diff options
author | netblue30 <netblue30@protonmail.com> | 2023-12-23 08:29:33 -0500 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2023-12-23 08:29:33 -0500 |
commit | db09546f2946c921da1b07d9d3569c287238989b (patch) | |
tree | 5eb6edfb8cccfd9e9698a7750e19189b5deca2fe | |
parent | fix cppcheck (diff) | |
download | firejail-db09546f2946c921da1b07d9d3569c287238989b.tar.gz firejail-db09546f2946c921da1b07d9d3569c287238989b.tar.zst firejail-db09546f2946c921da1b07d9d3569c287238989b.zip |
remove LTS and FIRETUNNEL support
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | config.mk.in | 4 | ||||
-rwxr-xr-x | configure | 66 | ||||
-rw-r--r-- | configure.ac | 46 | ||||
-rw-r--r-- | src/firejail/checkcfg.c | 7 | ||||
-rw-r--r-- | src/firejail/main.c | 27 | ||||
-rw-r--r-- | src/man/firejail.1.in | 31 | ||||
-rw-r--r-- | src/zsh_completion/_firejail.in | 4 |
9 files changed, 2 insertions, 186 deletions
@@ -59,7 +59,7 @@ Committers: | |||
59 | - rusty-snake (https://github.com/rusty-snake) | 59 | - rusty-snake (https://github.com/rusty-snake) |
60 | - smitsohu (https://github.com/smitsohu) | 60 | - smitsohu (https://github.com/smitsohu) |
61 | - SkewedZeppelin (https://github.com/SkewedZeppelin) | 61 | - SkewedZeppelin (https://github.com/SkewedZeppelin) |
62 | - startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches | 62 | - startx2017 (https://github.com/startx2017) |
63 | maintainer) | 63 | maintainer) |
64 | - Topi Miettinen (https://github.com/topimiettinen) | 64 | - Topi Miettinen (https://github.com/topimiettinen) |
65 | - veloute (https://github.com/veloute) | 65 | - veloute (https://github.com/veloute) |
@@ -1,5 +1,6 @@ | |||
1 | firejail (0.9.73) baseline; urgency=low | 1 | firejail (0.9.73) baseline; urgency=low |
2 | * work in progress | 2 | * work in progress |
3 | * removed LTS and FIRETUNNEL support | ||
3 | * feature: Add "keep-shell-rc" command and option (#1127 #5634) | 4 | * feature: Add "keep-shell-rc" command and option (#1127 #5634) |
4 | * feature: Print the argument when failing with "too long arguments" (#5677) | 5 | * feature: Print the argument when failing with "too long arguments" (#5677) |
5 | * feature: a random hostname is assigned to each sandbox unless | 6 | * feature: a random hostname is assigned to each sandbox unless |
diff --git a/config.mk.in b/config.mk.in index d50c7d2f5..958efdb34 100644 --- a/config.mk.in +++ b/config.mk.in | |||
@@ -34,12 +34,10 @@ HAVE_APPARMOR=@HAVE_APPARMOR@ | |||
34 | HAVE_CHROOT=@HAVE_CHROOT@ | 34 | HAVE_CHROOT=@HAVE_CHROOT@ |
35 | HAVE_DBUSPROXY=@HAVE_DBUSPROXY@ | 35 | HAVE_DBUSPROXY=@HAVE_DBUSPROXY@ |
36 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | 36 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ |
37 | HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@ | ||
38 | HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@ | 37 | HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@ |
39 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | 38 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ |
40 | HAVE_IDS=@HAVE_IDS@ | 39 | HAVE_IDS=@HAVE_IDS@ |
41 | HAVE_LANDLOCK=@HAVE_LANDLOCK@ | 40 | HAVE_LANDLOCK=@HAVE_LANDLOCK@ |
42 | HAVE_LTS=@HAVE_LTS@ | ||
43 | HAVE_NETWORK=@HAVE_NETWORK@ | 41 | HAVE_NETWORK=@HAVE_NETWORK@ |
44 | HAVE_ONLY_SYSCFG_PROFILES=@HAVE_ONLY_SYSCFG_PROFILES@ | 42 | HAVE_ONLY_SYSCFG_PROFILES=@HAVE_ONLY_SYSCFG_PROFILES@ |
45 | HAVE_OUTPUT=@HAVE_OUTPUT@ | 43 | HAVE_OUTPUT=@HAVE_OUTPUT@ |
@@ -57,12 +55,10 @@ MANFLAGS = \ | |||
57 | $(HAVE_CHROOT) \ | 55 | $(HAVE_CHROOT) \ |
58 | $(HAVE_DBUSPROXY) \ | 56 | $(HAVE_DBUSPROXY) \ |
59 | $(HAVE_FILE_TRANSFER) \ | 57 | $(HAVE_FILE_TRANSFER) \ |
60 | $(HAVE_FIRETUNNEL) \ | ||
61 | $(HAVE_FORCE_NONEWPRIVS) \ | 58 | $(HAVE_FORCE_NONEWPRIVS) \ |
62 | $(HAVE_GLOBALCFG) \ | 59 | $(HAVE_GLOBALCFG) \ |
63 | $(HAVE_IDS) \ | 60 | $(HAVE_IDS) \ |
64 | $(HAVE_LANDLOCK) \ | 61 | $(HAVE_LANDLOCK) \ |
65 | $(HAVE_LTS) \ | ||
66 | $(HAVE_NETWORK) \ | 62 | $(HAVE_NETWORK) \ |
67 | $(HAVE_ONLY_SYSCFG_PROFILES) \ | 63 | $(HAVE_ONLY_SYSCFG_PROFILES) \ |
68 | $(HAVE_OUTPUT) \ | 64 | $(HAVE_OUTPUT) \ |
@@ -650,7 +650,6 @@ ac_includes_default="\ | |||
650 | ac_header_c_list= | 650 | ac_header_c_list= |
651 | ac_subst_vars='LTLIBOBJS | 651 | ac_subst_vars='LTLIBOBJS |
652 | LIBOBJS | 652 | LIBOBJS |
653 | HAVE_LTS | ||
654 | HAVE_ONLY_SYSCFG_PROFILES | 653 | HAVE_ONLY_SYSCFG_PROFILES |
655 | HAVE_FORCE_NONEWPRIVS | 654 | HAVE_FORCE_NONEWPRIVS |
656 | HAVE_CONTRIB_INSTALL | 655 | HAVE_CONTRIB_INSTALL |
@@ -666,7 +665,6 @@ HAVE_GLOBALCFG | |||
666 | HAVE_CHROOT | 665 | HAVE_CHROOT |
667 | HAVE_PRIVATE_LIB | 666 | HAVE_PRIVATE_LIB |
668 | HAVE_PRIVATE_HOME | 667 | HAVE_PRIVATE_HOME |
669 | HAVE_FIRETUNNEL | ||
670 | HAVE_GAWK | 668 | HAVE_GAWK |
671 | HAVE_MAN | 669 | HAVE_MAN |
672 | HAVE_USERTMPFS | 670 | HAVE_USERTMPFS |
@@ -743,7 +741,6 @@ enable_dbusproxy | |||
743 | enable_output | 741 | enable_output |
744 | enable_usertmpfs | 742 | enable_usertmpfs |
745 | enable_man | 743 | enable_man |
746 | enable_firetunnel | ||
747 | enable_private_home | 744 | enable_private_home |
748 | enable_private_lib | 745 | enable_private_lib |
749 | enable_chroot | 746 | enable_chroot |
@@ -759,7 +756,6 @@ enable_gcov | |||
759 | enable_contrib_install | 756 | enable_contrib_install |
760 | enable_force_nonewprivs | 757 | enable_force_nonewprivs |
761 | enable_only_syscfg_profiles | 758 | enable_only_syscfg_profiles |
762 | enable_lts | ||
763 | ' | 759 | ' |
764 | ac_precious_vars='build_alias | 760 | ac_precious_vars='build_alias |
765 | host_alias | 761 | host_alias |
@@ -1403,7 +1399,6 @@ Optional Features: | |||
1403 | --disable-output disable --output logging | 1399 | --disable-output disable --output logging |
1404 | --disable-usertmpfs disable tmpfs as regular user | 1400 | --disable-usertmpfs disable tmpfs as regular user |
1405 | --disable-man disable man pages | 1401 | --disable-man disable man pages |
1406 | --enable-firetunnel enable firetunnel | ||
1407 | --disable-private-home disable private home feature | 1402 | --disable-private-home disable private home feature |
1408 | --disable-private-lib disable private lib feature | 1403 | --disable-private-lib disable private lib feature |
1409 | --disable-chroot disable chroot | 1404 | --disable-chroot disable chroot |
@@ -1424,7 +1419,6 @@ Optional Features: | |||
1424 | enable force nonewprivs | 1419 | enable force nonewprivs |
1425 | --enable-only-syscfg-profiles | 1420 | --enable-only-syscfg-profiles |
1426 | disable profiles in $HOME/.config/firejail | 1421 | disable profiles in $HOME/.config/firejail |
1427 | --enable-lts enable long-term support software version (LTS) | ||
1428 | 1422 | ||
1429 | Some influential environment variables: | 1423 | Some influential environment variables: |
1430 | CC C compiler command | 1424 | CC C compiler command |
@@ -3913,21 +3907,6 @@ fi | |||
3913 | 3907 | ||
3914 | fi | 3908 | fi |
3915 | 3909 | ||
3916 | HAVE_FIRETUNNEL="" | ||
3917 | |||
3918 | # Check whether --enable-firetunnel was given. | ||
3919 | if test ${enable_firetunnel+y} | ||
3920 | then : | ||
3921 | enableval=$enable_firetunnel; | ||
3922 | fi | ||
3923 | |||
3924 | if test "x$enable_firetunnel" = "xyes" | ||
3925 | then : | ||
3926 | |||
3927 | HAVE_FIRETUNNEL="-DHAVE_FIRETUNNEL" | ||
3928 | |||
3929 | fi | ||
3930 | |||
3931 | HAVE_PRIVATE_HOME="" | 3910 | HAVE_PRIVATE_HOME="" |
3932 | 3911 | ||
3933 | # Check whether --enable-private-home was given. | 3912 | # Check whether --enable-private-home was given. |
@@ -4155,39 +4134,6 @@ then : | |||
4155 | 4134 | ||
4156 | fi | 4135 | fi |
4157 | 4136 | ||
4158 | HAVE_LTS="" | ||
4159 | |||
4160 | # Check whether --enable-lts was given. | ||
4161 | if test ${enable_lts+y} | ||
4162 | then : | ||
4163 | enableval=$enable_lts; | ||
4164 | fi | ||
4165 | |||
4166 | if test "x$enable_lts" = "xyes" | ||
4167 | then : | ||
4168 | |||
4169 | HAVE_LTS="-DHAVE_LTS" | ||
4170 | HAVE_LANDLOCK="" | ||
4171 | HAVE_IDS="" | ||
4172 | HAVE_DBUSPROXY="" | ||
4173 | HAVE_OVERLAYFS="" | ||
4174 | HAVE_OUTPUT="" | ||
4175 | HAVE_USERTMPFS="" | ||
4176 | HAVE_MAN="-DHAVE_MAN" | ||
4177 | HAVE_FIRETUNNEL="" | ||
4178 | HAVE_PRIVATE_HOME="" | ||
4179 | HAVE_PRIVATE_LIB="" | ||
4180 | HAVE_CHROOT="" | ||
4181 | HAVE_GLOBALCFG="" | ||
4182 | HAVE_USERNS="" | ||
4183 | HAVE_X11="" | ||
4184 | HAVE_FILE_TRANSFER="" | ||
4185 | HAVE_SUID="-DHAVE_SUID" | ||
4186 | BUSYBOX_WORKAROUND="no" | ||
4187 | HAVE_CONTRIB_INSTALL="no" | ||
4188 | |||
4189 | fi | ||
4190 | |||
4191 | ac_fn_c_check_header_compile "$LINENO" "linux/seccomp.h" "ac_cv_header_linux_seccomp_h" "$ac_includes_default" | 4137 | ac_fn_c_check_header_compile "$LINENO" "linux/seccomp.h" "ac_cv_header_linux_seccomp_h" "$ac_includes_default" |
4192 | if test "x$ac_cv_header_linux_seccomp_h" = xyes | 4138 | if test "x$ac_cv_header_linux_seccomp_h" = xyes |
4193 | then : | 4139 | then : |
@@ -5384,11 +5330,9 @@ Features: | |||
5384 | disable user profiles: $HAVE_ONLY_SYSCFG_PROFILES | 5330 | disable user profiles: $HAVE_ONLY_SYSCFG_PROFILES |
5385 | enable --output logging: $HAVE_OUTPUT | 5331 | enable --output logging: $HAVE_OUTPUT |
5386 | file transfer support: $HAVE_FILE_TRANSFER | 5332 | file transfer support: $HAVE_FILE_TRANSFER |
5387 | firetunnel support: $HAVE_FIRETUNNEL | ||
5388 | global config: $HAVE_GLOBALCFG | 5333 | global config: $HAVE_GLOBALCFG |
5389 | IDS support: $HAVE_IDS | 5334 | IDS support: $HAVE_IDS |
5390 | Landlock support: $HAVE_LANDLOCK | 5335 | Landlock support: $HAVE_LANDLOCK |
5391 | LTS: $HAVE_LTS | ||
5392 | manpage support: $HAVE_MAN | 5336 | manpage support: $HAVE_MAN |
5393 | network: $HAVE_NETWORK | 5337 | network: $HAVE_NETWORK |
5394 | overlayfs support: $HAVE_OVERLAYFS | 5338 | overlayfs support: $HAVE_OVERLAYFS |
@@ -5400,13 +5344,3 @@ Features: | |||
5400 | 5344 | ||
5401 | EOF | 5345 | EOF |
5402 | 5346 | ||
5403 | if test "$HAVE_LTS" = -DHAVE_LTS; then | ||
5404 | cat <<\EOF | ||
5405 | ********************************************************* | ||
5406 | * Warning: Long-term support (LTS) was enabled! * | ||
5407 | * Most compile-time options have been rewritten! * | ||
5408 | ********************************************************* | ||
5409 | |||
5410 | EOF | ||
5411 | fi | ||
5412 | |||
diff --git a/configure.ac b/configure.ac index bd80150ed..fc99820de 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -137,14 +137,6 @@ AS_IF([test "x$enable_man" != "xno"], [ | |||
137 | AS_IF([test "x$HAVE_GAWK" != "xyes"], [AC_MSG_ERROR([*** gawk not found ***])]) | 137 | AS_IF([test "x$HAVE_GAWK" != "xyes"], [AC_MSG_ERROR([*** gawk not found ***])]) |
138 | ]) | 138 | ]) |
139 | 139 | ||
140 | HAVE_FIRETUNNEL="" | ||
141 | AC_SUBST([HAVE_FIRETUNNEL]) | ||
142 | AC_ARG_ENABLE([firetunnel], | ||
143 | [AS_HELP_STRING([--enable-firetunnel], [enable firetunnel])]) | ||
144 | AS_IF([test "x$enable_firetunnel" = "xyes"], [ | ||
145 | HAVE_FIRETUNNEL="-DHAVE_FIRETUNNEL" | ||
146 | ]) | ||
147 | |||
148 | HAVE_PRIVATE_HOME="" | 140 | HAVE_PRIVATE_HOME="" |
149 | AC_SUBST([HAVE_PRIVATE_HOME]) | 141 | AC_SUBST([HAVE_PRIVATE_HOME]) |
150 | AC_ARG_ENABLE([private-home], | 142 | AC_ARG_ENABLE([private-home], |
@@ -268,32 +260,6 @@ AS_IF([test "x$enable_only_syscfg_profiles" = "xyes"], [ | |||
268 | HAVE_ONLY_SYSCFG_PROFILES="-DHAVE_ONLY_SYSCFG_PROFILES" | 260 | HAVE_ONLY_SYSCFG_PROFILES="-DHAVE_ONLY_SYSCFG_PROFILES" |
269 | ]) | 261 | ]) |
270 | 262 | ||
271 | HAVE_LTS="" | ||
272 | AC_SUBST([HAVE_LTS]) | ||
273 | AC_ARG_ENABLE([lts], | ||
274 | [AS_HELP_STRING([--enable-lts], [enable long-term support software version (LTS)])]) | ||
275 | AS_IF([test "x$enable_lts" = "xyes"], [ | ||
276 | HAVE_LTS="-DHAVE_LTS" | ||
277 | HAVE_LANDLOCK="" | ||
278 | HAVE_IDS="" | ||
279 | HAVE_DBUSPROXY="" | ||
280 | HAVE_OVERLAYFS="" | ||
281 | HAVE_OUTPUT="" | ||
282 | HAVE_USERTMPFS="" | ||
283 | HAVE_MAN="-DHAVE_MAN" | ||
284 | HAVE_FIRETUNNEL="" | ||
285 | HAVE_PRIVATE_HOME="" | ||
286 | HAVE_PRIVATE_LIB="" | ||
287 | HAVE_CHROOT="" | ||
288 | HAVE_GLOBALCFG="" | ||
289 | HAVE_USERNS="" | ||
290 | HAVE_X11="" | ||
291 | HAVE_FILE_TRANSFER="" | ||
292 | HAVE_SUID="-DHAVE_SUID" | ||
293 | BUSYBOX_WORKAROUND="no" | ||
294 | HAVE_CONTRIB_INSTALL="no" | ||
295 | ]) | ||
296 | |||
297 | AC_CHECK_HEADER([linux/seccomp.h], [], | 263 | AC_CHECK_HEADER([linux/seccomp.h], [], |
298 | [AC_MSG_ERROR([*** SECCOMP support is not installed (/usr/include/linux/seccomp.h missing) ***])]) | 264 | [AC_MSG_ERROR([*** SECCOMP support is not installed (/usr/include/linux/seccomp.h missing) ***])]) |
299 | 265 | ||
@@ -332,11 +298,9 @@ Features: | |||
332 | disable user profiles: $HAVE_ONLY_SYSCFG_PROFILES | 298 | disable user profiles: $HAVE_ONLY_SYSCFG_PROFILES |
333 | enable --output logging: $HAVE_OUTPUT | 299 | enable --output logging: $HAVE_OUTPUT |
334 | file transfer support: $HAVE_FILE_TRANSFER | 300 | file transfer support: $HAVE_FILE_TRANSFER |
335 | firetunnel support: $HAVE_FIRETUNNEL | ||
336 | global config: $HAVE_GLOBALCFG | 301 | global config: $HAVE_GLOBALCFG |
337 | IDS support: $HAVE_IDS | 302 | IDS support: $HAVE_IDS |
338 | Landlock support: $HAVE_LANDLOCK | 303 | Landlock support: $HAVE_LANDLOCK |
339 | LTS: $HAVE_LTS | ||
340 | manpage support: $HAVE_MAN | 304 | manpage support: $HAVE_MAN |
341 | network: $HAVE_NETWORK | 305 | network: $HAVE_NETWORK |
342 | overlayfs support: $HAVE_OVERLAYFS | 306 | overlayfs support: $HAVE_OVERLAYFS |
@@ -347,13 +311,3 @@ Features: | |||
347 | X11 sandboxing support: $HAVE_X11 | 311 | X11 sandboxing support: $HAVE_X11 |
348 | 312 | ||
349 | EOF | 313 | EOF |
350 | |||
351 | if test "$HAVE_LTS" = -DHAVE_LTS; then | ||
352 | cat <<\EOF | ||
353 | ********************************************************* | ||
354 | * Warning: Long-term support (LTS) was enabled! * | ||
355 | * Most compile-time options have been rewritten! * | ||
356 | ********************************************************* | ||
357 | |||
358 | EOF | ||
359 | fi | ||
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 7792c6541..3283fae13 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -349,13 +349,6 @@ static const char *const compiletime_support = | |||
349 | "disabled" | 349 | "disabled" |
350 | #endif | 350 | #endif |
351 | 351 | ||
352 | "\n\t- firetunnel support is " | ||
353 | #ifdef HAVE_FIRETUNNEL | ||
354 | "enabled" | ||
355 | #else | ||
356 | "disabled" | ||
357 | #endif | ||
358 | |||
359 | "\n\t- IDS support is " | 352 | "\n\t- IDS support is " |
360 | #ifdef HAVE_IDS | 353 | #ifdef HAVE_IDS |
361 | "enabled" | 354 | "enabled" |
diff --git a/src/firejail/main.c b/src/firejail/main.c index aaa7c8a2f..76bfcede8 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1827,33 +1827,6 @@ int main(int argc, char **argv, char **envp) { | |||
1827 | exit_err_feature("overlayfs"); | 1827 | exit_err_feature("overlayfs"); |
1828 | } | 1828 | } |
1829 | #endif | 1829 | #endif |
1830 | #ifdef HAVE_FIRETUNNEL | ||
1831 | else if (strcmp(argv[i], "--tunnel") == 0) { | ||
1832 | // try to connect to the default client side of the tunnel | ||
1833 | // if this fails, try the default server side of the tunnel | ||
1834 | if (access("/run/firetunnel/ftc", R_OK) == 0) | ||
1835 | profile_read("/run/firetunnel/ftc"); | ||
1836 | else if (access("/run/firetunnel/fts", R_OK) == 0) | ||
1837 | profile_read("/run/firetunnel/fts"); | ||
1838 | else { | ||
1839 | fprintf(stderr, "Error: no default firetunnel found, please specify it using --tunnel=devname option\n"); | ||
1840 | exit(1); | ||
1841 | } | ||
1842 | } | ||
1843 | else if (strncmp(argv[i], "--tunnel=", 9) == 0) { | ||
1844 | char *fname; | ||
1845 | |||
1846 | if (asprintf(&fname, "/run/firetunnel/%s", argv[i] + 9) == -1) | ||
1847 | errExit("asprintf"); | ||
1848 | invalid_filename(fname, 0); // no globbing | ||
1849 | if (access(fname, R_OK) == 0) | ||
1850 | profile_read(fname); | ||
1851 | else { | ||
1852 | fprintf(stderr, "Error: tunnel not found\n"); | ||
1853 | exit(1); | ||
1854 | } | ||
1855 | } | ||
1856 | #endif | ||
1857 | else if (strncmp(argv[i], "--include=", 10) == 0) { | 1830 | else if (strncmp(argv[i], "--include=", 10) == 0) { |
1858 | char *ppath = expand_macros(argv[i] + 10); | 1831 | char *ppath = expand_macros(argv[i] + 10); |
1859 | if (!ppath) | 1832 | if (!ppath) |
diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in index 9761edb76..ccc9a50a5 100644 --- a/src/man/firejail.1.in +++ b/src/man/firejail.1.in | |||
@@ -42,15 +42,6 @@ Miscellaneous: | |||
42 | firejail {\-? | \-\-debug-caps | \-\-debug-errnos | \-\-debug-syscalls | \-\-debug-syscalls32 | \-\-debug-protocols | \-\-help | \-\-version} | 42 | firejail {\-? | \-\-debug-caps | \-\-debug-errnos | \-\-debug-syscalls | \-\-debug-syscalls32 | \-\-debug-protocols | \-\-help | \-\-version} |
43 | .RE | 43 | .RE |
44 | .SH DESCRIPTION | 44 | .SH DESCRIPTION |
45 | #ifdef HAVE_LTS | ||
46 | This is Firejail long-term support (LTS), an enterprise focused version of the software, | ||
47 | LTS is usually supported for two or three years. | ||
48 | During this time only bugs and the occasional documentation problems are fixed. | ||
49 | The attack surface of the SUID executable was greatly reduced by removing some of the features. | ||
50 | .br | ||
51 | |||
52 | .br | ||
53 | #endif | ||
54 | Firejail is a SUID sandbox program that reduces the risk of security breaches by | 45 | Firejail is a SUID sandbox program that reduces the risk of security breaches by |
55 | restricting the running environment of untrusted applications using Linux | 46 | restricting the running environment of untrusted applications using Linux |
56 | namespaces, seccomp-bpf and Linux capabilities. | 47 | namespaces, seccomp-bpf and Linux capabilities. |
@@ -3043,28 +3034,6 @@ $ firejail \-\-tree | |||
3043 | .br | 3034 | .br |
3044 | 11970:netblue:transmission-gtk | 3035 | 11970:netblue:transmission-gtk |
3045 | 3036 | ||
3046 | #ifdef HAVE_FIRETUNNEL | ||
3047 | .TP | ||
3048 | \fB\-\-tunnel[=devname] | ||
3049 | Connect the sandbox to a network overlay/VPN tunnel created by firetunnel utility. This options | ||
3050 | tries first the client side of the tunnel. If this fails, it tries the server side. If multiple tunnels are active, | ||
3051 | please specify the tunnel device using \-\-tunnel=devname. | ||
3052 | .br | ||
3053 | |||
3054 | .br | ||
3055 | The available tunnel devices are listed in /etc/firetunnel directory, one file for each device. | ||
3056 | The files are regular firejail profile files containing the network configuration, | ||
3057 | and are created and managed by firetunnel utility. | ||
3058 | By default ftc is the client-side device and fts is the server-side device. For more information | ||
3059 | please see man 1 firetunnel. | ||
3060 | .br | ||
3061 | |||
3062 | .br | ||
3063 | Example: | ||
3064 | .br | ||
3065 | $ firejail --tunnel firefox | ||
3066 | .br | ||
3067 | #endif | ||
3068 | .TP | 3037 | .TP |
3069 | \fB\-\-version | 3038 | \fB\-\-version |
3070 | Print program version/compile time support and exit. | 3039 | Print program version/compile time support and exit. |
diff --git a/src/zsh_completion/_firejail.in b/src/zsh_completion/_firejail.in index bea5df2be..c4056b902 100644 --- a/src/zsh_completion/_firejail.in +++ b/src/zsh_completion/_firejail.in | |||
@@ -213,10 +213,6 @@ _firejail_args=( | |||
213 | '--ls=-[list files in sandbox container name|pid]: :_all_firejails' | 213 | '--ls=-[list files in sandbox container name|pid]: :_all_firejails' |
214 | #endif | 214 | #endif |
215 | 215 | ||
216 | #ifdef HAVE_FIRETUNNEL | ||
217 | '--tunnel=-[connect the sandbox to a tunnel created by firetunnel utility]: :' | ||
218 | #endif | ||
219 | |||
220 | #ifdef HAVE_NETWORK | 216 | #ifdef HAVE_NETWORK |
221 | '--bandwidth=-[set bandwidth limits name|pid]: :_all_firejails' | 217 | '--bandwidth=-[set bandwidth limits name|pid]: :_all_firejails' |
222 | '--defaultgw=[configure default gateway]: :' | 218 | '--defaultgw=[configure default gateway]: :' |