isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add a --with-apparmor build flag

Browse Source 
Add a new build flag, --with-apparmor, that builds sudo with AppArmor
support. Modify the build script for Debian and Ubuntu to enable this
flag by default.
This commit is contained in:
kernelmethod
2022-05-23 00:55:16 -06:00
parent b203753013
commit 0b541c2029
4 changed files with 40 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/mkdep.pl
View File

@@ -115,7 +115,7 @@ sub mkdep {
# Expand some configure bits
$makefile =~ s:\@DEV\@::g;
$makefile =~ s:\@COMMON_OBJS\@:aix.lo event_poll.lo event_select.lo:;
$makefile =~ s:\@SUDO_OBJS\@:intercept.pb-c.o openbsd.o preload.o selinux.o sesh.o solaris.o:;
$makefile =~ s:\@SUDO_OBJS\@:intercept.pb-c.o openbsd.o preload.o apparmor.o selinux.o sesh.o solaris.o:;
$makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo ldap_util.lo ldap_conf.lo solaris_audit.lo sssd.lo:;
# XXX - fill in AUTH_OBJS from contents of the auth dir instead
$makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:;

21
scripts/mkpkg
View File

@@ -269,6 +269,23 @@ case "$osversion" in
make_opts="${make_opts}${make_opts+ }"'docdir=$(datarootdir)/doc/packages/$(PACKAGE_TARNAME)'
;;
deb*|ubu*)
# AppArmor is enabled by default starting in
# Debian: Debian 10 (Buster)
# Ubuntu: Ubuntu 12.04 (Precise Pangolin)
osmajor=`sed -n -e 's/^VERSION_ID=\"\([0-9]*\).*$/\1/p' /etc/os-release`
case "$osversion" in
deb*)
if [ -z $osmajor ] || [ $osmajor -ge 10 ]; then
with_apparmor=true
fi
;;
ubu*)
if [ -z $osmajor ] || [ $osmajor -ge 14 ]; then
with_apparmor=true
fi
;;
esac
# Encrypted remote I/O log support.
with_openssl=true
# Python plugins
@@ -295,6 +312,9 @@ case "$osversion" in
configure_opts="${configure_opts}${configure_opts+$tab}--with-sssd-lib=/usr/lib/$MULTIARCH"
fi
fi
if [ X"$with_apparmor" = X"true" ]; then
configure_opts="${configure_opts}${configure_opts+$tab}--with-apparmor"
fi
configure_opts="--prefix=/usr
--with-all-insults
--with-pam
@@ -311,7 +331,6 @@ case "$osversion" in
--with-sendmail=/usr/sbin/sendmail
--mandir=/usr/share/man
--libexecdir=/usr/lib
--with-selinux
--with-linux-audit
$configure_opts"
# Use correct libaudit dependency