From 5600c405d5f1b12cad94915014e7cb46bf8fb746 Mon Sep 17 00:00:00 2001
From: Andy Lutomirski
Date: Mon, 14 Jan 2013 07:58:57 -0800
Subject: setpriv: run a program with different Linux privilege settings

This new command can set no_new_privs, uid, gid, groups, securebits,
inheritable caps, the cap bounding set, securebits, and selinux and
apparmor labels.

[kerolasa@iki.fi: a lot of small adjustment making the command to be good
fit to util-linux project]

Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
---
 configure.ac | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index 9024809e7..d3a8e9e7f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -879,6 +879,20 @@ if test "x$build_nsenter" = xyes; then
   AC_CHECK_FUNCS([setns])
 fi
 
+dnl setpriv depends on libcap-ng.  It would be possible to build
+dnl a version of setpriv with limited functionality without libcap-ng,
+dnl but this isn't currently supported.
+UL_CHECK_LIB([cap-ng], [capng_apply], [cap_ng])
+AC_ARG_ENABLE([setpriv],
+  AS_HELP_STRING([--disable-setpriv], [do not build setpriv]),
+  [], enable_setpriv=check
+)
+UL_BUILD_INIT([setpriv])
+UL_REQUIRES_LINUX([setpriv])
+UL_REQUIRES_HAVE([setpriv], [cap_ng], [libcap-ng])
+AM_CONDITIONAL(BUILD_SETPRIV, test "x$build_setpriv" = xyes)
+
+
 AC_ARG_ENABLE([arch],
   AS_HELP_STRING([--enable-arch], [do build arch]),
   [], enable_arch=no
-- 
cgit v1.2.3-55-g7522