diff options
author | netblue30 <netblue30@yahoo.com> | 2018-04-02 12:59:04 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-04-02 12:59:04 -0400 |
commit | ff1599f64d479dd10dfef2cb6d7115de7ca7c0b5 (patch) | |
tree | b9cbd75701f79b114cc49b2fbf1575963e4f911a | |
parent | WIP: Blacklist common programming interpreters. (#1837) (diff) | |
download | firejail-ff1599f64d479dd10dfef2cb6d7115de7ca7c0b5.tar.gz firejail-ff1599f64d479dd10dfef2cb6d7115de7ca7c0b5.tar.zst firejail-ff1599f64d479dd10dfef2cb6d7115de7ca7c0b5.zip |
added --disable-suid to configuration script
-rw-r--r-- | Makefile.in | 3 | ||||
-rwxr-xr-x | configure | 18 | ||||
-rw-r--r-- | configure.ac | 10 |
3 files changed, 31 insertions, 0 deletions
diff --git a/Makefile.in b/Makefile.in index ebf9d40e8..e9df6264d 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -21,6 +21,7 @@ HAVE_APPARMOR=@HAVE_APPARMOR@ | |||
21 | HAVE_CONTRIB_INSTALL=@HAVE_CONTRIB_INSTALL@ | 21 | HAVE_CONTRIB_INSTALL=@HAVE_CONTRIB_INSTALL@ |
22 | HAVE_GIT_INSTALL=@HAVE_GIT_INSTALL@ | 22 | HAVE_GIT_INSTALL=@HAVE_GIT_INSTALL@ |
23 | BUSYBOX_WORKAROUND=@BUSYBOX_WORKAROUND@ | 23 | BUSYBOX_WORKAROUND=@BUSYBOX_WORKAROUND@ |
24 | HAVE_SUID=@HAVE_SUID@ | ||
24 | 25 | ||
25 | uids.h:; ./mkuid.sh | 26 | uids.h:; ./mkuid.sh |
26 | 27 | ||
@@ -81,7 +82,9 @@ realinstall: | |||
81 | # firejail executable | 82 | # firejail executable |
82 | install -m 0755 -d $(DESTDIR)/$(bindir) | 83 | install -m 0755 -d $(DESTDIR)/$(bindir) |
83 | install -c -m 0755 src/firejail/firejail $(DESTDIR)/$(bindir)/. | 84 | install -c -m 0755 src/firejail/firejail $(DESTDIR)/$(bindir)/. |
85 | ifeq ($(HAVE_SUID),yes) | ||
84 | chmod u+s $(DESTDIR)/$(bindir)/firejail | 86 | chmod u+s $(DESTDIR)/$(bindir)/firejail |
87 | endif | ||
85 | # firemon executable | 88 | # firemon executable |
86 | install -c -m 0755 src/firemon/firemon $(DESTDIR)/$(bindir)/. | 89 | install -c -m 0755 src/firemon/firemon $(DESTDIR)/$(bindir)/. |
87 | # firecfg executable | 90 | # firecfg executable |
@@ -630,6 +630,7 @@ HAVE_GIT_INSTALL | |||
630 | HAVE_GCOV | 630 | HAVE_GCOV |
631 | BUSYBOX_WORKAROUND | 631 | BUSYBOX_WORKAROUND |
632 | HAVE_FATAL_WARNINGS | 632 | HAVE_FATAL_WARNINGS |
633 | HAVE_SUID | ||
633 | HAVE_WHITELIST | 634 | HAVE_WHITELIST |
634 | HAVE_FILE_TRANSFER | 635 | HAVE_FILE_TRANSFER |
635 | HAVE_X11 | 636 | HAVE_X11 |
@@ -712,6 +713,7 @@ enable_userns | |||
712 | enable_x11 | 713 | enable_x11 |
713 | enable_file_transfer | 714 | enable_file_transfer |
714 | enable_whitelist | 715 | enable_whitelist |
716 | enable_suid | ||
715 | enable_fatal_warnings | 717 | enable_fatal_warnings |
716 | enable_busybox_workaround | 718 | enable_busybox_workaround |
717 | enable_gcov | 719 | enable_gcov |
@@ -1362,6 +1364,7 @@ Optional Features: | |||
1362 | --disable-x11 disable X11 sandboxing support | 1364 | --disable-x11 disable X11 sandboxing support |
1363 | --disable-file-transfer disable file transfer | 1365 | --disable-file-transfer disable file transfer |
1364 | --disable-whitelist disable whitelist | 1366 | --disable-whitelist disable whitelist |
1367 | --disable-suid install as a non-SUID executable | ||
1365 | --enable-fatal-warnings -W -Wall -Werror | 1368 | --enable-fatal-warnings -W -Wall -Werror |
1366 | --enable-busybox-workaround | 1369 | --enable-busybox-workaround |
1367 | enable busybox workaround | 1370 | enable busybox workaround |
@@ -3729,6 +3732,20 @@ if test "x$enable_whitelist" != "xno"; then : | |||
3729 | 3732 | ||
3730 | fi | 3733 | fi |
3731 | 3734 | ||
3735 | HAVE_SUID="" | ||
3736 | # Check whether --enable-suid was given. | ||
3737 | if test "${enable_suid+set}" = set; then : | ||
3738 | enableval=$enable_suid; | ||
3739 | fi | ||
3740 | |||
3741 | if test "x$enable_suid" = "xno"; then : | ||
3742 | HAVE_SUID="no" | ||
3743 | else | ||
3744 | HAVE_SUID="yes" | ||
3745 | |||
3746 | fi | ||
3747 | |||
3748 | |||
3732 | HAVE_FATAL_WARNINGS="" | 3749 | HAVE_FATAL_WARNINGS="" |
3733 | # Check whether --enable-fatal_warnings was given. | 3750 | # Check whether --enable-fatal_warnings was given. |
3734 | if test "${enable_fatal_warnings+set}" = set; then : | 3751 | if test "${enable_fatal_warnings+set}" = set; then : |
@@ -5071,4 +5088,5 @@ echo " EXTRA_CFLAGS: $EXTRA_CFLAGS" | |||
5071 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" | 5088 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" |
5072 | echo " Gcov instrumentation: $HAVE_GCOV" | 5089 | echo " Gcov instrumentation: $HAVE_GCOV" |
5073 | echo " Install contrib scripts: $HAVE_CONTRIB_INSTALL" | 5090 | echo " Install contrib scripts: $HAVE_CONTRIB_INSTALL" |
5091 | echo " Install as a SUID executable: $HAVE_SUID" | ||
5074 | echo | 5092 | echo |
diff --git a/configure.ac b/configure.ac index 460c93d50..7495ac4c4 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -144,6 +144,15 @@ AS_IF([test "x$enable_whitelist" != "xno"], [ | |||
144 | AC_SUBST(HAVE_WHITELIST) | 144 | AC_SUBST(HAVE_WHITELIST) |
145 | ]) | 145 | ]) |
146 | 146 | ||
147 | HAVE_SUID="" | ||
148 | AC_ARG_ENABLE([suid], | ||
149 | AS_HELP_STRING([--disable-suid], [install as a non-SUID executable])) | ||
150 | AS_IF([test "x$enable_suid" = "xno"], | ||
151 | [HAVE_SUID="no"], | ||
152 | [HAVE_SUID="yes"] | ||
153 | ) | ||
154 | AC_SUBST(HAVE_SUID) | ||
155 | |||
147 | HAVE_FATAL_WARNINGS="" | 156 | HAVE_FATAL_WARNINGS="" |
148 | AC_ARG_ENABLE([fatal_warnings], | 157 | AC_ARG_ENABLE([fatal_warnings], |
149 | AS_HELP_STRING([--enable-fatal-warnings], [-W -Wall -Werror])) | 158 | AS_HELP_STRING([--enable-fatal-warnings], [-W -Wall -Werror])) |
@@ -228,4 +237,5 @@ echo " EXTRA_CFLAGS: $EXTRA_CFLAGS" | |||
228 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" | 237 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" |
229 | echo " Gcov instrumentation: $HAVE_GCOV" | 238 | echo " Gcov instrumentation: $HAVE_GCOV" |
230 | echo " Install contrib scripts: $HAVE_CONTRIB_INSTALL" | 239 | echo " Install contrib scripts: $HAVE_CONTRIB_INSTALL" |
240 | echo " Install as a SUID executable: $HAVE_SUID" | ||
231 | echo | 241 | echo |