aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2016-03-12 08:29:58 -0500
committerLibravatar netblue30 <netblue30@yahoo.com>2016-03-12 08:29:58 -0500
commit3a42337a9acf9a882f0367a8b1ab7d430fac3f8b (patch)
tree477118e3b31a36ef77e4a4508057448b5a02c2d9
parentprofile update (diff)
downloadfirejail-3a42337a9acf9a882f0367a8b1ab7d430fac3f8b.tar.gz
firejail-3a42337a9acf9a882f0367a8b1ab7d430fac3f8b.tar.zst
firejail-3a42337a9acf9a882f0367a8b1ab7d430fac3f8b.zip
compile time support to disable file transfer
Diffstat
-rwxr-xr-xconfigure17
-rw-r--r--configure.ac9
-rw-r--r--src/firejail/Makefile.in3
-rw-r--r--src/firejail/main.c5
4 files changed, 33 insertions, 1 deletions
diff --git a/configure b/configure
index 71f421ff4..258417e3c 100755
--- a/configure
+++ b/configure
@@ -629,6 +629,7 @@ EGREP
629GREP 629GREP
630CPP 630CPP
631HAVE_FATAL_WARNINGS 631HAVE_FATAL_WARNINGS
632HAVE_FILE_TRANSFER
632HAVE_X11 633HAVE_X11
633HAVE_USERNS 634HAVE_USERNS
634HAVE_NETWORK 635HAVE_NETWORK
@@ -693,6 +694,7 @@ enable_bind
693enable_network 694enable_network
694enable_userns 695enable_userns
695enable_x11 696enable_x11
697enable_file_transfer
696enable_fatal_warnings 698enable_fatal_warnings
697' 699'
698 ac_precious_vars='build_alias 700 ac_precious_vars='build_alias
@@ -1321,6 +1323,7 @@ Optional Features:
1321 restrict --net= to root only 1323 restrict --net= to root only
1322 --disable-userns disable user namespace 1324 --disable-userns disable user namespace
1323 --disable-x11 disable X11 support 1325 --disable-x11 disable X11 support
1326 --disable-file-transfer disable file transfer
1324 --enable-fatal-warnings -W -Wall -Werror 1327 --enable-fatal-warnings -W -Wall -Werror
1325 1328
1326Some influential environment variables: 1329Some influential environment variables:
@@ -3147,6 +3150,19 @@ if test "x$enable_x11" != "xno"; then :
3147 3150
3148fi 3151fi
3149 3152
3153HAVE_FILE_TRANSFER=""
3154# Check whether --enable-file-transfer was given.
3155if test "${enable_file_transfer+set}" = set; then :
3156 enableval=$enable_file_transfer;
3157fi
3158
3159if test "x$enable_file_transfer" != "xno"; then :
3160
3161 HAVE_FILE_TRANSFER="-DHAVE_FILE_TRANSFER"
3162
3163
3164fi
3165
3150HAVE_FATAL_WARNINGS="" 3166HAVE_FATAL_WARNINGS=""
3151# Check whether --enable-fatal_warnings was given. 3167# Check whether --enable-fatal_warnings was given.
3152if test "${enable_fatal_warnings+set}" = set; then : 3168if test "${enable_fatal_warnings+set}" = set; then :
@@ -4806,6 +4822,7 @@ echo " bind: $HAVE_BIND"
4806echo " network: $HAVE_NETWORK" 4822echo " network: $HAVE_NETWORK"
4807echo " user namespace: $HAVE_USERNS" 4823echo " user namespace: $HAVE_USERNS"
4808echo " X11 support: $HAVE_X11" 4824echo " X11 support: $HAVE_X11"
4825echo " file transfer support: $HAVE_FILE_TRANSFER"
4809echo " fatal warnings: $HAVE_FATAL_WARNINGS" 4826echo " fatal warnings: $HAVE_FATAL_WARNINGS"
4810echo 4827echo
4811 4828
diff --git a/configure.ac b/configure.ac
index 512159568..71e3eb410 100644
--- a/configure.ac
+++ b/configure.ac
@@ -62,6 +62,14 @@ AS_IF([test "x$enable_x11" != "xno"], [
62 AC_SUBST(HAVE_X11) 62 AC_SUBST(HAVE_X11)
63]) 63])
64 64
65HAVE_FILE_TRANSFER=""
66AC_ARG_ENABLE([file-transfer],
67 AS_HELP_STRING([--disable-file-transfer], [disable file transfer]))
68AS_IF([test "x$enable_file_transfer" != "xno"], [
69 HAVE_FILE_TRANSFER="-DHAVE_FILE_TRANSFER"
70 AC_SUBST(HAVE_FILE_TRANSFER)
71])
72
65HAVE_FATAL_WARNINGS="" 73HAVE_FATAL_WARNINGS=""
66AC_ARG_ENABLE([fatal_warnings], 74AC_ARG_ENABLE([fatal_warnings],
67 AS_HELP_STRING([--enable-fatal-warnings], [-W -Wall -Werror])) 75 AS_HELP_STRING([--enable-fatal-warnings], [-W -Wall -Werror]))
@@ -95,6 +103,7 @@ echo " bind: $HAVE_BIND"
95echo " network: $HAVE_NETWORK" 103echo " network: $HAVE_NETWORK"
96echo " user namespace: $HAVE_USERNS" 104echo " user namespace: $HAVE_USERNS"
97echo " X11 support: $HAVE_X11" 105echo " X11 support: $HAVE_X11"
106echo " file transfer support: $HAVE_FILE_TRANSFER"
98echo " fatal warnings: $HAVE_FATAL_WARNINGS" 107echo " fatal warnings: $HAVE_FATAL_WARNINGS"
99echo 108echo
100 109
diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in
index ba6bda0a5..3ad4ba75e 100644
--- a/src/firejail/Makefile.in
+++ b/src/firejail/Makefile.in
@@ -15,13 +15,14 @@ HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@
15HAVE_NETWORK=@HAVE_NETWORK@ 15HAVE_NETWORK=@HAVE_NETWORK@
16HAVE_USERNS=@HAVE_USERNS@ 16HAVE_USERNS=@HAVE_USERNS@
17HAVE_X11=@HAVE_X11@ 17HAVE_X11=@HAVE_X11@
18HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@
18 19
19 20
20H_FILE_LIST = $(sort $(wildcard *.[h])) 21H_FILE_LIST = $(sort $(wildcard *.[h]))
21C_FILE_LIST = $(sort $(wildcard *.c)) 22C_FILE_LIST = $(sort $(wildcard *.c))
22OBJS = $(C_FILE_LIST:.c=.o) 23OBJS = $(C_FILE_LIST:.c=.o)
23BINOBJS = $(foreach file, $(OBJS), $file) 24BINOBJS = $(foreach file, $(OBJS), $file)
24CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_SECCOMP) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security 25CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_SECCOMP) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
25LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread 26LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread
26 27
27%.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h 28%.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 2c6b5a5e1..bfb0eadc9 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -271,6 +271,9 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
271#ifndef HAVE_X11 271#ifndef HAVE_X11
272 printf("X11 support is disabled.\n"); 272 printf("X11 support is disabled.\n");
273#endif 273#endif
274#ifndef HAVE_FILE_TRANSFER
275 printf("File transfer support is disabled.\n");
276#endif
274 exit(0); 277 exit(0);
275 } 278 }
276#ifdef HAVE_X11 279#ifdef HAVE_X11
@@ -426,6 +429,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
426 exit(0); 429 exit(0);
427 } 430 }
428#endif 431#endif
432#ifndef HAVE_FILE_TRANSFER
429 else if (strncmp(argv[i], "--get=", 6) == 0) { 433 else if (strncmp(argv[i], "--get=", 6) == 0) {
430 logargs(argc, argv); 434 logargs(argc, argv);
431 435
@@ -472,6 +476,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
472 sandboxfs_name(SANDBOX_FS_LS, argv[i] + 5, path); 476 sandboxfs_name(SANDBOX_FS_LS, argv[i] + 5, path);
473 exit(0); 477 exit(0);
474 } 478 }
479#endif
475 else if (strncmp(argv[i], "--join=", 7) == 0) { 480 else if (strncmp(argv[i], "--join=", 7) == 0) {
476 logargs(argc, argv); 481 logargs(argc, argv);
477 482
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-03 06:35:39 +0000