Don't test AppArmor mediation of activation if libapparmor < 2.10

We need libapparmor 2.10 for the test, but not for the actual
functionality, for which 2.8.95 is enough. In particular this lets
us compile with AppArmor enabled on Ubuntu 14.04, which is still
the newest host platform available on travis-ci.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98666
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>

diff --git a/configure.ac b/configure.ac
index 7798b38..71a0855 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1066,8 +1066,10 @@ fi
 AS_IF([test x$enable_apparmor = xno],
   [have_apparmor=no],
   [
-  PKG_CHECK_MODULES([APPARMOR], [libapparmor >= 2.10],
+  PKG_CHECK_MODULES([APPARMOR], [libapparmor >= 2.8.95],
                     [have_apparmor=yes], [have_apparmor=no])
+  PKG_CHECK_MODULES([APPARMOR_2_10], [libapparmor >= 2.10],
+                    [have_apparmor_2_10=yes], [have_apparmor_2_10=no])
 
   AS_IF([test x$enable_apparmor = xauto && test x$have_apparmor = xno],
         [AC_MSG_WARN([Sufficiently new AppArmor library not found])])
@@ -1077,6 +1079,9 @@ AS_IF([test x$enable_apparmor = xno],
 
 AS_IF([test x$have_apparmor = xyes],
       [AC_DEFINE([HAVE_APPARMOR], [1], [AppArmor Support])])
+AS_IF([test x$have_apparmor_2_10 = xyes],
+      [AC_DEFINE([HAVE_APPARMOR_2_10], [1],
+                 [Define if libapparmor is version 2.10 or later])])
 
 # inotify checks
 if test x$enable_inotify = xno ; then

diff --git a/test/sd-activation.c b/test/sd-activation.c
index 24ac210..058a247 100644 (file)
--- a/test/sd-activation.c
+++ b/test/sd-activation.c
@@ -34,7 +34,7 @@
 #include <string.h>
 #include <sys/types.h>
 
-#if defined(HAVE_APPARMOR) && defined(DBUS_TEST_APPARMOR_ACTIVATION)
+#if defined(HAVE_APPARMOR_2_10) && defined(DBUS_TEST_APPARMOR_ACTIVATION)
 #include <sys/apparmor.h>
 #endif
 
@@ -206,9 +206,9 @@ static void
 setup (Fixture *f,
     gconstpointer context G_GNUC_UNUSED)
 {
-#if defined(DBUS_TEST_APPARMOR_ACTIVATION) && !defined(HAVE_APPARMOR)
+#if defined(DBUS_TEST_APPARMOR_ACTIVATION) && !defined(HAVE_APPARMOR_2_10)
 
-  g_test_skip ("AppArmor support not compiled");
+  g_test_skip ("AppArmor support not compiled or AppArmor 2.10 unavailable");
   return;
 
 #else
@@ -714,7 +714,7 @@ test_deny_receive (Fixture *f,
 
   /* systemd starts the activatable service. */
 
-#if defined(DBUS_TEST_APPARMOR_ACTIVATION) && defined(HAVE_APPARMOR)
+#if defined(DBUS_TEST_APPARMOR_ACTIVATION) && defined(HAVE_APPARMOR_2_10)
   /* The use of 42 here is arbitrary, see setup(). */
   if (aa_change_hat (bus_name, 42) != 0)
     g_error ("Unable to change profile to ...//^%s: %s",
@@ -729,7 +729,7 @@ test_deny_receive (Fixture *f,
   f->activated_name = dbus_bus_get_unique_name (f->activated);
   take_well_known_name (f, f->activated, bus_name);
 
-#if defined(DBUS_TEST_APPARMOR_ACTIVATION) && defined(HAVE_APPARMOR)
+#if defined(DBUS_TEST_APPARMOR_ACTIVATION) && defined(HAVE_APPARMOR_2_10)
   if (aa_change_hat (NULL, 42) != 0)
     g_error ("Unable to change back to initial profile: %s",
              g_strerror (errno));