aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@protonmail.com>2023-06-27 17:24:33 -0400
committerLibravatar netblue30 <netblue30@protonmail.com>2023-06-27 17:24:33 -0400
commit52490240133df6533466d99674ffb28482ac0687 (patch)
tree233c3ccf8997b0fcc581f2991d2641cb525e6f96
parentfbreader/FBReader profile fixes; more on static ip map (diff)
parentRELNOTES: add build items (diff)
downloadfirejail-52490240133df6533466d99674ffb28482ac0687.tar.gz
firejail-52490240133df6533466d99674ffb28482ac0687.tar.zst
firejail-52490240133df6533466d99674ffb28482ac0687.zip
Merge branch 'master' of ssh://github.com/netblue30/firejail
Diffstat
-rw-r--r--.github/workflows/build-extra.yml10
-rw-r--r--.github/workflows/build.yml2
-rw-r--r--.github/workflows/codeql-analysis.yml8
-rw-r--r--.github/workflows/profile-checks.yml2
-rw-r--r--RELNOTES3
-rw-r--r--config.mk.in81
-rw-r--r--src/etc-cleanup/Makefile2
-rw-r--r--src/fbuilder/Makefile2
-rw-r--r--src/fcopy/Makefile4
-rw-r--r--src/fids/Makefile2
-rw-r--r--src/firecfg/Makefile4
-rw-r--r--src/firejail/Makefile4
-rw-r--r--src/firemon/Makefile4
-rw-r--r--src/fldd/Makefile4
-rw-r--r--src/fnet/Makefile4
-rw-r--r--src/fnetfilter/Makefile4
-rw-r--r--src/fsec-optimize/Makefile4
-rw-r--r--src/fsec-print/Makefile4
-rw-r--r--src/fseccomp/Makefile4
-rw-r--r--src/fzenity/Makefile2
-rw-r--r--src/jailcheck/Makefile4
-rw-r--r--src/libpostexecseccomp/Makefile2
-rw-r--r--src/libtracelog/Makefile2
-rw-r--r--src/profstats/Makefile2
-rw-r--r--src/prog.mk26
-rw-r--r--src/so.mk23
26 files changed, 118 insertions, 95 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml
index dd0dc4da0..8754e7eff 100644
--- a/.github/workflows/build-extra.yml
+++ b/.github/workflows/build-extra.yml
@@ -54,7 +54,7 @@ jobs:
54 runs-on: ubuntu-22.04 54 runs-on: ubuntu-22.04
55 steps: 55 steps:
56 - name: Harden Runner 56 - name: Harden Runner
57 uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 57 uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
58 with: 58 with:
59 egress-policy: block 59 egress-policy: block
60 allowed-endpoints: > 60 allowed-endpoints: >
@@ -84,7 +84,7 @@ jobs:
84 runs-on: ubuntu-22.04 84 runs-on: ubuntu-22.04
85 steps: 85 steps:
86 - name: Harden Runner 86 - name: Harden Runner
87 uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 87 uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
88 with: 88 with:
89 egress-policy: block 89 egress-policy: block
90 allowed-endpoints: > 90 allowed-endpoints: >
@@ -110,7 +110,7 @@ jobs:
110 runs-on: ubuntu-22.04 110 runs-on: ubuntu-22.04
111 steps: 111 steps:
112 - name: Harden Runner 112 - name: Harden Runner
113 uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 113 uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
114 with: 114 with:
115 egress-policy: block 115 egress-policy: block
116 allowed-endpoints: > 116 allowed-endpoints: >
@@ -132,7 +132,7 @@ jobs:
132 runs-on: ubuntu-20.04 132 runs-on: ubuntu-20.04
133 steps: 133 steps:
134 - name: Harden Runner 134 - name: Harden Runner
135 uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 135 uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
136 with: 136 with:
137 egress-policy: block 137 egress-policy: block
138 allowed-endpoints: > 138 allowed-endpoints: >
@@ -150,7 +150,7 @@ jobs:
150 runs-on: ubuntu-22.04 150 runs-on: ubuntu-22.04
151 steps: 151 steps:
152 - name: Harden Runner 152 - name: Harden Runner
153 uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 153 uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
154 with: 154 with:
155 egress-policy: block 155 egress-policy: block
156 allowed-endpoints: > 156 allowed-endpoints: >
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index afa8d1305..32dbaf8cc 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -46,7 +46,7 @@ jobs:
46 SHELL: /bin/bash 46 SHELL: /bin/bash
47 steps: 47 steps:
48 - name: Harden Runner 48 - name: Harden Runner
49 uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 49 uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
50 with: 50 with:
51 egress-policy: block 51 egress-policy: block
52 allowed-endpoints: > 52 allowed-endpoints: >
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index eec359f40..9b82ab240 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -75,7 +75,7 @@ jobs:
75 75
76 steps: 76 steps:
77 - name: Harden Runner 77 - name: Harden Runner
78 uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 78 uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
79 with: 79 with:
80 disable-sudo: true 80 disable-sudo: true
81 egress-policy: block 81 egress-policy: block
@@ -93,7 +93,7 @@ jobs:
93 93
94 # Initializes the CodeQL tools for scanning. 94 # Initializes the CodeQL tools for scanning.
95 - name: Initialize CodeQL 95 - name: Initialize CodeQL
96 uses: github/codeql-action/init@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e 96 uses: github/codeql-action/init@f6e388ebf0efc915c6c5b165b019ee61a6746a38
97 with: 97 with:
98 languages: ${{ matrix.language }} 98 languages: ${{ matrix.language }}
99 # If you wish to specify custom queries, you can do so here or in a config file. 99 # If you wish to specify custom queries, you can do so here or in a config file.
@@ -104,7 +104,7 @@ jobs:
104 # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). 104 # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
105 # If this step fails, then you should remove it and run the build manually (see below) 105 # If this step fails, then you should remove it and run the build manually (see below)
106 - name: Autobuild 106 - name: Autobuild
107 uses: github/codeql-action/autobuild@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e 107 uses: github/codeql-action/autobuild@f6e388ebf0efc915c6c5b165b019ee61a6746a38
108 108
109 # ℹī¸ Command-line programs to run using the OS shell. 109 # ℹī¸ Command-line programs to run using the OS shell.
110 # 📚 https://git.io/JvXDl 110 # 📚 https://git.io/JvXDl
@@ -118,4 +118,4 @@ jobs:
118 # make release 118 # make release
119 119
120 - name: Perform CodeQL Analysis 120 - name: Perform CodeQL Analysis
121 uses: github/codeql-action/analyze@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e 121 uses: github/codeql-action/analyze@f6e388ebf0efc915c6c5b165b019ee61a6746a38
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml
index 8418a390b..0e7403508 100644
--- a/.github/workflows/profile-checks.yml
+++ b/.github/workflows/profile-checks.yml
@@ -24,7 +24,7 @@ jobs:
24 runs-on: ubuntu-latest 24 runs-on: ubuntu-latest
25 steps: 25 steps:
26 - name: Harden Runner 26 - name: Harden Runner
27 uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 27 uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
28 with: 28 with:
29 disable-sudo: true 29 disable-sudo: true
30 egress-policy: block 30 egress-policy: block
diff --git a/RELNOTES b/RELNOTES
index 2922b7765..718ac17a4 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -26,6 +26,9 @@ firejail (0.9.73) baseline; urgency=low
26 * build: deb: enable apparmor by default & remove deb-apparmor (#5668) 26 * build: deb: enable apparmor by default & remove deb-apparmor (#5668)
27 * build: Fix whitespace and add .editorconfig (#5674) 27 * build: Fix whitespace and add .editorconfig (#5674)
28 * build: enable compiler warnings by default (#5842) 28 * build: enable compiler warnings by default (#5842)
29 * build: remove -mretpoline and NO_EXTRA_CFLAGS (#5859)
30 * build: disable all built-in implicit make rules (#5864)
31 * build: organize and standardize make vars and targets (#5866)
29 * ci: always update the package db before installing packages (#5742) 32 * ci: always update the package db before installing packages (#5742)
30 * ci: fix codeql unable to download its own bundle (#5783) 33 * ci: fix codeql unable to download its own bundle (#5783)
31 * ci: split configure/build/install commands on gitlab (#5784) 34 * ci: split configure/build/install commands on gitlab (#5784)
diff --git a/config.mk.in b/config.mk.in
index 6ee541507..f3c1f658c 100644
--- a/config.mk.in
+++ b/config.mk.in
@@ -22,35 +22,56 @@ docdir=@docdir@
22mandir=@mandir@ 22mandir=@mandir@
23sysconfdir=@sysconfdir@ 23sysconfdir=@sysconfdir@
24 24
25HAVE_CONTRIB_INSTALL=@HAVE_CONTRIB_INSTALL@ 25# Misc flags
26BUSYBOX_WORKAROUND=@BUSYBOX_WORKAROUND@ 26BUSYBOX_WORKAROUND=@BUSYBOX_WORKAROUND@
27HAVE_SUID=@HAVE_SUID@ 27HAVE_CONTRIB_INSTALL=@HAVE_CONTRIB_INSTALL@
28HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@
29HAVE_GCOV=@HAVE_GCOV@
28HAVE_MAN=@HAVE_MAN@ 30HAVE_MAN=@HAVE_MAN@
29 31
32# MANFLAGS
33HAVE_APPARMOR=@HAVE_APPARMOR@
30HAVE_CHROOT=@HAVE_CHROOT@ 34HAVE_CHROOT=@HAVE_CHROOT@
31HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ 35HAVE_DBUSPROXY=@HAVE_DBUSPROXY@
32HAVE_NETWORK=@HAVE_NETWORK@
33HAVE_USERNS=@HAVE_USERNS@
34HAVE_X11=@HAVE_X11@
35HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ 36HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@
37HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@
38HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@
36HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ 39HAVE_GLOBALCFG=@HAVE_GLOBALCFG@
37HAVE_APPARMOR=@HAVE_APPARMOR@ 40HAVE_IDS=@HAVE_IDS@
41HAVE_LTS=@HAVE_LTS@
42HAVE_NETWORK=@HAVE_NETWORK@
43HAVE_ONLY_SYSCFG_PROFILES=@HAVE_ONLY_SYSCFG_PROFILES@
44HAVE_OUTPUT=@HAVE_OUTPUT@
38HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ 45HAVE_OVERLAYFS=@HAVE_OVERLAYFS@
39HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@
40HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ 46HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@
41HAVE_PRIVATE_LIB=@HAVE_PRIVATE_LIB@ 47HAVE_PRIVATE_LIB=@HAVE_PRIVATE_LIB@
42HAVE_IDS=@HAVE_IDS@
43HAVE_GCOV=@HAVE_GCOV@
44HAVE_SELINUX=@HAVE_SELINUX@ 48HAVE_SELINUX=@HAVE_SELINUX@
45HAVE_SUID=@HAVE_SUID@ 49HAVE_SUID=@HAVE_SUID@
46HAVE_DBUSPROXY=@HAVE_DBUSPROXY@ 50HAVE_USERNS=@HAVE_USERNS@
47HAVE_USERTMPFS=@HAVE_USERTMPFS@ 51HAVE_USERTMPFS=@HAVE_USERTMPFS@
48HAVE_OUTPUT=@HAVE_OUTPUT@ 52HAVE_X11=@HAVE_X11@
49HAVE_LTS=@HAVE_LTS@
50HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@
51HAVE_ONLY_SYSCFG_PROFILES=@HAVE_ONLY_SYSCFG_PROFILES@
52 53
53MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_PRIVATE_LIB) $(HAVE_APPARMOR) $(HAVE_IDS) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_SELINUX) $(HAVE_SUID) $(HAVE_FORCE_NONEWPRIVS) $(HAVE_ONLY_SYSCFG_PROFILES) 54MANFLAGS = \
55 $(HAVE_APPARMOR) \
56 $(HAVE_CHROOT) \
57 $(HAVE_DBUSPROXY) \
58 $(HAVE_FILE_TRANSFER) \
59 $(HAVE_FIRETUNNEL) \
60 $(HAVE_FORCE_NONEWPRIVS) \
61 $(HAVE_GLOBALCFG) \
62 $(HAVE_IDS) \
63 $(HAVE_LTS) \
64 $(HAVE_NETWORK) \
65 $(HAVE_ONLY_SYSCFG_PROFILES) \
66 $(HAVE_OUTPUT) \
67 $(HAVE_OVERLAYFS) \
68 $(HAVE_PRIVATE_HOME) \
69 $(HAVE_PRIVATE_LIB) \
70 $(HAVE_SELINUX) \
71 $(HAVE_SUID) \
72 $(HAVE_USERNS) \
73 $(HAVE_USERTMPFS) \
74 $(HAVE_X11)
54 75
55# User variables - should not be modified in the code (as they are reserved for 76# User variables - should not be modified in the code (as they are reserved for
56# the user building the package); see the following for details: 77# the user building the package); see the following for details:
@@ -60,7 +81,29 @@ CFLAGS=@CFLAGS@
60LDFLAGS=@LDFLAGS@ 81LDFLAGS=@LDFLAGS@
61 82
62# Project variables 83# Project variables
63LIBS=@LIBS@ 84EXTRA_CFLAGS =@EXTRA_CFLAGS@
85COMMON_CFLAGS = \
86 -ggdb -O2 -DVERSION='"$(VERSION)"' \
87 -Wall -Wextra $(HAVE_FATAL_WARNINGS) \
88 -Wformat -Wformat-security \
89 -fstack-protector-all -D_FORTIFY_SOURCE=2 \
90 -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' \
91 -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' \
92 -DVARDIR='"/var/lib/firejail"' \
93
94PROG_CFLAGS = \
95 $(COMMON_CFLAGS) \
96 $(HAVE_GCOV) $(MANFLAGS) \
97 $(EXTRA_CFLAGS) \
98 -fPIE
99
100SO_CFLAGS = \
101 $(COMMON_CFLAGS) \
102 -fPIC
103
104EXTRA_LDFLAGS =@EXTRA_LDFLAGS@
105PROG_LDFLAGS = -Wl,-z,relro -Wl,-z,now -fPIE -pie $(EXTRA_LDFLAGS)
106SO_LDFLAGS = -Wl,-z,relro -Wl,-z,now -fPIC
107LIBS =@LIBS@
64 108
65EXTRA_CFLAGS +=@EXTRA_CFLAGS@ 109CLEANFILES = *.o *.gcov *.gcda *.gcno *.plist
66EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@
diff --git a/src/etc-cleanup/Makefile b/src/etc-cleanup/Makefile
index c8a12476e..c3c482bdb 100644
--- a/src/etc-cleanup/Makefile
+++ b/src/etc-cleanup/Makefile
@@ -5,6 +5,6 @@ ROOT = ../..
5PROG = etc-cleanup 5PROG = etc-cleanup
6TARGET = $(PROG) 6TARGET = $(PROG)
7 7
8MOD_HDRS = ../include/etc_groups.h 8EXTRA_HDRS = ../include/etc_groups.h
9 9
10include $(ROOT)/src/prog.mk 10include $(ROOT)/src/prog.mk
diff --git a/src/fbuilder/Makefile b/src/fbuilder/Makefile
index 7595f0775..634bf725f 100644
--- a/src/fbuilder/Makefile
+++ b/src/fbuilder/Makefile
@@ -5,6 +5,6 @@ ROOT = ../..
5PROG = fbuilder 5PROG = fbuilder
6TARGET = $(PROG) 6TARGET = $(PROG)
7 7
8MOD_HDRS = ../include/common.h ../include/syscall.h 8EXTRA_HDRS = ../include/common.h ../include/syscall.h
9 9
10include $(ROOT)/src/prog.mk 10include $(ROOT)/src/prog.mk
diff --git a/src/fcopy/Makefile b/src/fcopy/Makefile
index e2956fdd1..a3c4abe9d 100644
--- a/src/fcopy/Makefile
+++ b/src/fcopy/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
5PROG = fcopy 5PROG = fcopy
6TARGET = $(PROG) 6TARGET = $(PROG)
7 7
8MOD_HDRS = ../include/common.h ../include/syscall.h 8EXTRA_HDRS = ../include/common.h ../include/syscall.h
9MOD_OBJS = ../lib/common.o 9EXTRA_OBJS = ../lib/common.o
10 10
11include $(ROOT)/src/prog.mk 11include $(ROOT)/src/prog.mk
diff --git a/src/fids/Makefile b/src/fids/Makefile
index 901cbb470..76388a03d 100644
--- a/src/fids/Makefile
+++ b/src/fids/Makefile
@@ -5,6 +5,6 @@ ROOT = ../..
5PROG = fids 5PROG = fids
6TARGET = $(PROG) 6TARGET = $(PROG)
7 7
8MOD_HDRS = ../include/common.h 8EXTRA_HDRS = ../include/common.h
9 9
10include $(ROOT)/src/prog.mk 10include $(ROOT)/src/prog.mk
diff --git a/src/firecfg/Makefile b/src/firecfg/Makefile
index 59b713f1b..de4639ab6 100644
--- a/src/firecfg/Makefile
+++ b/src/firecfg/Makefile
@@ -5,13 +5,13 @@ ROOT = ../..
5PROG = firecfg 5PROG = firecfg
6TARGET = $(PROG) 6TARGET = $(PROG)
7 7
8MOD_HDRS = \ 8EXTRA_HDRS = \
9../include/common.h \ 9../include/common.h \
10../include/euid_common.h \ 10../include/euid_common.h \
11../include/libnetlink.h \ 11../include/libnetlink.h \
12../include/firejail_user.h \ 12../include/firejail_user.h \
13../include/pid.h 13../include/pid.h
14 14
15MOD_OBJS = ../lib/common.o ../lib/firejail_user.o 15EXTRA_OBJS = ../lib/common.o ../lib/firejail_user.o
16 16
17include $(ROOT)/src/prog.mk 17include $(ROOT)/src/prog.mk
diff --git a/src/firejail/Makefile b/src/firejail/Makefile
index 53bccf843..d3a4b4f81 100644
--- a/src/firejail/Makefile
+++ b/src/firejail/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
5PROG = firejail 5PROG = firejail
6TARGET = $(PROG) 6TARGET = $(PROG)
7 7
8MOD_HDRS = \ 8EXTRA_HDRS = \
9../include/rundefs.h \ 9../include/rundefs.h \
10../include/common.h \ 10../include/common.h \
11../include/ldd_utils.h \ 11../include/ldd_utils.h \
@@ -18,7 +18,7 @@ MOD_HDRS = \
18../include/etc_groups.h 18../include/etc_groups.h
19 19
20 20
21MOD_OBJS = \ 21EXTRA_OBJS = \
22../lib/common.o \ 22../lib/common.o \
23../lib/ldd_utils.o \ 23../lib/ldd_utils.o \
24../lib/firejail_user.o \ 24../lib/firejail_user.o \
diff --git a/src/firemon/Makefile b/src/firemon/Makefile
index e0059aee5..09387f3eb 100644
--- a/src/firemon/Makefile
+++ b/src/firemon/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
5PROG = firemon 5PROG = firemon
6TARGET = $(PROG) 6TARGET = $(PROG)
7 7
8MOD_HDRS = ../include/common.h ../include/pid.h 8EXTRA_HDRS = ../include/common.h ../include/pid.h
9MOD_OBJS = ../lib/common.o ../lib/pid.o 9EXTRA_OBJS = ../lib/common.o ../lib/pid.o
10 10
11include $(ROOT)/src/prog.mk 11include $(ROOT)/src/prog.mk
diff --git a/src/fldd/Makefile b/src/fldd/Makefile
index 86693a76c..7fec70a33 100644
--- a/src/fldd/Makefile
+++ b/src/fldd/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
5PROG = fldd 5PROG = fldd
6TARGET = $(PROG) 6TARGET = $(PROG)
7 7
8MOD_HDRS = ../include/common.h ../include/syscall.h ../include/ldd_utils.h 8EXTRA_HDRS = ../include/common.h ../include/syscall.h ../include/ldd_utils.h
9MOD_OBJS = ../lib/common.o ../lib/ldd_utils.o 9EXTRA_OBJS = ../lib/common.o ../lib/ldd_utils.o
10 10
11include $(ROOT)/src/prog.mk 11include $(ROOT)/src/prog.mk
diff --git a/src/fnet/Makefile b/src/fnet/Makefile
index 8efc6d26b..50bfdfffd 100644
--- a/src/fnet/Makefile
+++ b/src/fnet/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
5PROG = fnet 5PROG = fnet
6TARGET = $(PROG) 6TARGET = $(PROG)
7 7
8MOD_HDRS = ../include/common.h ../include/libnetlink.h 8EXTRA_HDRS = ../include/common.h ../include/libnetlink.h
9MOD_OBJS = ../lib/common.o ../lib/libnetlink.o 9EXTRA_OBJS = ../lib/common.o ../lib/libnetlink.o
10 10
11include $(ROOT)/src/prog.mk 11include $(ROOT)/src/prog.mk
diff --git a/src/fnetfilter/Makefile b/src/fnetfilter/Makefile
index 2be8311ae..156af3ed0 100644
--- a/src/fnetfilter/Makefile
+++ b/src/fnetfilter/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
5PROG = fnetfilter 5PROG = fnetfilter
6TARGET = $(PROG) 6TARGET = $(PROG)
7 7
8MOD_HDRS = ../include/common.h ../include/syscall.h 8EXTRA_HDRS = ../include/common.h ../include/syscall.h
9MOD_OBJS = ../lib/common.o 9EXTRA_OBJS = ../lib/common.o
10 10
11include $(ROOT)/src/prog.mk 11include $(ROOT)/src/prog.mk
diff --git a/src/fsec-optimize/Makefile b/src/fsec-optimize/Makefile
index 4941f13b1..5a14726a0 100644
--- a/src/fsec-optimize/Makefile
+++ b/src/fsec-optimize/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
5PROG = fsec-optimize 5PROG = fsec-optimize
6TARGET = $(PROG) 6TARGET = $(PROG)
7 7
8MOD_HDRS = ../include/common.h ../include/seccomp.h ../include/syscall.h 8EXTRA_HDRS = ../include/common.h ../include/seccomp.h ../include/syscall.h
9MOD_OBJS = ../lib/common.o ../lib/errno.o 9EXTRA_OBJS = ../lib/common.o ../lib/errno.o
10 10
11include $(ROOT)/src/prog.mk 11include $(ROOT)/src/prog.mk
diff --git a/src/fsec-print/Makefile b/src/fsec-print/Makefile
index 78e87a93f..d55167796 100644
--- a/src/fsec-print/Makefile
+++ b/src/fsec-print/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
5PROG = fsec-print 5PROG = fsec-print
6TARGET = $(PROG) 6TARGET = $(PROG)
7 7
8MOD_HDRS = ../include/common.h ../include/seccomp.h ../include/syscall.h 8EXTRA_HDRS = ../include/common.h ../include/seccomp.h ../include/syscall.h
9MOD_OBJS = ../lib/common.o ../lib/errno.o ../lib/syscall.o 9EXTRA_OBJS = ../lib/common.o ../lib/errno.o ../lib/syscall.o
10 10
11include $(ROOT)/src/prog.mk 11include $(ROOT)/src/prog.mk
diff --git a/src/fseccomp/Makefile b/src/fseccomp/Makefile
index 461179f4d..f8c35d41f 100644
--- a/src/fseccomp/Makefile
+++ b/src/fseccomp/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
5PROG = fseccomp 5PROG = fseccomp
6TARGET = $(PROG) 6TARGET = $(PROG)
7 7
8MOD_HDRS = ../include/common.h ../include/syscall.h 8EXTRA_HDRS = ../include/common.h ../include/syscall.h
9MOD_OBJS = ../lib/common.o ../lib/errno.o ../lib/syscall.o 9EXTRA_OBJS = ../lib/common.o ../lib/errno.o ../lib/syscall.o
10 10
11include $(ROOT)/src/prog.mk 11include $(ROOT)/src/prog.mk
diff --git a/src/fzenity/Makefile b/src/fzenity/Makefile
index a17a9252f..148babbe8 100644
--- a/src/fzenity/Makefile
+++ b/src/fzenity/Makefile
@@ -5,6 +5,6 @@ ROOT = ../..
5PROG = fzenity 5PROG = fzenity
6TARGET = $(PROG) 6TARGET = $(PROG)
7 7
8MOD_HDRS = ../include/common.h 8EXTRA_HDRS = ../include/common.h
9 9
10include $(ROOT)/src/prog.mk 10include $(ROOT)/src/prog.mk
diff --git a/src/jailcheck/Makefile b/src/jailcheck/Makefile
index 23cd9c1a9..3b0b83412 100644
--- a/src/jailcheck/Makefile
+++ b/src/jailcheck/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
5PROG = jailcheck 5PROG = jailcheck
6TARGET = $(PROG) 6TARGET = $(PROG)
7 7
8MOD_HDRS = ../include/common.h ../include/pid.h 8EXTRA_HDRS = ../include/common.h ../include/pid.h
9MOD_OBJS = ../lib/common.o ../lib/pid.o 9EXTRA_OBJS = ../lib/common.o ../lib/pid.o
10 10
11include $(ROOT)/src/prog.mk 11include $(ROOT)/src/prog.mk
diff --git a/src/libpostexecseccomp/Makefile b/src/libpostexecseccomp/Makefile
index dfd8eb318..c5ec14672 100644
--- a/src/libpostexecseccomp/Makefile
+++ b/src/libpostexecseccomp/Makefile
@@ -5,6 +5,6 @@ ROOT = ../..
5SO = libpostexecseccomp.so 5SO = libpostexecseccomp.so
6TARGET = $(SO) 6TARGET = $(SO)
7 7
8MOD_HDRS = ../include/seccomp.h ../include/rundefs.h 8EXTRA_HDRS = ../include/seccomp.h ../include/rundefs.h
9 9
10include $(ROOT)/src/so.mk 10include $(ROOT)/src/so.mk
diff --git a/src/libtracelog/Makefile b/src/libtracelog/Makefile
index ac48264df..2b43ce131 100644
--- a/src/libtracelog/Makefile
+++ b/src/libtracelog/Makefile
@@ -5,6 +5,6 @@ ROOT = ../..
5SO = libtracelog.so 5SO = libtracelog.so
6TARGET = $(SO) 6TARGET = $(SO)
7 7
8MOD_HDRS = ../include/rundefs.h 8EXTRA_HDRS = ../include/rundefs.h
9 9
10include $(ROOT)/src/so.mk 10include $(ROOT)/src/so.mk
diff --git a/src/profstats/Makefile b/src/profstats/Makefile
index b4cb1a6f7..ae88bf2fd 100644
--- a/src/profstats/Makefile
+++ b/src/profstats/Makefile
@@ -5,6 +5,6 @@ ROOT = ../..
5PROG = profstats 5PROG = profstats
6TARGET = $(PROG) 6TARGET = $(PROG)
7 7
8MOD_HDRS = ../include/common.h 8EXTRA_HDRS = ../include/common.h
9 9
10include $(ROOT)/src/prog.mk 10include $(ROOT)/src/prog.mk
diff --git a/src/prog.mk b/src/prog.mk
index e4473184f..70b3629b2 100644
--- a/src/prog.mk
+++ b/src/prog.mk
@@ -3,25 +3,11 @@
3# Note: $(ROOT)/config.mk must be included before this file. 3# Note: $(ROOT)/config.mk must be included before this file.
4# 4#
5# The includer should probably define PROG and TARGET and may also want to 5# The includer should probably define PROG and TARGET and may also want to
6# define MOD_HDRS, MOD_SRCS, MOD_OBJS, TOCLEAN and TODISTCLEAN. 6# define EXTRA_HDRS and EXTRA_OBJS and extend CLEANFILES.
7 7
8HDRS := $(sort $(wildcard *.h)) $(MOD_HDRS) 8HDRS := $(sort $(wildcard *.h)) $(EXTRA_HDRS)
9SRCS := $(sort $(wildcard *.c)) $(MOD_SRCS) 9SRCS := $(sort $(wildcard *.c))
10OBJS := $(SRCS:.c=.o) $(MOD_OBJS) 10OBJS := $(SRCS:.c=.o) $(EXTRA_OBJS)
11
12PROG_CFLAGS = \
13 -ggdb -O2 -DVERSION='"$(VERSION)"' \
14 -Wall -Wextra $(HAVE_FATAL_WARNINGS) \
15 -Wformat -Wformat-security \
16 -fstack-protector-all -D_FORTIFY_SOURCE=2 \
17 -fPIE \
18 -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' \
19 -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' \
20 -DVARDIR='"/var/lib/firejail"' \
21 $(HAVE_GCOV) $(MANFLAGS) \
22 $(EXTRA_CFLAGS)
23
24PROG_LDFLAGS = -pie -fPIE -Wl,-z,relro -Wl,-z,now $(EXTRA_LDFLAGS)
25 11
26.PHONY: all 12.PHONY: all
27all: $(TARGET) 13all: $(TARGET)
@@ -33,7 +19,7 @@ $(PROG): $(OBJS) $(ROOT)/config.mk
33 $(CC) $(PROG_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) 19 $(CC) $(PROG_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
34 20
35.PHONY: clean 21.PHONY: clean
36clean:; rm -fr *.o $(PROG) *.gcov *.gcda *.gcno *.plist $(TOCLEAN) 22clean:; rm -fr $(PROG) $(CLEANFILES)
37 23
38.PHONY: distclean 24.PHONY: distclean
39distclean: clean; rm -fr $(TODISTCLEAN) 25distclean: clean
diff --git a/src/so.mk b/src/so.mk
index e464a7bff..dadffc52f 100644
--- a/src/so.mk
+++ b/src/so.mk
@@ -3,20 +3,11 @@
3# Note: $(ROOT)/config.mk must be included before this file. 3# Note: $(ROOT)/config.mk must be included before this file.
4# 4#
5# The includer should probably define SO and TARGET and may also want to define 5# The includer should probably define SO and TARGET and may also want to define
6# MOD_HDRS, MOD_SRCS, MOD_OBJS, TOCLEAN and TODISTCLEAN. 6# EXTRA_HDRS and EXTRA_OBJS and extend CLEANFILES.
7 7
8HDRS := $(sort $(wildcard *.h)) $(MOD_HDRS) 8HDRS := $(sort $(wildcard *.h)) $(EXTRA_HDRS)
9SRCS := $(sort $(wildcard *.c)) $(MOD_SRCS) 9SRCS := $(sort $(wildcard *.c))
10OBJS := $(SRCS:.c=.o) $(MOD_OBJS) 10OBJS := $(SRCS:.c=.o) $(EXTRA_OBJS)
11
12SO_CFLAGS = \
13 -ggdb -O2 -DVERSION='"$(VERSION)"' \
14 -Wall -Wextra $(HAVE_FATAL_WARNINGS) \
15 -Wformat -Wformat-security \
16 -fstack-protector-all -D_FORTIFY_SOURCE=2 \
17 -fPIC
18
19SO_LDFLAGS = -pie -fPIE -Wl,-z,relro -Wl,-z,now
20 11
21.PHONY: all 12.PHONY: all
22all: $(TARGET) 13all: $(TARGET)
@@ -25,10 +16,10 @@ all: $(TARGET)
25 $(CC) $(SO_CFLAGS) $(CFLAGS) $(INCLUDE) -c $< -o $@ 16 $(CC) $(SO_CFLAGS) $(CFLAGS) $(INCLUDE) -c $< -o $@
26 17
27$(SO): $(OBJS) $(ROOT)/config.mk 18$(SO): $(OBJS) $(ROOT)/config.mk
28 $(CC) $(SO_LDFLAGS) -shared -fPIC -z relro $(LDFLAGS) -o $@ $(OBJS) -ldl 19 $(CC) $(SO_LDFLAGS) -shared $(LDFLAGS) -o $@ $(OBJS) -ldl
29 20
30.PHONY: clean 21.PHONY: clean
31clean:; rm -fr $(OBJS) $(SO) *.plist $(TOCLEAN) 22clean:; rm -fr $(SO) $(CLEANFILES)
32 23
33.PHONY: distclean 24.PHONY: distclean
34distclean: clean; rm -fr $(TODISTCLEAN) 25distclean: clean
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-02 11:17:35 +0000