0.9.300.9.32

author: netblue30 <netblue30@yahoo.com> 2015-10-21 12:47:14 -0400
committer: netblue30 <netblue30@yahoo.com> 2015-10-21 12:47:14 -0400
commit: b19a058950d7bd7a289bf34a0929a237919065c6 (patch)
tree: f79d03807eafb861be7b698578b0cc9863c9453c
parent: 0.9.32 testing (diff)
download: firejail-0.9.32.tar.gz
firejail-0.9.32.tar.zst
firejail-0.9.32.zip
1 files changed, 337 insertions, 0 deletions
diff --git a/platform/rpm/old-mkrpm.sh b/platform/rpm/old-mkrpm.sh
new file mode 100755
index 000000000..30aba0462
--- /dev/null
+++ b/platform/rpm/old-mkrpm.sh
@@ -0,0 +1,337 @@
+#!/bin/bash
+VERSION="0.9.32"
+rm -fr ~/rpmbuild
+rm -f firejail-$VERSION-1.x86_64.rpm
+mkdir -p ~/rpmbuild/{RPMS,SRPMS,BUILD,SOURCES,SPECS,tmp}
+cat <<EOF >~/.rpmmacros
+%_topdir   %(echo $HOME)/rpmbuild
+%_tmppath  %{_topdir}/tmp
+EOF
+cd ~/rpmbuild
+echo "building directory tree"
+mkdir -p firejail-$VERSION/usr/bin
+install -m 755 /usr/bin/firejail firejail-$VERSION/usr/bin/.
+install -m 755 /usr/bin/firemon firejail-$VERSION/usr/bin/.
+mkdir -p  firejail-$VERSION/usr/lib/firejail
+install -m 644 /usr/lib/firejail/libtrace.so  firejail-$VERSION/usr/lib/firejail/.
+install -m 755 /usr/lib/firejail/ftee  firejail-$VERSION/usr/lib/firejail/.
+install -m 755 /usr/lib/firejail/fshaper.sh  firejail-$VERSION/usr/lib/firejail/.
+mkdir -p firejail-$VERSION/usr/share/man/man1
+install -m 644 /usr/share/man/man1/firejail.1.gz firejail-$VERSION/usr/share/man/man1/.
+install -m 644 /usr/share/man/man1/firemon.1.gz firejail-$VERSION/usr/share/man/man1/.
+mkdir -p firejail-$VERSION/usr/share/man/man5
+install -m 644 /usr/share/man/man5/firejail-profile.5.gz firejail-$VERSION/usr/share/man/man5/.
+install -m 644 /usr/share/man/man5/firejail-login.5.gz firejail-$VERSION/usr/share/man/man5/.
+mkdir -p firejail-$VERSION/usr/share/doc/packages/firejail
+install -m 644 /usr/share/doc/firejail/COPYING firejail-$VERSION/usr/share/doc/packages/firejail/.
+install -m 644 /usr/share/doc/firejail/README firejail-$VERSION/usr/share/doc/packages/firejail/.
+install -m 644 /usr/share/doc/firejail/RELNOTES firejail-$VERSION/usr/share/doc/packages/firejail/.
+mkdir -p firejail-$VERSION/etc/firejail
+install -m 644 /etc/firejail/xchat.profile firejail-$VERSION/etc/firejail/xchat.profile
+install -m 644 /etc/firejail/server.profile firejail-$VERSION/etc/firejail/server.profile
+install -m 644 /etc/firejail/quassel.profile firejail-$VERSION/etc/firejail/quassel.profile
+install -m 644 /etc/firejail/pidgin.profile firejail-$VERSION/etc/firejail/pidgin.profile
+install -m 644 /etc/firejail/icecat.profile firejail-$VERSION/etc/firejail/icecat.profile
+install -m 644 /etc/firejail/filezilla.profile firejail-$VERSION/etc/firejail/filezilla.profile
+install -m 644 /etc/firejail/chromium-browser.profile firejail-$VERSION/etc/firejail/chromium-browser.profile
+install -m 644 /etc/firejail/chromium.profile firejail-$VERSION/etc/firejail/chromium.profile
+install -m 644 /etc/firejail/dropbox.profile firejail-$VERSION/etc/firejail/dropbox.profile
+install -m 644 /etc/firejail/disable-common.inc firejail-$VERSION/etc/firejail/disable-common.inc
+install -m 644 /etc/firejail/disable-history.inc firejail-$VERSION/etc/firejail/disable-history.inc
+install -m 644 /etc/firejail/disable-secret.inc firejail-$VERSION/etc/firejail/disable-secret.inc
+install -m 644 /etc/firejail/disable-mgmt.inc firejail-$VERSION/etc/firejail/disable-mgmt.inc
+install -m 644 /etc/firejail/evince.profile firejail-$VERSION/etc/firejail/evince.profile
+install -m 644 /etc/firejail/firefox.profile firejail-$VERSION/etc/firejail/firefox.profile
+install -m 644 /etc/firejail/icedove.profile firejail-$VERSION/etc/firejail/icedove.profile
+install -m 644 /etc/firejail/iceweasel.profile firejail-$VERSION/etc/firejail/iceweasel.profile
+install -m 644 /etc/firejail/midori.profile firejail-$VERSION/etc/firejail/midori.profile
+install -m 644 /etc/firejail/thunderbird.profile firejail-$VERSION/etc/firejail/thunderbird.profile
+install -m 644 /etc/firejail/opera.profile firejail-$VERSION/etc/firejail/opera.profile
+install -m 644 /etc/firejail/transmission-gtk.profile firejail-$VERSION/etc/firejail/transmission-gtk.profile
+install -m 644 /etc/firejail/transmission-qt.profile firejail-$VERSION/etc/firejail/transmission-qt.profile
+install -m 644 /etc/firejail/vlc.profile firejail-$VERSION/etc/firejail/vlc.profile
+install -m 644 /etc/firejail/audacious.profile firejail-$VERSION/etc/firejail/audacious.profile
+install -m 644 /etc/firejail/clementine.profile firejail-$VERSION/etc/firejail/clementine.profile
+install -m 644 /etc/firejail/gnome-mplayer.profile firejail-$VERSION/etc/firejail/gnome-mplayer.profile
+install -m 644 /etc/firejail/rhythmbox.profile firejail-$VERSION/etc/firejail/rhythmbox.profile
+install -m 644 /etc/firejail/totem.profile firejail-$VERSION/etc/firejail/totem.profile
+install -m 644 /etc/firejail/deluge.profile firejail-$VERSION/etc/firejail/deluge.profile
+install -m 644 /etc/firejail/qbittorrent.profile firejail-$VERSION/etc/firejail/qbittorrent.profile
+install -m 644 /etc/firejail/generic.profile firejail-$VERSION/etc/firejail/generic.profile
+install -m 644 /etc/firejail/login.users firejail-$VERSION/etc/firejail/login.users
+install -m 644 /etc/firejail/deadbeef.profile firejail-$VERSION/etc/firejail/deadbeef.profile
+install -m 644 /etc/firejail/empathy.profile firejail-$VERSION/etc/firejail/empathy.profile
+install -m 644 /etc/firejail/fbreader.profile firejail-$VERSION/etc/firejail/fbreader.profile
+install -m 644 /etc/firejail/spotify.profile firejail-$VERSION/etc/firejail/spotify.profile
+mkdir -p firejail-$VERSION/usr/share/bash-completion/completions
+install -m 644 /usr/share/bash-completion/completions/firejail  firejail-$VERSION/usr/share/bash-completion/completions/.
+install -m 644 /usr/share/bash-completion/completions/firemon  firejail-$VERSION/usr/share/bash-completion/completions/.
+echo "building tar.gz archive"
+tar -czvf firejail-$VERSION.tar.gz firejail-$VERSION
+cp firejail-$VERSION.tar.gz SOURCES/.
+echo "building config spec"
+cat <<EOF > SPECS/firejail.spec
+%define        __spec_install_post %{nil}
+%define          debug_package %{nil}
+%define        __os_install_post %{_dbpath}/brp-compress
+Summary: Linux namepaces sandbox program
+Name: firejail
+Version: $VERSION
+Release: 1
+License: GPL+
+Group: Development/Tools
+SOURCE0 : %{name}-%{version}.tar.gz
+URL: http://firejail.sourceforege.net
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+%description
+Firejail  is  a  SUID sandbox program that reduces the risk of security
+breaches by restricting the running environment of untrusted applications
+using Linux namespaces. It includes a sandbox profile for Mozilla Firefox.
+%prep
+%setup -q
+%build
+%install
+rm -rf %{buildroot}
+mkdir -p  %{buildroot}
+cp -a * %{buildroot}
+%clean
+rm -rf %{buildroot}
+%files
+%defattr(-,root,root,-)
+%config(noreplace) %{_sysconfdir}/%{name}/chromium-browser.profile
+%config(noreplace) %{_sysconfdir}/%{name}/chromium.profile
+%config(noreplace) %{_sysconfdir}/%{name}/disable-mgmt.inc
+%config(noreplace) %{_sysconfdir}/%{name}/disable-secret.inc
+%config(noreplace) %{_sysconfdir}/%{name}/dropbox.profile
+%config(noreplace) %{_sysconfdir}/%{name}/evince.profile
+%config(noreplace) %{_sysconfdir}/%{name}/firefox.profile
+%config(noreplace) %{_sysconfdir}/%{name}/icedove.profile
+%config(noreplace) %{_sysconfdir}/%{name}/iceweasel.profile
+%config(noreplace) %{_sysconfdir}/%{name}/login.users
+%config(noreplace) %{_sysconfdir}/%{name}/midori.profile
+%config(noreplace) %{_sysconfdir}/%{name}/opera.profile
+%config(noreplace) %{_sysconfdir}/%{name}/thunderbird.profile
+%config(noreplace) %{_sysconfdir}/%{name}/transmission-gtk.profile
+%config(noreplace) %{_sysconfdir}/%{name}/transmission-qt.profile
+%config(noreplace) %{_sysconfdir}/%{name}/vlc.profile
+%config(noreplace) %{_sysconfdir}/%{name}/audacious.profile
+%config(noreplace) %{_sysconfdir}/%{name}/clementine.profile
+%config(noreplace) %{_sysconfdir}/%{name}/gnome-mplayer.profile
+%config(noreplace) %{_sysconfdir}/%{name}/rhythmbox.profile
+%config(noreplace) %{_sysconfdir}/%{name}/totem.profile
+%config(noreplace) %{_sysconfdir}/%{name}/deluge.profile
+%config(noreplace) %{_sysconfdir}/%{name}/qbittorrent.profile
+%config(noreplace) %{_sysconfdir}/%{name}/generic.profile
+%config(noreplace) %{_sysconfdir}/%{name}/deadbeef.profile
+%config(noreplace) %{_sysconfdir}/%{name}/disable-common.inc
+%config(noreplace) %{_sysconfdir}/%{name}/disable-history.inc
+%config(noreplace) %{_sysconfdir}/%{name}/empathy.profile
+%config(noreplace) %{_sysconfdir}/%{name}/filezilla.profile
+%config(noreplace) %{_sysconfdir}/%{name}/icecat.profile
+%config(noreplace) %{_sysconfdir}/%{name}/pidgin.profile
+%config(noreplace) %{_sysconfdir}/%{name}/quassel.profile
+%config(noreplace) %{_sysconfdir}/%{name}/server.profile
+%config(noreplace) %{_sysconfdir}/%{name}/xchat.profile
+%config(noreplace) %{_sysconfdir}/%{name}/fbreader.profile
+%config(noreplace) %{_sysconfdir}/%{name}/spotify.profile
+/usr/bin/firejail
+/usr/bin/firemon
+/usr/lib/firejail/libtrace.so
+/usr/lib/firejail/ftee
+/usr/lib/firejail/fshaper.sh
+/usr/share/doc/packages/firejail/COPYING
+/usr/share/doc/packages/firejail/README
+/usr/share/doc/packages/firejail/RELNOTES
+/usr/share/man/man1/firejail.1.gz
+/usr/share/man/man1/firemon.1.gz
+/usr/share/man/man5/firejail-profile.5.gz
+/usr/share/man/man5/firejail-login.5.gz
+/usr/share/bash-completion/completions/firejail
+/usr/share/bash-completion/completions/firemon
+ 
+%post
+chmod u+s /usr/bin/firejail
+%changelog
+* Wed Oct 21 2015 netblue30 <netblue30@yahoo.com> 0.9.32-1
+ - added --interface option
+ - added --mtu option
+ - added --private-bin option
+ - added --nosound option
+ - added --hostname option
+ - added --quiet option
+ - added seccomp errno support
+ - added FBReader default profile
+ - added Spotify default profile
+ - lots of default security profile changes
+ - fixed a security problem on multi-user systems
+ - bugfixes
+* Mon Sep 14 2015 netblue30 <netblue30@yahoo.com> 0.9.30-1
+ - added a disable-history.inc profile as a result of Firefox PDF.js exploit;
+   disable-history.inc included in all default profiles
+ - Firefox PDF.js exploit (CVE-2015-4495) fixes
+ - added --private-etc option
+ - added --env option
+ - added --whitelist option
+ - support ${HOME} token in include directive in profile files
+ - --private.keep is transitioned to --private-home
+ - support ~ and blanks in blacklist option
+ - support "net none" command in profile files
+ - using /etc/firejail/generic.profile by default for user sessions
+ - using /etc/firejail/server.profile by default for root sessions
+ - added build --enable-fatal-warnings configure option
+ - added persistence to --overlay option
+ - added --overlay-tmpfs option
+ - make install-strip implemented, make install renamed
+ - bugfixes
+* Sat Aug 1 2015 netblue30 <netblue30@yahoo.com> 0.9.28-1
+ - network scanning, --scan option
+ - interface MAC address support, --mac option
+ - IP address range, --iprange option
+ - traffic shaping, --bandwidth option
+ - reworked printing of network status at startup
+ - man pages rework
+ - added firejail-login man page
+ - added GNU Icecat, FileZilla, Pidgin, XChat, Empathy, DeaDBeeF default
+   profiles
+ - added an /etc/firejail/disable-common.inc file to hold common directory
+   blacklists
+ - blacklist Opera and Chrome/Chromium config directories in profile files
+ - support noroot option for profile files
+ - enabled noroot in default profile files
+ - bugfixes
+* Thu Apr 30 2015 netblue30 <netblue30@yahoo.com> 0.9.26-1
+ - private dev directory
+ - private.keep option for whitelisting home files in a new private directory
+ - user namespaces support, noroot option
+ - added Deluge and qBittorent profiles
+ - bugfixes
+* Sun Apr 5 2015  netblue30 <netblue30@yahoo.com> 0.9.24-1
+ - whitelist and blacklist seccomp filters
+ - doubledash option
+ - --shell=none support
+ - netfilter file support in profile files
+ - dns server support in profile files
+ - added --dns.print option
+ - added default profiles for Audoacious, Clementine, Rhythmbox and Totem.
+ - added --caps.drop=all in default profiles
+ - new syscalls in default seccomp filter: sysfs, sysctl, adjtimex, kcmp
+ -        clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init
+ - Bugfix: using /proc/sys/kernel/pid_max for the max number of pids
+ - two build patches from Reiner Herman (tickets 11, 12)
+ - man page patch from Reiner Herman (ticket 13)
+ - output patch (ticket 15) from sshirokov
+* Mon Mar 9 2015  netblue30 <netblue30@yahoo.com> 0.9.22-1
+ - Replaced --noip option with --ip=none
+ - Container stdout logging and log rotation
+ - Added process_vm_readv, process_vm_writev and mknod to
+     default seccomp blacklist
+ - Added CAP_MKNOD to default caps blacklist
+ - Blacklist and whitelist custom Linux capabilities filters
+ - macvlan device driver support for --net option
+ - DNS server support, --dns option
+ - Netfilter support
+ - Monitor network statistics, --netstats option
+ - Added profile for Mozilla Thunderbird/Icedove
+ - --overlay support for Linux kernels 3.18+
+ - Bugfix: preserve .Xauthority file in private mode (test with ssh -X)
+ - Bugfix: check uid/gid for cgroup
+* Fri Feb 6 2015   netblue30 <netblue30@yahoo.com> 0.9.20-1
+ - utmp, btmp and wtmp enhancements
+ -    create empty /var/log/wtmp and /var/log/btmp files in sandbox
+ -    generate a new /var/run/utmp file in sandbox
+ - CPU affinity, --cpu option
+ - Linux control groups support, --cgroup option
+ - Opera web browser support
+ - VLC support
+ - Added "empty" attribute to seccomp command to remove the default
+ -    syscall list form seccomp blacklist
+ - Added --nogroups option to disable supplementary groups for regular
+ -   users. root user always runs without supplementary groups.
+ - firemon enhancements
+ -   display the command that started the sandbox
+ -   added --caps option to display capabilities for all sandboxes
+ -   added --cgroup option to display the control groups for all sandboxes
+ -   added --cpu option to display CPU affinity for all sandboxes
+ -   added --seccomp option to display seccomp setting for all sandboxes
+ - New compile time options: --disable-chroot, --disable-bind
+ - bugfixes
+* Sat Dec 27 2014  netblue30 <netblue30@yahoo.com> 0.9.18-1
+ - Support for tracing system, setuid, setgid, setfsuid, setfsgid syscalls
+ - Support for tracing setreuid, setregid, setresuid, setresguid syscalls
+ - Added profiles for transmission-gtk and transmission-qt
+ - bugfixes
+* Tue Nov 4 2014  netblue30 <netblue30@yahoo.com> 0.9.16-1
+ - Configurable private home directory
+ - Configurable default user shell
+ - Software configuration support for --docdir and DESTDIR
+ - Profile file support for include, caps, seccomp and private keywords
+ - Dropbox profile file
+ - Linux capabilities and seccomp filters enabled by default for Firefox,
+  Midori, Evince and Dropbox
+ - bugfixes
+* Wed Oct 8 2014  netblue30 <netblue30@yahoo.com> 0.9.14-1
+ - Linux capabilities and seccomp filters are automatically enabled in 
+   chroot mode (--chroot option) if the sandbox is started as regular
+   user
+ - Added support for user defined seccomp blacklists
+ - Added syscall trace support
+ - Added --tmpfs option
+ - Added --balcklist option
+ - Added --read-only option
+ - Added --bind option
+ - Logging enhancements
+ - --overlay option was reactivated
+ - Added firemon support to print the ARP table for each sandbox
+ - Added firemon support to print the route table for each sandbox
+ - Added firemon support to print interface information for each sandbox
+ - bugfixes
+* Tue Sep 16 2014 netblue30 <netblue30@yahoo.com> 0.9.12-1
+ - Added capabilities support
+ - Added support for CentOS 7
+ - bugfixes
+EOF
+echo "building rpm"
+rpmbuild -ba SPECS/firejail.spec
+rpm -qpl RPMS/x86_64/firejail-$VERSION-1.x86_64.rpm
+cd ..
+rm -f firejail-$VERSION-1.x86_64.rpm
+cp rpmbuild/RPMS/x86_64/firejail-$VERSION-1.x86_64.rpm .
author	netblue30 <netblue30@yahoo.com>	2015-10-21 12:47:14 -0400
committer	netblue30 <netblue30@yahoo.com>	2015-10-21 12:47:14 -0400
commit	b19a058950d7bd7a289bf34a0929a237919065c6 (patch)
tree	f79d03807eafb861be7b698578b0cc9863c9453c
parent	0.9.32 testing (diff)
download	firejail-0.9.32.tar.gz firejail-0.9.32.tar.zst firejail-0.9.32.zip

diff --git a/platform/rpm/old-mkrpm.sh b/platform/rpm/old-mkrpm.sh new file mode 100755 index 000000000..30aba0462 --- /dev/null +++ b/platform/rpm/old-mkrpm.sh
@@ -0,0 +1,337 @@
	1	#!/bin/bash
	2	VERSION="0.9.32"
	3	rm -fr ~/rpmbuild
	4	rm -f firejail-$VERSION-1.x86_64.rpm
	5
	6	mkdir -p ~/rpmbuild/{RPMS,SRPMS,BUILD,SOURCES,SPECS,tmp}
	7	cat <<EOF >~/.rpmmacros
	8	%_topdir %(echo $HOME)/rpmbuild
	9	%_tmppath %{_topdir}/tmp
	10	EOF
	11
	12	cd ~/rpmbuild
	13	echo "building directory tree"
	14
	15	mkdir -p firejail-$VERSION/usr/bin
	16	install -m 755 /usr/bin/firejail firejail-$VERSION/usr/bin/.
	17	install -m 755 /usr/bin/firemon firejail-$VERSION/usr/bin/.
	18
	19	mkdir -p firejail-$VERSION/usr/lib/firejail
	20	install -m 644 /usr/lib/firejail/libtrace.so firejail-$VERSION/usr/lib/firejail/.
	21	install -m 755 /usr/lib/firejail/ftee firejail-$VERSION/usr/lib/firejail/.
	22	install -m 755 /usr/lib/firejail/fshaper.sh firejail-$VERSION/usr/lib/firejail/.
	23
	24	mkdir -p firejail-$VERSION/usr/share/man/man1
	25	install -m 644 /usr/share/man/man1/firejail.1.gz firejail-$VERSION/usr/share/man/man1/.
	26	install -m 644 /usr/share/man/man1/firemon.1.gz firejail-$VERSION/usr/share/man/man1/.
	27
	28	mkdir -p firejail-$VERSION/usr/share/man/man5
	29	install -m 644 /usr/share/man/man5/firejail-profile.5.gz firejail-$VERSION/usr/share/man/man5/.
	30	install -m 644 /usr/share/man/man5/firejail-login.5.gz firejail-$VERSION/usr/share/man/man5/.
	31
	32	mkdir -p firejail-$VERSION/usr/share/doc/packages/firejail
	33	install -m 644 /usr/share/doc/firejail/COPYING firejail-$VERSION/usr/share/doc/packages/firejail/.
	34	install -m 644 /usr/share/doc/firejail/README firejail-$VERSION/usr/share/doc/packages/firejail/.
	35	install -m 644 /usr/share/doc/firejail/RELNOTES firejail-$VERSION/usr/share/doc/packages/firejail/.
	36
	37	mkdir -p firejail-$VERSION/etc/firejail
	38	install -m 644 /etc/firejail/xchat.profile firejail-$VERSION/etc/firejail/xchat.profile
	39	install -m 644 /etc/firejail/server.profile firejail-$VERSION/etc/firejail/server.profile
	40	install -m 644 /etc/firejail/quassel.profile firejail-$VERSION/etc/firejail/quassel.profile
	41	install -m 644 /etc/firejail/pidgin.profile firejail-$VERSION/etc/firejail/pidgin.profile
	42	install -m 644 /etc/firejail/icecat.profile firejail-$VERSION/etc/firejail/icecat.profile
	43	install -m 644 /etc/firejail/filezilla.profile firejail-$VERSION/etc/firejail/filezilla.profile
	44	install -m 644 /etc/firejail/chromium-browser.profile firejail-$VERSION/etc/firejail/chromium-browser.profile
	45	install -m 644 /etc/firejail/chromium.profile firejail-$VERSION/etc/firejail/chromium.profile
	46	install -m 644 /etc/firejail/dropbox.profile firejail-$VERSION/etc/firejail/dropbox.profile
	47	install -m 644 /etc/firejail/disable-common.inc firejail-$VERSION/etc/firejail/disable-common.inc
	48	install -m 644 /etc/firejail/disable-history.inc firejail-$VERSION/etc/firejail/disable-history.inc
	49	install -m 644 /etc/firejail/disable-secret.inc firejail-$VERSION/etc/firejail/disable-secret.inc
	50	install -m 644 /etc/firejail/disable-mgmt.inc firejail-$VERSION/etc/firejail/disable-mgmt.inc
	51	install -m 644 /etc/firejail/evince.profile firejail-$VERSION/etc/firejail/evince.profile
	52	install -m 644 /etc/firejail/firefox.profile firejail-$VERSION/etc/firejail/firefox.profile
	53	install -m 644 /etc/firejail/icedove.profile firejail-$VERSION/etc/firejail/icedove.profile
	54	install -m 644 /etc/firejail/iceweasel.profile firejail-$VERSION/etc/firejail/iceweasel.profile
	55	install -m 644 /etc/firejail/midori.profile firejail-$VERSION/etc/firejail/midori.profile
	56	install -m 644 /etc/firejail/thunderbird.profile firejail-$VERSION/etc/firejail/thunderbird.profile
	57	install -m 644 /etc/firejail/opera.profile firejail-$VERSION/etc/firejail/opera.profile
	58	install -m 644 /etc/firejail/transmission-gtk.profile firejail-$VERSION/etc/firejail/transmission-gtk.profile
	59	install -m 644 /etc/firejail/transmission-qt.profile firejail-$VERSION/etc/firejail/transmission-qt.profile
	60	install -m 644 /etc/firejail/vlc.profile firejail-$VERSION/etc/firejail/vlc.profile
	61	install -m 644 /etc/firejail/audacious.profile firejail-$VERSION/etc/firejail/audacious.profile
	62	install -m 644 /etc/firejail/clementine.profile firejail-$VERSION/etc/firejail/clementine.profile
	63	install -m 644 /etc/firejail/gnome-mplayer.profile firejail-$VERSION/etc/firejail/gnome-mplayer.profile
	64	install -m 644 /etc/firejail/rhythmbox.profile firejail-$VERSION/etc/firejail/rhythmbox.profile
	65	install -m 644 /etc/firejail/totem.profile firejail-$VERSION/etc/firejail/totem.profile
	66	install -m 644 /etc/firejail/deluge.profile firejail-$VERSION/etc/firejail/deluge.profile
	67	install -m 644 /etc/firejail/qbittorrent.profile firejail-$VERSION/etc/firejail/qbittorrent.profile
	68	install -m 644 /etc/firejail/generic.profile firejail-$VERSION/etc/firejail/generic.profile
	69	install -m 644 /etc/firejail/login.users firejail-$VERSION/etc/firejail/login.users
	70	install -m 644 /etc/firejail/deadbeef.profile firejail-$VERSION/etc/firejail/deadbeef.profile
	71	install -m 644 /etc/firejail/empathy.profile firejail-$VERSION/etc/firejail/empathy.profile
	72	install -m 644 /etc/firejail/fbreader.profile firejail-$VERSION/etc/firejail/fbreader.profile
	73	install -m 644 /etc/firejail/spotify.profile firejail-$VERSION/etc/firejail/spotify.profile
	74
	75
	76	mkdir -p firejail-$VERSION/usr/share/bash-completion/completions
	77	install -m 644 /usr/share/bash-completion/completions/firejail firejail-$VERSION/usr/share/bash-completion/completions/.
	78	install -m 644 /usr/share/bash-completion/completions/firemon firejail-$VERSION/usr/share/bash-completion/completions/.
	79
	80	echo "building tar.gz archive"
	81	tar -czvf firejail-$VERSION.tar.gz firejail-$VERSION
	82
	83	cp firejail-$VERSION.tar.gz SOURCES/.
	84
	85	echo "building config spec"
	86	cat <<EOF > SPECS/firejail.spec
	87	%define __spec_install_post %{nil}
	88	%define debug_package %{nil}
	89	%define __os_install_post %{_dbpath}/brp-compress
	90
	91	Summary: Linux namepaces sandbox program
	92	Name: firejail
	93	Version: $VERSION
	94	Release: 1
	95	License: GPL+
	96	Group: Development/Tools
	97	SOURCE0 : %{name}-%{version}.tar.gz
	98	URL: http://firejail.sourceforege.net
	99
	100	BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
	101
	102	%description
	103	Firejail is a SUID sandbox program that reduces the risk of security
	104	breaches by restricting the running environment of untrusted applications
	105	using Linux namespaces. It includes a sandbox profile for Mozilla Firefox.
	106
	107	%prep
	108	%setup -q
	109
	110	%build
	111
	112	%install
	113	rm -rf %{buildroot}
	114	mkdir -p %{buildroot}
	115
	116	cp -a * %{buildroot}
	117
	118
	119	%clean
	120	rm -rf %{buildroot}
	121
	122
	123	%files
	124	%defattr(-,root,root,-)
	125	%config(noreplace) %{_sysconfdir}/%{name}/chromium-browser.profile
	126	%config(noreplace) %{_sysconfdir}/%{name}/chromium.profile
	127	%config(noreplace) %{_sysconfdir}/%{name}/disable-mgmt.inc
	128	%config(noreplace) %{_sysconfdir}/%{name}/disable-secret.inc
	129	%config(noreplace) %{_sysconfdir}/%{name}/dropbox.profile
	130	%config(noreplace) %{_sysconfdir}/%{name}/evince.profile
	131	%config(noreplace) %{_sysconfdir}/%{name}/firefox.profile
	132	%config(noreplace) %{_sysconfdir}/%{name}/icedove.profile
	133	%config(noreplace) %{_sysconfdir}/%{name}/iceweasel.profile
	134	%config(noreplace) %{_sysconfdir}/%{name}/login.users
	135	%config(noreplace) %{_sysconfdir}/%{name}/midori.profile
	136	%config(noreplace) %{_sysconfdir}/%{name}/opera.profile
	137	%config(noreplace) %{_sysconfdir}/%{name}/thunderbird.profile
	138	%config(noreplace) %{_sysconfdir}/%{name}/transmission-gtk.profile
	139	%config(noreplace) %{_sysconfdir}/%{name}/transmission-qt.profile
	140	%config(noreplace) %{_sysconfdir}/%{name}/vlc.profile
	141	%config(noreplace) %{_sysconfdir}/%{name}/audacious.profile
	142	%config(noreplace) %{_sysconfdir}/%{name}/clementine.profile
	143	%config(noreplace) %{_sysconfdir}/%{name}/gnome-mplayer.profile
	144	%config(noreplace) %{_sysconfdir}/%{name}/rhythmbox.profile
	145	%config(noreplace) %{_sysconfdir}/%{name}/totem.profile
	146	%config(noreplace) %{_sysconfdir}/%{name}/deluge.profile
	147	%config(noreplace) %{_sysconfdir}/%{name}/qbittorrent.profile
	148	%config(noreplace) %{_sysconfdir}/%{name}/generic.profile
	149	%config(noreplace) %{_sysconfdir}/%{name}/deadbeef.profile
	150	%config(noreplace) %{_sysconfdir}/%{name}/disable-common.inc
	151	%config(noreplace) %{_sysconfdir}/%{name}/disable-history.inc
	152	%config(noreplace) %{_sysconfdir}/%{name}/empathy.profile
	153	%config(noreplace) %{_sysconfdir}/%{name}/filezilla.profile
	154	%config(noreplace) %{_sysconfdir}/%{name}/icecat.profile
	155	%config(noreplace) %{_sysconfdir}/%{name}/pidgin.profile
	156	%config(noreplace) %{_sysconfdir}/%{name}/quassel.profile
	157	%config(noreplace) %{_sysconfdir}/%{name}/server.profile
	158	%config(noreplace) %{_sysconfdir}/%{name}/xchat.profile
	159	%config(noreplace) %{_sysconfdir}/%{name}/fbreader.profile
	160	%config(noreplace) %{_sysconfdir}/%{name}/spotify.profile
	161
	162	/usr/bin/firejail
	163	/usr/bin/firemon
	164	/usr/lib/firejail/libtrace.so
	165	/usr/lib/firejail/ftee
	166	/usr/lib/firejail/fshaper.sh
	167	/usr/share/doc/packages/firejail/COPYING
	168	/usr/share/doc/packages/firejail/README
	169	/usr/share/doc/packages/firejail/RELNOTES
	170	/usr/share/man/man1/firejail.1.gz
	171	/usr/share/man/man1/firemon.1.gz
	172	/usr/share/man/man5/firejail-profile.5.gz
	173	/usr/share/man/man5/firejail-login.5.gz
	174	/usr/share/bash-completion/completions/firejail
	175	/usr/share/bash-completion/completions/firemon
	176
	177	%post
	178	chmod u+s /usr/bin/firejail
	179
	180	%changelog
	181	* Wed Oct 21 2015 netblue30 <netblue30@yahoo.com> 0.9.32-1
	182	- added --interface option
	183	- added --mtu option
	184	- added --private-bin option
	185	- added --nosound option
	186	- added --hostname option
	187	- added --quiet option
	188	- added seccomp errno support
	189	- added FBReader default profile
	190	- added Spotify default profile
	191	- lots of default security profile changes
	192	- fixed a security problem on multi-user systems
	193	- bugfixes
	194
	195	* Mon Sep 14 2015 netblue30 <netblue30@yahoo.com> 0.9.30-1
	196	- added a disable-history.inc profile as a result of Firefox PDF.js exploit;
	197	disable-history.inc included in all default profiles
	198	- Firefox PDF.js exploit (CVE-2015-4495) fixes
	199	- added --private-etc option
	200	- added --env option
	201	- added --whitelist option
	202	- support ${HOME} token in include directive in profile files
	203	- --private.keep is transitioned to --private-home
	204	- support ~ and blanks in blacklist option
	205	- support "net none" command in profile files
	206	- using /etc/firejail/generic.profile by default for user sessions
	207	- using /etc/firejail/server.profile by default for root sessions
	208	- added build --enable-fatal-warnings configure option
	209	- added persistence to --overlay option
	210	- added --overlay-tmpfs option
	211	- make install-strip implemented, make install renamed
	212	- bugfixes
	213
	214	* Sat Aug 1 2015 netblue30 <netblue30@yahoo.com> 0.9.28-1
	215	- network scanning, --scan option
	216	- interface MAC address support, --mac option
	217	- IP address range, --iprange option
	218	- traffic shaping, --bandwidth option
	219	- reworked printing of network status at startup
	220	- man pages rework
	221	- added firejail-login man page
	222	- added GNU Icecat, FileZilla, Pidgin, XChat, Empathy, DeaDBeeF default
	223	profiles
	224	- added an /etc/firejail/disable-common.inc file to hold common directory
	225	blacklists
	226	- blacklist Opera and Chrome/Chromium config directories in profile files
	227	- support noroot option for profile files
	228	- enabled noroot in default profile files
	229	- bugfixes
	230
	231	* Thu Apr 30 2015 netblue30 <netblue30@yahoo.com> 0.9.26-1
	232	- private dev directory
	233	- private.keep option for whitelisting home files in a new private directory
	234	- user namespaces support, noroot option
	235	- added Deluge and qBittorent profiles
	236	- bugfixes
	237
	238	* Sun Apr 5 2015 netblue30 <netblue30@yahoo.com> 0.9.24-1
	239	- whitelist and blacklist seccomp filters
	240	- doubledash option
	241	- --shell=none support
	242	- netfilter file support in profile files
	243	- dns server support in profile files
	244	- added --dns.print option
	245	- added default profiles for Audoacious, Clementine, Rhythmbox and Totem.
	246	- added --caps.drop=all in default profiles
	247	- new syscalls in default seccomp filter: sysfs, sysctl, adjtimex, kcmp
	248	- clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init
	249	- Bugfix: using /proc/sys/kernel/pid_max for the max number of pids
	250	- two build patches from Reiner Herman (tickets 11, 12)
	251	- man page patch from Reiner Herman (ticket 13)
	252	- output patch (ticket 15) from sshirokov
	253
	254	* Mon Mar 9 2015 netblue30 <netblue30@yahoo.com> 0.9.22-1
	255	- Replaced --noip option with --ip=none
	256	- Container stdout logging and log rotation
	257	- Added process_vm_readv, process_vm_writev and mknod to
	258	default seccomp blacklist
	259	- Added CAP_MKNOD to default caps blacklist
	260	- Blacklist and whitelist custom Linux capabilities filters
	261	- macvlan device driver support for --net option
	262	- DNS server support, --dns option
	263	- Netfilter support
	264	- Monitor network statistics, --netstats option
	265	- Added profile for Mozilla Thunderbird/Icedove
	266	- --overlay support for Linux kernels 3.18+
	267	- Bugfix: preserve .Xauthority file in private mode (test with ssh -X)
	268	- Bugfix: check uid/gid for cgroup
	269
	270	* Fri Feb 6 2015 netblue30 <netblue30@yahoo.com> 0.9.20-1
	271	- utmp, btmp and wtmp enhancements
	272	- create empty /var/log/wtmp and /var/log/btmp files in sandbox
	273	- generate a new /var/run/utmp file in sandbox
	274	- CPU affinity, --cpu option
	275	- Linux control groups support, --cgroup option
	276	- Opera web browser support
	277	- VLC support
	278	- Added "empty" attribute to seccomp command to remove the default
	279	- syscall list form seccomp blacklist
	280	- Added --nogroups option to disable supplementary groups for regular
	281	- users. root user always runs without supplementary groups.
	282	- firemon enhancements
	283	- display the command that started the sandbox
	284	- added --caps option to display capabilities for all sandboxes
	285	- added --cgroup option to display the control groups for all sandboxes
	286	- added --cpu option to display CPU affinity for all sandboxes
	287	- added --seccomp option to display seccomp setting for all sandboxes
	288	- New compile time options: --disable-chroot, --disable-bind
	289	- bugfixes
	290
	291	* Sat Dec 27 2014 netblue30 <netblue30@yahoo.com> 0.9.18-1
	292	- Support for tracing system, setuid, setgid, setfsuid, setfsgid syscalls
	293	- Support for tracing setreuid, setregid, setresuid, setresguid syscalls
	294	- Added profiles for transmission-gtk and transmission-qt
	295	- bugfixes
	296
	297	* Tue Nov 4 2014 netblue30 <netblue30@yahoo.com> 0.9.16-1
	298	- Configurable private home directory
	299	- Configurable default user shell
	300	- Software configuration support for --docdir and DESTDIR
	301	- Profile file support for include, caps, seccomp and private keywords
	302	- Dropbox profile file
	303	- Linux capabilities and seccomp filters enabled by default for Firefox,
	304	Midori, Evince and Dropbox
	305	- bugfixes
	306
	307	* Wed Oct 8 2014 netblue30 <netblue30@yahoo.com> 0.9.14-1
	308	- Linux capabilities and seccomp filters are automatically enabled in
	309	chroot mode (--chroot option) if the sandbox is started as regular
	310	user
	311	- Added support for user defined seccomp blacklists
	312	- Added syscall trace support
	313	- Added --tmpfs option
	314	- Added --balcklist option
	315	- Added --read-only option
	316	- Added --bind option
	317	- Logging enhancements
	318	- --overlay option was reactivated
	319	- Added firemon support to print the ARP table for each sandbox
	320	- Added firemon support to print the route table for each sandbox
	321	- Added firemon support to print interface information for each sandbox
	322	- bugfixes
	323
	324	* Tue Sep 16 2014 netblue30 <netblue30@yahoo.com> 0.9.12-1
	325	- Added capabilities support
	326	- Added support for CentOS 7
	327	- bugfixes
	328
	329	EOF
	330
	331	echo "building rpm"
	332	rpmbuild -ba SPECS/firejail.spec
	333	rpm -qpl RPMS/x86_64/firejail-$VERSION-1.x86_64.rpm
	334	cd ..
	335	rm -f firejail-$VERSION-1.x86_64.rpm
	336	cp rpmbuild/RPMS/x86_64/firejail-$VERSION-1.x86_64.rpm .
	337