diff options
| author |  netblue30 <netblue30@protonmail.com> | 2023-07-07 19:34:55 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@protonmail.com> | 2023-07-07 19:34:55 -0400 |
| commit | 2b34747db534f5db2f577f31d685824b29537098 (patch) | |
| tree | 153e484e803cabb4dc1faa0affe95f1a003dfa27 | |
| parent | rework src/man Makefile (diff) | |
| download | firejail-2b34747db534f5db2f577f31d685824b29537098.tar.gz firejail-2b34747db534f5db2f577f31d685824b29537098.tar.zst firejail-2b34747db534f5db2f577f31d685824b29537098.zip | |
generate seccomp filters at install time
| -rw-r--r-- | Makefile | 20 | ||||
| -rw-r--r-- | RELNOTES | 2 |
2 files changed, 8 insertions, 14 deletions
| @@ -37,7 +37,7 @@ SYNTAX_FILES := $(SYNTAX_FILES_IN:.in=) | |||
| 37 | ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS) | 37 | ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS) |
| 38 | 38 | ||
| 39 | .PHONY: all | 39 | .PHONY: all |
| 40 | all: all_items mydirs filters $(CONTRIB_TARGET) | 40 | all: all_items mydirs $(CONTRIB_TARGET) |
| 41 | 41 | ||
| 42 | config.mk config.sh: | 42 | config.mk config.sh: |
| 43 | @printf 'error: run ./configure to generate %s\n' "$@" >&2 | 43 | @printf 'error: run ./configure to generate %s\n' "$@" >&2 |
| @@ -53,28 +53,19 @@ mydirs: $(MYDIRS) | |||
| 53 | $(MYDIRS): | 53 | $(MYDIRS): |
| 54 | $(MAKE) -C $@ | 54 | $(MAKE) -C $@ |
| 55 | 55 | ||
| 56 | .PHONY: filters | 56 | define build_filters |
| 57 | filters: $(SECCOMP_FILTERS) $(SBOX_APPS_NON_DUMPABLE) | ||
| 58 | seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
| 59 | src/fseccomp/fseccomp default seccomp | 57 | src/fseccomp/fseccomp default seccomp |
| 60 | src/fsec-optimize/fsec-optimize seccomp | 58 | src/fsec-optimize/fsec-optimize seccomp |
| 61 | |||
| 62 | seccomp.debug: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
| 63 | src/fseccomp/fseccomp default seccomp.debug allow-debuggers | 59 | src/fseccomp/fseccomp default seccomp.debug allow-debuggers |
| 64 | src/fsec-optimize/fsec-optimize seccomp.debug | 60 | src/fsec-optimize/fsec-optimize seccomp.debug |
| 65 | |||
| 66 | seccomp.32: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
| 67 | src/fseccomp/fseccomp secondary 32 seccomp.32 | 61 | src/fseccomp/fseccomp secondary 32 seccomp.32 |
| 68 | src/fsec-optimize/fsec-optimize seccomp.32 | 62 | src/fsec-optimize/fsec-optimize seccomp.32 |
| 69 | |||
| 70 | seccomp.block_secondary: src/fseccomp/fseccomp | ||
| 71 | src/fseccomp/fseccomp secondary block seccomp.block_secondary | 63 | src/fseccomp/fseccomp secondary block seccomp.block_secondary |
| 72 | |||
| 73 | seccomp.mdwx: src/fseccomp/fseccomp | ||
| 74 | src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx | 64 | src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx |
| 75 | |||
| 76 | seccomp.mdwx.32: src/fseccomp/fseccomp | ||
| 77 | src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32 | 65 | src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32 |
| 66 | endef | ||
| 67 | |||
| 68 | |||
| 78 | 69 | ||
| 79 | # Makes all targets in contrib/ | 70 | # Makes all targets in contrib/ |
| 80 | .PHONY: contrib | 71 | .PHONY: contrib |
| @@ -187,6 +178,7 @@ endif | |||
| 187 | # libraries and plugins | 178 | # libraries and plugins |
| 188 | install -m 0755 -d $(DESTDIR)$(libdir)/firejail | 179 | install -m 0755 -d $(DESTDIR)$(libdir)/firejail |
| 189 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/firecfg/firejail-welcome.sh | 180 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/firecfg/firejail-welcome.sh |
| 181 | $(call build_filters) | ||
| 190 | install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS) | 182 | install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS) |
| 191 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS) | 183 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS) |
| 192 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/profstats/profstats | 184 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/profstats/profstats |
| @@ -20,6 +20,8 @@ firejail (0.9.73) baseline; urgency=low | |||
| 20 | #5618) | 20 | #5618) |
| 21 | * bugfix: fix --hostname and --hosts-file commands | 21 | * bugfix: fix --hostname and --hosts-file commands |
| 22 | * bugfix: arp.c: ensure positive timeout on select(2) (#5806) | 22 | * bugfix: arp.c: ensure positive timeout on select(2) (#5806) |
| 23 | * bugfix: makefiles fixes: seccomp filters and man pages are build every | ||
| 24 | time when running make | ||
| 23 | * build: auto-generate syntax files (#5627) | 25 | * build: auto-generate syntax files (#5627) |
| 24 | * build: mark all phony targets as such (#5637) | 26 | * build: mark all phony targets as such (#5637) |
| 25 | * build: mkdeb.sh: pass all arguments to ./configure (#5654) | 27 | * build: mkdeb.sh: pass all arguments to ./configure (#5654) |