[mpm-itk] [PATCH 1/1] Add --with-capabilities and --without-capabilities flags to configure.ac.

Michael Orlitzky michael at orlitzky.com
Fri Sep 11 05:43:58 CEST 2015

The current capabilities support is "automagic." If libcap exists at
build time, support is compiled in, and the user cannot override
this. For users who compile from source, this can be an issue.

By adding explicit --with-capabilities and --without-capabilities
flags, we allow the user to override the auto-detection. If
--with-capabilities is requested but libcap does not exist, then an
error is occurs. The (unchanged) default behavior is to auto-detect
capabilities support.

Reference: http://lists.err.no/pipermail/mpm-itk/2014-May/000808.html
 configure.ac | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 716717a..f5b36b5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,8 +2,36 @@ m4_include([m4/ax_with_apxs.m4])
 AC_INIT([mpm-itk], [2.4.7-03])
-AC_CHECK_LIB(cap, cap_init)
+dnl If the user set --with-capabilities or --without-capabilities,
+dnl store yes/no in the associated $with_capabilities variable.
+  AS_HELP_STRING([--with-capabilities],
+                 [limit privileges with POSIX capabilities (safer)])
+dnl Determine whether or not the system has POSIX capabilities support.
+dnl If the user passed --without-capabilities, we'll just pretend
+dnl that the support doesn't exist.
+AS_IF([test "x$with_capabilities" != "xno"],
+  [AC_CHECK_LIB(cap, cap_init, [have_caps=yes], [have_caps=no])],
+  [have_caps=no]
+dnl If we "have capabilities support" at this point, then we want to
+dnl enable it. If, in addition, the user REQUESTED capabilities support,
+dnl then it's an error not to have it.
+AS_IF([test "x$have_caps" = "xyes"],
+  [AC_DEFINE([HAVE_LIBCAP], [1], [POSIX capabilities support via libcap])
+   LIBS="-lcap $LIBS"
+  ],
+  [AS_IF([test "x$with_capabilities" = "xyes"],
+     [AC_MSG_ERROR([POSIX capabilities support (libcap) missing])]
+   )]

More information about the mpm-itk mailing list