summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar smitsohu <smitsohu@gmail.com>2019-07-25 11:58:53 +0200
committerLibravatar smitsohu <smitsohu@gmail.com>2019-07-25 11:58:53 +0200
commitd4971ce7f62a9b31a86cb1b056b4f5fc9aa77499 (patch)
treed5b602c771940985a9e68f5d5002d0d41b30728d
parentfix whitelisting for homedirs outside /home (diff)
parentfix make scan-build for debian 10 and arch (diff)
downloadfirejail-d4971ce7f62a9b31a86cb1b056b4f5fc9aa77499.tar.gz
firejail-d4971ce7f62a9b31a86cb1b056b4f5fc9aa77499.tar.zst
firejail-d4971ce7f62a9b31a86cb1b056b4f5fc9aa77499.zip
Merge branch 'master' of https://github.com/netblue30/firejail
Diffstat
-rw-r--r--Makefile.in10
-rw-r--r--etc/templates/syscalls.txt6
-rw-r--r--src/common.mk.in4
3 files changed, 11 insertions, 9 deletions
diff --git a/Makefile.in b/Makefile.in
index 9d21419bc..c6bacff31 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -217,12 +217,6 @@ deb: dist
217deb-apparmor: dist 217deb-apparmor: dist
218 ./mkdeb-apparmor.sh $(NAME) $(VERSION) 218 ./mkdeb-apparmor.sh $(NAME) $(VERSION)
219 219
220snap: all
221 cd platform/snap; ./snap.sh
222
223install-snap: snap
224 sudo snap remove faudit; sudo snap install faudit*.snap
225
226test-compile: dist 220test-compile: dist
227 cd test/compile; ./compile.sh $(NAME)-$(VERSION) 221 cd test/compile; ./compile.sh $(NAME)-$(VERSION)
228 222
@@ -234,10 +228,10 @@ extras: all
234 $(MAKE) -C extras/firetools 228 $(MAKE) -C extras/firetools
235 229
236cppcheck: clean 230cppcheck: clean
237 cppcheck -q --force --error-exitcode=1 --enable=warning,performance . 231 cppcheck --force --error-exitcode=1 --enable=warning,performance .
238 232
239scan-build: clean 233scan-build: clean
240 scan-build make 234 NO_EXTRA_CFLAGS="yes" scan-build make
241 235
242 236
243# 237#
diff --git a/etc/templates/syscalls.txt b/etc/templates/syscalls.txt
index 2464df9ee..30ad6feea 100644
--- a/etc/templates/syscalls.txt
+++ b/etc/templates/syscalls.txt
@@ -14,7 +14,7 @@ Hints for writing seccomp.drop lines
14@obsolete=_sysctl,afs_syscall,bdflush,break,create_module,ftime,get_kernel_syms,getpmsg,gtty,lock,mpx,prof,profil,putpmsg,query_module,security,sgetmask,ssetmask,stty,sysfs,tuxcall,ulimit,uselib,ustat,vserver 14@obsolete=_sysctl,afs_syscall,bdflush,break,create_module,ftime,get_kernel_syms,getpmsg,gtty,lock,mpx,prof,profil,putpmsg,query_module,security,sgetmask,ssetmask,stty,sysfs,tuxcall,ulimit,uselib,ustat,vserver
15@resources=mbind,migrate_pages,move_pages,set_mempolicy 15@resources=mbind,migrate_pages,move_pages,set_mempolicy
16 16
17@default=@cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,ioprio_set,io_setup,io_submit,kcmp,keyctl,mincore,name_to_handle_at,ni_syscall,open_by_handle_at,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice 17@default=@cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
18 18
19@default-nodebuggers=@default,personality,process_vm_readv,ptrace 19@default-nodebuggers=@default,personality,process_vm_readv,ptrace
20 20
@@ -41,3 +41,7 @@ Hints for writing seccomp.drop lines
41| @default-nodebuggers | 41| @default-nodebuggers |
42+----------------------+ 42+----------------------+
43 43
44
45@default without chroot: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pivot_root,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
46
47@default-nodebuggers without chroot: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
diff --git a/src/common.mk.in b/src/common.mk.in
index 1b6ad91a5..ff66c6748 100644
--- a/src/common.mk.in
+++ b/src/common.mk.in
@@ -32,4 +32,8 @@ BINOBJS = $(foreach file, $(OBJS), $file)
32CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_FIRETUNNEL) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security 32CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_FIRETUNNEL) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
33LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread 33LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread
34EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ 34EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@
35
36ifdef NO_EXTRA_CFLAGS
37else
35EXTRA_CFLAGS +=@EXTRA_CFLAGS@ 38EXTRA_CFLAGS +=@EXTRA_CFLAGS@
39endif
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-11 22:42:43 +0000