From edd462ae3e4a01e38cf0dfeed12b716145bc6465 Mon Sep 17 00:00:00 2001 From: Fred Morcos Date: Tue, 9 Apr 2024 13:15:30 +0200 Subject: [PATCH] Meson: Add systemd feature support for service files This moves things around a bit. Moves libsystem detection to meson/libsystem/meson.build and uses meson/systemd/meson.build for systemd/systemctl version and feature detection --- meson.build | 1 + meson/libsystemd/meson.build | 9 ++++++ meson/systemd/meson.build | 53 ++++++++++++++++++++++++++++++++---- 3 files changed, 57 insertions(+), 6 deletions(-) create mode 100644 meson/libsystemd/meson.build diff --git a/meson.build b/meson.build index 7cbc150df..686f7abac 100644 --- a/meson.build +++ b/meson.build @@ -58,6 +58,7 @@ subdir('meson' / 'dlopen') # dlopen subdir('meson' / 'verbose-logging') # Verbose Logging subdir('meson' / 'pkcs11') # PKCS11 subdir('meson' / 'gss-tsig') # GSS-TSIG +subdir('meson' / 'libsystemd') # Systemd notification subdir('meson' / 'systemd') # Systemd and unit file handling subdir('meson' / 'code-coverage') # Code coverage subdir('meson' / 'auto-var-init') # Automatic Variable Initialization diff --git a/meson/libsystemd/meson.build b/meson/libsystemd/meson.build new file mode 100644 index 000000000..a4649a4ff --- /dev/null +++ b/meson/libsystemd/meson.build @@ -0,0 +1,9 @@ +opt_systemd = get_option('systemd') + +dep_systemd = dependency('libsystemd', required: opt_systemd) +conf.set('HAVE_SYSTEMD', dep_systemd.found(), description: 'libsystemd') +summary('libsystemd', dep_systemd.found(), bool_yn: true, section: 'Configuration') + +if dep_systemd.found() + summary('Lib Version', dep_systemd.version(), section: 'Systemd') +endif diff --git a/meson/systemd/meson.build b/meson/systemd/meson.build index 13b097b7a..3cb011314 100644 --- a/meson/systemd/meson.build +++ b/meson/systemd/meson.build @@ -1,9 +1,50 @@ -opt_systemd = get_option('systemd') +dep_systemd_prog = dependency('systemd', required: false) +summary('Systemd', dep_systemd_prog.found(), bool_yn: true, section: 'Configuration') -dep_systemd = dependency('libsystemd', required: opt_systemd) -conf.set('HAVE_SYSTEMD', dep_systemd.found(), description: 'systemd') -summary('Systemd', dep_systemd.found(), bool_yn: true, section: 'Configuration') +# Map systemd features to systemd/systemctl version. +systemd_features = { + 'private_tmp': 183, + 'system_call_architectures': 209, + 'private_devices': 209, + 'restrict_address_families': 211, + 'protect_system': 214, + 'protect_home': 214, + 'restrict_realtime': 231, + 'memory_deny_write_execute': 231, + 'protect_control_groups': 232, + 'protect_kernel_modules': 232, + 'protect_kernel_tunables': 232, + 'remove_ipc': 232, + 'dynamic_user': 232, + 'private_users': 232, + 'protect_system_strict': 232, + 'restrict_namespaces': 233, + 'lock_personality': 235, + # while SystemCallFilter is technically available starting with 187, + # we use the pre-defined call filter sets that have been introduced later. + # Initial support for these landed in 231 + # @filesystem @reboot @swap in 233 + # @aio, @sync, @chown, @setuid, @memlock, @signal and @timer in 235 + 'system_call_filter': 235, + 'percent_t': 236, + 'private_mounts': 239, + 'with_runtime_dir_env': 240, + 'protect_hostname': 242, + 'restrict_suidsgid': 242, + 'protect_kernel_logs': 244, + 'protect_clock': 245, + 'protect_proc': 247, + 'private_ipc': 248, +} -if dep_systemd.found() - summary('Version', dep_systemd.version(), section: 'Systemd') +systemd_version = dep_systemd_prog.version() +foreach feature, version: systemd_features + feature_name = 'have_systemd_' + feature + feature_value = systemd_version.version_compare('>=' + version.to_string()) + set_variable(feature_name, feature_value) + conf.set(feature_name.to_upper(), feature_value, description: 'systemd feature: ' + feature) +endforeach + +if dep_systemd_prog.found() + summary('Version', dep_systemd_prog.version(), section: 'Systemd') endif -- 2.39.2