summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2016-02-23 09:53:54 -0500
committerLibravatar netblue30 <netblue30@yahoo.com>2016-02-23 09:53:54 -0500
commit3212101227c04ac4e894199881cc486bbda28822 (patch)
treed49076ed09dff600200a11817c90797360ffb787
parentx11 work (diff)
downloadfirejail-3212101227c04ac4e894199881cc486bbda28822.tar.gz
firejail-3212101227c04ac4e894199881cc486bbda28822.tar.zst
firejail-3212101227c04ac4e894199881cc486bbda28822.zip
x11 work
Diffstat
-rwxr-xr-xconfigure17
-rw-r--r--configure.ac9
-rw-r--r--src/firejail/Makefile.in3
-rw-r--r--src/firejail/main.c5
-rw-r--r--src/firejail/x11.c4
-rwxr-xr-xtest/compile/compile.sh19
6 files changed, 56 insertions, 1 deletions
diff --git a/configure b/configure
index 06642abb6..16c62e731 100755
--- a/configure
+++ b/configure
@@ -629,6 +629,7 @@ EGREP
629GREP 629GREP
630CPP 630CPP
631HAVE_FATAL_WARNINGS 631HAVE_FATAL_WARNINGS
632HAVE_X11
632HAVE_USERNS 633HAVE_USERNS
633HAVE_NETWORK 634HAVE_NETWORK
634HAVE_BIND 635HAVE_BIND
@@ -691,6 +692,7 @@ enable_chroot
691enable_bind 692enable_bind
692enable_network 693enable_network
693enable_userns 694enable_userns
695enable_x11
694enable_fatal_warnings 696enable_fatal_warnings
695' 697'
696 ac_precious_vars='build_alias 698 ac_precious_vars='build_alias
@@ -1316,6 +1318,7 @@ Optional Features:
1316 --disable-bind disable bind 1318 --disable-bind disable bind
1317 --disable-network disable network 1319 --disable-network disable network
1318 --disable-userns disable user namespace 1320 --disable-userns disable user namespace
1321 --disable-x11 disable X11 support
1319 --enable-fatal-warnings -W -Wall -Werror 1322 --enable-fatal-warnings -W -Wall -Werror
1320 1323
1321Some influential environment variables: 1324Some influential environment variables:
@@ -3119,6 +3122,19 @@ if test "x$enable_userns" != "xno"; then :
3119 3122
3120fi 3123fi
3121 3124
3125HAVE_X11=""
3126# Check whether --enable-x11 was given.
3127if test "${enable_x11+set}" = set; then :
3128 enableval=$enable_x11;
3129fi
3130
3131if test "x$enable_x11" != "xno"; then :
3132
3133 HAVE_X11="-DHAVE_X11"
3134
3135
3136fi
3137
3122HAVE_FATAL_WARNINGS="" 3138HAVE_FATAL_WARNINGS=""
3123# Check whether --enable-fatal_warnings was given. 3139# Check whether --enable-fatal_warnings was given.
3124if test "${enable_fatal_warnings+set}" = set; then : 3140if test "${enable_fatal_warnings+set}" = set; then :
@@ -4777,6 +4793,7 @@ echo " chroot: $HAVE_CHROOT"
4777echo " bind: $HAVE_BIND" 4793echo " bind: $HAVE_BIND"
4778echo " network: $HAVE_NETWORK" 4794echo " network: $HAVE_NETWORK"
4779echo " user namespace: $HAVE_USERNS" 4795echo " user namespace: $HAVE_USERNS"
4796echo " X11 support: $HAVE_X11"
4780echo " fatal warnings: $HAVE_FATAL_WARNINGS" 4797echo " fatal warnings: $HAVE_FATAL_WARNINGS"
4781echo 4798echo
4782 4799
diff --git a/configure.ac b/configure.ac
index f9d0a3f65..b5dcd6855 100644
--- a/configure.ac
+++ b/configure.ac
@@ -49,6 +49,14 @@ AS_IF([test "x$enable_userns" != "xno"], [
49 AC_SUBST(HAVE_USERNS) 49 AC_SUBST(HAVE_USERNS)
50]) 50])
51 51
52HAVE_X11=""
53AC_ARG_ENABLE([x11],
54 AS_HELP_STRING([--disable-x11], [disable X11 support]))
55AS_IF([test "x$enable_x11" != "xno"], [
56 HAVE_X11="-DHAVE_X11"
57 AC_SUBST(HAVE_X11)
58])
59
52HAVE_FATAL_WARNINGS="" 60HAVE_FATAL_WARNINGS=""
53AC_ARG_ENABLE([fatal_warnings], 61AC_ARG_ENABLE([fatal_warnings],
54 AS_HELP_STRING([--enable-fatal-warnings], [-W -Wall -Werror])) 62 AS_HELP_STRING([--enable-fatal-warnings], [-W -Wall -Werror]))
@@ -81,6 +89,7 @@ echo " chroot: $HAVE_CHROOT"
81echo " bind: $HAVE_BIND" 89echo " bind: $HAVE_BIND"
82echo " network: $HAVE_NETWORK" 90echo " network: $HAVE_NETWORK"
83echo " user namespace: $HAVE_USERNS" 91echo " user namespace: $HAVE_USERNS"
92echo " X11 support: $HAVE_X11"
84echo " fatal warnings: $HAVE_FATAL_WARNINGS" 93echo " fatal warnings: $HAVE_FATAL_WARNINGS"
85echo 94echo
86 95
diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in
index cf57d96d5..ba6bda0a5 100644
--- a/src/firejail/Makefile.in
+++ b/src/firejail/Makefile.in
@@ -14,13 +14,14 @@ HAVE_BIND=@HAVE_BIND@
14HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ 14HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@
15HAVE_NETWORK=@HAVE_NETWORK@ 15HAVE_NETWORK=@HAVE_NETWORK@
16HAVE_USERNS=@HAVE_USERNS@ 16HAVE_USERNS=@HAVE_USERNS@
17HAVE_X11=@HAVE_X11@
17 18
18 19
19H_FILE_LIST = $(sort $(wildcard *.[h])) 20H_FILE_LIST = $(sort $(wildcard *.[h]))
20C_FILE_LIST = $(sort $(wildcard *.c)) 21C_FILE_LIST = $(sort $(wildcard *.c))
21OBJS = $(C_FILE_LIST:.c=.o) 22OBJS = $(C_FILE_LIST:.c=.o)
22BINOBJS = $(foreach file, $(OBJS), $file) 23BINOBJS = $(foreach file, $(OBJS), $file)
23CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_SECCOMP) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security 24CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_SECCOMP) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
24LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread 25LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread
25 26
26%.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h 27%.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 2a5ded984..d2a093520 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -261,12 +261,17 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
261#ifndef HAVE_CHROOT 261#ifndef HAVE_CHROOT
262 printf("Chroot support is disabled.\n"); 262 printf("Chroot support is disabled.\n");
263#endif 263#endif
264#ifndef HAVE_X11
265 printf("X11 support is disabled.\n");
266#endif
264 exit(0); 267 exit(0);
265 } 268 }
269#ifdef HAVE_X11
266 else if (strcmp(argv[i], "--x11") == 0) { 270 else if (strcmp(argv[i], "--x11") == 0) {
267 x11_start(argc, argv); 271 x11_start(argc, argv);
268 exit(0); 272 exit(0);
269 } 273 }
274#endif
270#ifdef HAVE_NETWORK 275#ifdef HAVE_NETWORK
271 else if (strncmp(argv[i], "--bandwidth=", 12) == 0) { 276 else if (strncmp(argv[i], "--bandwidth=", 12) == 0) {
272 logargs(argc, argv); 277 logargs(argc, argv);
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index 5e8fb9bbd..218113f46 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -27,6 +27,7 @@
27#include <sys/mount.h> 27#include <sys/mount.h>
28 28
29void fs_x11(void) { 29void fs_x11(void) {
30#ifdef HAVE_X11
30 // extract display 31 // extract display
31 char *d = getenv("DISPLAY"); 32 char *d = getenv("DISPLAY");
32 if (!d) 33 if (!d)
@@ -94,9 +95,11 @@ void fs_x11(void) {
94 if (mount(RUN_RO_DIR, RUN_WHITELIST_X11_DIR, "none", MS_BIND, "mode=400,gid=0") == -1) 95 if (mount(RUN_RO_DIR, RUN_WHITELIST_X11_DIR, "none", MS_BIND, "mode=400,gid=0") == -1)
95 errExit("mount"); 96 errExit("mount");
96 fs_logger2("blacklist", RUN_WHITELIST_X11_DIR); 97 fs_logger2("blacklist", RUN_WHITELIST_X11_DIR);
98#endif
97} 99}
98 100
99 101
102#ifdef HAVE_X11
100void x11_start(int argc, char **argv) { 103void x11_start(int argc, char **argv) {
101 EUID_ASSERT(); 104 EUID_ASSERT();
102 int i; 105 int i;
@@ -215,3 +218,4 @@ void x11_start(int argc, char **argv) {
215 printf("Xpra server pid %d, client pid %d\n", server, client); 218 printf("Xpra server pid %d, client pid %d\n", server, client);
216 exit(0); 219 exit(0);
217} 220}
221#endif
diff --git a/test/compile/compile.sh b/test/compile/compile.sh
index 789ebbf28..d191b4d2b 100755
--- a/test/compile/compile.sh
+++ b/test/compile/compile.sh
@@ -6,6 +6,7 @@ arr[3]="TEST 3: compile chroot disabled"
6arr[4]="TEST 4: compile bind disabled" 6arr[4]="TEST 4: compile bind disabled"
7arr[5]="TEST 5: compile user namespace disabled" 7arr[5]="TEST 5: compile user namespace disabled"
8arr[6]="TEST 6: compile network disabled" 8arr[6]="TEST 6: compile network disabled"
9arr[7]="TEST 7: compile X11 disabled"
9 10
10 11
11# remove previous reports and output file 12# remove previous reports and output file
@@ -146,6 +147,23 @@ grep Warning output-configure output-make > ./report-test6
146grep Error output-configure output-make >> ./report-test6 147grep Error output-configure output-make >> ./report-test6
147rm output-configure output-make 148rm output-configure output-make
148 149
150#*****************************************************************
151# TEST 7
152#*****************************************************************
153# - disable X11 support
154# - check compilation
155#*****************************************************************
156print_title "${arr[6]}"
157# seccomp
158cd firejail
159make distclean
160./configure --prefix=/usr --disable-x11 --enable-fatal-warnings 2>&1 | tee ../output-configure
161make -j4 2>&1 | tee ../output-make
162cd ..
163grep Warning output-configure output-make > ./report-test7
164grep Error output-configure output-make >> ./report-test7
165rm output-configure output-make
166
149 167
150#***************************************************************** 168#*****************************************************************
151# PRINT REPORTS 169# PRINT REPORTS
@@ -167,3 +185,4 @@ echo ${arr[3]}
167echo ${arr[4]} 185echo ${arr[4]}
168echo ${arr[5]} 186echo ${arr[5]}
169echo ${arr[6]} 187echo ${arr[6]}
188echo ${arr[7]}
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-07 09:31:40 +0000