This is another systemd implementation clean-up. It was found that
SELinux will block OpenVPN from checking /sys/fs/cgroups. As OpenVPN
only checked /sys/fs/cgroups and /sys/fs/cgroups/systemd to see if
systemd was available or not, it was considered better to query
systemd directly to see whether or not to query for usernames and
passwords via systemd.
This patch has been compile tested on Fedora 19 and Fedora 21 alpha and
function tested on Fedora 19.
v2 - Use PKG_CHECK_MODULES() + check for libsystemd before
libystemd-daemon. systemd >= 209 use a unified library
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1412356567-27125-1-git-send-email-openvpn.list@topphemmelig.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9072
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -997,6 +997,28 @@ if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then |
997 | 997 |
fi |
998 | 998 |
|
999 | 999 |
|
1000 |
+dnl |
|
1001 |
+dnl Check for systemd |
|
1002 |
+dnl |
|
1003 |
+ |
|
1004 |
+if test "$enable_systemd" = "yes" ; then |
|
1005 |
+ PKG_CHECK_MODULES([libsystemd], [systemd libsystemd], |
|
1006 |
+ [], |
|
1007 |
+ [PKG_CHECK_MODULES([libsystemd], [libsystemd-daemon])] |
|
1008 |
+ ) |
|
1009 |
+ AC_CHECK_HEADERS(systemd/sd-daemon.h, |
|
1010 |
+ , |
|
1011 |
+ [ |
|
1012 |
+ AC_MSG_ERROR([systemd development headers not found.]) |
|
1013 |
+ ]) |
|
1014 |
+ |
|
1015 |
+ saved_LIBS="${LIBS}" |
|
1016 |
+ LIBS="${LIBS} ${libsystemd_LIBS}" |
|
1017 |
+ AC_CHECK_FUNCS([sd_booted], [], [AC_MSG_ERROR([systemd library is missing sd_booted()])]) |
|
1018 |
+ OPTIONAL_SYSTEMD_LIBS="${libsystemd_LIBS}" |
|
1019 |
+ AC_DEFINE(ENABLE_SYSTEMD, 1, [Enable systemd integration]) |
|
1020 |
+ LIBS="${saved_LIBS}" |
|
1021 |
+fi |
|
1000 | 1022 |
|
1001 | 1023 |
|
1002 | 1024 |
AC_MSG_CHECKING([git checkout]) |
... | ... |
@@ -1037,7 +1059,6 @@ test "${enable_def_auth}" = "yes" && AC_DEFINE([ENABLE_DEF_AUTH], [1], [Enable d |
1037 | 1037 |
test "${enable_pf}" = "yes" && AC_DEFINE([ENABLE_PF], [1], [Enable internal packet filter]) |
1038 | 1038 |
test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHECK], [1], [Enable strict options check between peers]) |
1039 | 1039 |
test "${enable_password_save}" = "yes" && AC_DEFINE([ENABLE_PASSWORD_SAVE], [1], [Allow --askpass and --auth-user-pass passwords to be read from a file]) |
1040 |
-test "${enable_systemd}" = "yes" && AC_DEFINE([ENABLE_SYSTEMD], [1], [Enable systemd support]) |
|
1041 | 1040 |
|
1042 | 1041 |
case "${with_crypto_library}" in |
1043 | 1042 |
openssl) |
... | ... |
@@ -1170,6 +1191,7 @@ AC_SUBST([OPTIONAL_SNAPPY_CFLAGS]) |
1170 | 1170 |
AC_SUBST([OPTIONAL_SNAPPY_LIBS]) |
1171 | 1171 |
AC_SUBST([OPTIONAL_LZ4_CFLAGS]) |
1172 | 1172 |
AC_SUBST([OPTIONAL_LZ4_LIBS]) |
1173 |
+AC_SUBST([OPTIONAL_SYSTEMD_LIBS]) |
|
1173 | 1174 |
AC_SUBST([OPTIONAL_PKCS11_HELPER_CFLAGS]) |
1174 | 1175 |
AC_SUBST([OPTIONAL_PKCS11_HELPER_LIBS]) |
1175 | 1176 |
|
... | ... |
@@ -34,6 +34,10 @@ |
34 | 34 |
#include "buffer.h" |
35 | 35 |
#include "misc.h" |
36 | 36 |
|
37 |
+#ifdef ENABLE_SYSTEMD |
|
38 |
+#include <systemd/sd-daemon.h> |
|
39 |
+#endif |
|
40 |
+ |
|
37 | 41 |
#ifdef WIN32 |
38 | 42 |
|
39 | 43 |
#include "win32.h" |
... | ... |
@@ -143,15 +147,13 @@ close_tty (FILE *fp) |
143 | 143 |
static bool |
144 | 144 |
check_systemd_running () |
145 | 145 |
{ |
146 |
- struct stat a, b, c; |
|
146 |
+ struct stat c; |
|
147 | 147 |
|
148 | 148 |
/* We simply test whether the systemd cgroup hierarchy is |
149 | 149 |
* mounted, as well as the systemd-ask-password executable |
150 | 150 |
* being available */ |
151 | 151 |
|
152 |
- return (lstat("/sys/fs/cgroup", &a) == 0) |
|
153 |
- && (lstat("/sys/fs/cgroup/systemd", &b) == 0) |
|
154 |
- && (a.st_dev != b.st_dev) |
|
152 |
+ return (sd_booted() > 0) |
|
155 | 153 |
&& (stat(SYSTEMD_ASK_PASSWORD_PATH, &c) == 0); |
156 | 154 |
|
157 | 155 |
} |