(void)
 {
+    print_message(msg_config, "Landlock: not built in\n");
    return;
 }
-#endif
+#endif /* HAVE_LANDLOCK */