diff options
author | startx2017 <vradu.startx@protonmail.com> | 2021-02-28 07:49:20 -0500 |
---|---|---|
committer | startx2017 <vradu.startx@protonmail.com> | 2021-02-28 07:49:20 -0500 |
commit | 72ba0b7e5e5baf79fa4f33000e45d2ad48d54708 (patch) | |
tree | dea7d33b9075fcc3aef7bbbf9060b06e7d896ce7 | |
parent | dbus.c: check_object_path: Allow /StatusNotifierWatcher (#4015) (diff) | |
download | firejail-72ba0b7e5e5baf79fa4f33000e45d2ad48d54708.tar.gz firejail-72ba0b7e5e5baf79fa4f33000e45d2ad48d54708.tar.zst firejail-72ba0b7e5e5baf79fa4f33000e45d2ad48d54708.zip |
compile time: disable --output
-rwxr-xr-x | configure | 17 | ||||
-rw-r--r-- | configure.ac | 9 | ||||
-rw-r--r-- | src/common.mk.in | 3 | ||||
-rw-r--r-- | src/firejail/checkcfg.c | 8 | ||||
-rw-r--r-- | src/firejail/main.c | 2 | ||||
-rw-r--r-- | src/firejail/output.c | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 2 |
7 files changed, 42 insertions, 1 deletions
@@ -645,6 +645,7 @@ HAVE_FIRETUNNEL | |||
645 | HAVE_GAWK | 645 | HAVE_GAWK |
646 | HAVE_MAN | 646 | HAVE_MAN |
647 | HAVE_USERTMPFS | 647 | HAVE_USERTMPFS |
648 | HAVE_OUTPUT | ||
648 | HAVE_OVERLAYFS | 649 | HAVE_OVERLAYFS |
649 | HAVE_DBUSPROXY | 650 | HAVE_DBUSPROXY |
650 | EXTRA_LDFLAGS | 651 | EXTRA_LDFLAGS |
@@ -711,6 +712,7 @@ enable_option_checking | |||
711 | enable_analyzer | 712 | enable_analyzer |
712 | enable_apparmor | 713 | enable_apparmor |
713 | enable_dbusproxy | 714 | enable_dbusproxy |
715 | enable_output | ||
714 | enable_usertmpfs | 716 | enable_usertmpfs |
715 | enable_man | 717 | enable_man |
716 | enable_firetunnel | 718 | enable_firetunnel |
@@ -1366,6 +1368,7 @@ Optional Features: | |||
1366 | --enable-analyzer enable GCC 10 static analyzer | 1368 | --enable-analyzer enable GCC 10 static analyzer |
1367 | --enable-apparmor enable apparmor | 1369 | --enable-apparmor enable apparmor |
1368 | --disable-dbusproxy disable dbus proxy | 1370 | --disable-dbusproxy disable dbus proxy |
1371 | --disable-output disable --output logging | ||
1369 | --disable-usertmpfs disable tmpfs as regular user | 1372 | --disable-usertmpfs disable tmpfs as regular user |
1370 | --disable-man disable man pages | 1373 | --disable-man disable man pages |
1371 | --disable-firetunnel disable firetunnel | 1374 | --disable-firetunnel disable firetunnel |
@@ -3539,6 +3542,19 @@ HAVE_OVERLAYFS="" | |||
3539 | # AC_SUBST(HAVE_OVERLAYFS) | 3542 | # AC_SUBST(HAVE_OVERLAYFS) |
3540 | #]) | 3543 | #]) |
3541 | 3544 | ||
3545 | HAVE_OUTPUT="" | ||
3546 | # Check whether --enable-output was given. | ||
3547 | if test "${enable_output+set}" = set; then : | ||
3548 | enableval=$enable_output; | ||
3549 | fi | ||
3550 | |||
3551 | if test "x$enable_output" != "xno"; then : | ||
3552 | |||
3553 | HAVE_OUTPUT="-DHAVE_OUTPUT" | ||
3554 | |||
3555 | |||
3556 | fi | ||
3557 | |||
3542 | HAVE_USERTMPFS="" | 3558 | HAVE_USERTMPFS="" |
3543 | # Check whether --enable-usertmpfs was given. | 3559 | # Check whether --enable-usertmpfs was given. |
3544 | if test "${enable_usertmpfs+set}" = set; then : | 3560 | if test "${enable_usertmpfs+set}" = set; then : |
@@ -5480,6 +5496,7 @@ echo " file transfer support: $HAVE_FILE_TRANSFER" | |||
5480 | echo " overlayfs support: $HAVE_OVERLAYFS" | 5496 | echo " overlayfs support: $HAVE_OVERLAYFS" |
5481 | echo " DBUS proxy support: $HAVE_DBUSPROXY" | 5497 | echo " DBUS proxy support: $HAVE_DBUSPROXY" |
5482 | echo " allow tmpfs as regular user: $HAVE_USERTMPFS" | 5498 | echo " allow tmpfs as regular user: $HAVE_USERTMPFS" |
5499 | echo " enable --ouput logging: $HAVE_OUTPUT" | ||
5483 | echo " Manpage support: $HAVE_MAN" | 5500 | echo " Manpage support: $HAVE_MAN" |
5484 | echo " firetunnel support: $HAVE_FIRETUNNEL" | 5501 | echo " firetunnel support: $HAVE_FIRETUNNEL" |
5485 | echo " busybox workaround: $BUSYBOX_WORKAROUND" | 5502 | echo " busybox workaround: $BUSYBOX_WORKAROUND" |
diff --git a/configure.ac b/configure.ac index b2e9a7b86..0556da374 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -77,6 +77,14 @@ AC_SUBST(HAVE_OVERLAYFS) | |||
77 | # AC_SUBST(HAVE_OVERLAYFS) | 77 | # AC_SUBST(HAVE_OVERLAYFS) |
78 | #]) | 78 | #]) |
79 | 79 | ||
80 | HAVE_OUTPUT="" | ||
81 | AC_ARG_ENABLE([output], | ||
82 | AS_HELP_STRING([--disable-output], [disable --output logging])) | ||
83 | AS_IF([test "x$enable_output" != "xno"], [ | ||
84 | HAVE_OUTPUT="-DHAVE_OUTPUT" | ||
85 | AC_SUBST(HAVE_OUTPUT) | ||
86 | ]) | ||
87 | |||
80 | HAVE_USERTMPFS="" | 88 | HAVE_USERTMPFS="" |
81 | AC_ARG_ENABLE([usertmpfs], | 89 | AC_ARG_ENABLE([usertmpfs], |
82 | AS_HELP_STRING([--disable-usertmpfs], [disable tmpfs as regular user])) | 90 | AS_HELP_STRING([--disable-usertmpfs], [disable tmpfs as regular user])) |
@@ -253,6 +261,7 @@ echo " file transfer support: $HAVE_FILE_TRANSFER" | |||
253 | echo " overlayfs support: $HAVE_OVERLAYFS" | 261 | echo " overlayfs support: $HAVE_OVERLAYFS" |
254 | echo " DBUS proxy support: $HAVE_DBUSPROXY" | 262 | echo " DBUS proxy support: $HAVE_DBUSPROXY" |
255 | echo " allow tmpfs as regular user: $HAVE_USERTMPFS" | 263 | echo " allow tmpfs as regular user: $HAVE_USERTMPFS" |
264 | echo " enable --ouput logging: $HAVE_OUTPUT" | ||
256 | echo " Manpage support: $HAVE_MAN" | 265 | echo " Manpage support: $HAVE_MAN" |
257 | echo " firetunnel support: $HAVE_FIRETUNNEL" | 266 | echo " firetunnel support: $HAVE_FIRETUNNEL" |
258 | echo " busybox workaround: $BUSYBOX_WORKAROUND" | 267 | echo " busybox workaround: $BUSYBOX_WORKAROUND" |
diff --git a/src/common.mk.in b/src/common.mk.in index b8a13cd1b..77d8539ef 100644 --- a/src/common.mk.in +++ b/src/common.mk.in | |||
@@ -25,6 +25,7 @@ HAVE_GCOV=@HAVE_GCOV@ | |||
25 | HAVE_SELINUX=@HAVE_SELINUX@ | 25 | HAVE_SELINUX=@HAVE_SELINUX@ |
26 | HAVE_DBUSPROXY=@HAVE_DBUSPROXY@ | 26 | HAVE_DBUSPROXY=@HAVE_DBUSPROXY@ |
27 | HAVE_USERTMPFS=@HAVE_USERTMPFS@ | 27 | HAVE_USERTMPFS=@HAVE_USERTMPFS@ |
28 | HAVE_OUTPUT=@HAVE_OUTPUT@ | ||
28 | 29 | ||
29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 30 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
30 | C_FILE_LIST = $(sort $(wildcard *.c)) | 31 | C_FILE_LIST = $(sort $(wildcard *.c)) |
@@ -34,7 +35,7 @@ BINOBJS = $(foreach file, $(OBJS), $file) | |||
34 | CFLAGS = @CFLAGS@ | 35 | CFLAGS = @CFLAGS@ |
35 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | 36 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) |
36 | CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' | 37 | CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' |
37 | MANFLAGS = $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) | 38 | MANFLAGS = $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) |
38 | CFLAGS += $(MANFLAGS) | 39 | CFLAGS += $(MANFLAGS) |
39 | CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security | 40 | CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security |
40 | LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread | 41 | LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread |
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 71dc364c9..9d327933f 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -380,4 +380,12 @@ void print_compiletime_support(void) { | |||
380 | "disabled" | 380 | "disabled" |
381 | #endif | 381 | #endif |
382 | ); | 382 | ); |
383 | |||
384 | printf("\t- output logging is %s\n", | ||
385 | #ifdef HAVE_OUTPUT | ||
386 | "enabled" | ||
387 | #else | ||
388 | "disabled" | ||
389 | #endif | ||
390 | ); | ||
383 | } | 391 | } |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 9b4f2bc60..fe806dcdb 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1233,10 +1233,12 @@ int main(int argc, char **argv, char **envp) { | |||
1233 | #endif | 1233 | #endif |
1234 | } | 1234 | } |
1235 | } | 1235 | } |
1236 | #ifdef HAVE_OUTPUT | ||
1236 | else { | 1237 | else { |
1237 | // check --output option and execute it; | 1238 | // check --output option and execute it; |
1238 | check_output(argc, argv); // the function will not return if --output or --output-stderr option was found | 1239 | check_output(argc, argv); // the function will not return if --output or --output-stderr option was found |
1239 | } | 1240 | } |
1241 | #endif | ||
1240 | EUID_ASSERT(); | 1242 | EUID_ASSERT(); |
1241 | 1243 | ||
1242 | // check for force-nonewprivs in /etc/firejail/firejail.config file | 1244 | // check for force-nonewprivs in /etc/firejail/firejail.config file |
diff --git a/src/firejail/output.c b/src/firejail/output.c index db9728a3d..835dff2db 100644 --- a/src/firejail/output.c +++ b/src/firejail/output.c | |||
@@ -22,6 +22,7 @@ | |||
22 | #include <sys/stat.h> | 22 | #include <sys/stat.h> |
23 | #include <unistd.h> | 23 | #include <unistd.h> |
24 | 24 | ||
25 | #ifdef HAVE_OUTPUT | ||
25 | void check_output(int argc, char **argv) { | 26 | void check_output(int argc, char **argv) { |
26 | EUID_ASSERT(); | 27 | EUID_ASSERT(); |
27 | 28 | ||
@@ -149,3 +150,4 @@ void check_output(int argc, char **argv) { | |||
149 | perror("execvp"); | 150 | perror("execvp"); |
150 | exit(1); | 151 | exit(1); |
151 | } | 152 | } |
153 | #endif | ||
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 81bd5a049..b251f8191 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1642,6 +1642,7 @@ Disable video devices. | |||
1642 | \fB\-\-nowhitelist=dirname_or_filename | 1642 | \fB\-\-nowhitelist=dirname_or_filename |
1643 | Disable whitelist for this directory or file. | 1643 | Disable whitelist for this directory or file. |
1644 | 1644 | ||
1645 | #ifdef HAVE_OUTPUT | ||
1645 | .TP | 1646 | .TP |
1646 | \fB\-\-output=logfile | 1647 | \fB\-\-output=logfile |
1647 | stdout logging and log rotation. Copy stdout to logfile, and keep the size of the file under 500KB using log | 1648 | stdout logging and log rotation. Copy stdout to logfile, and keep the size of the file under 500KB using log |
@@ -1672,6 +1673,7 @@ $ ls -l sandboxlog* | |||
1672 | .TP | 1673 | .TP |
1673 | \fB\-\-output-stderr=logfile | 1674 | \fB\-\-output-stderr=logfile |
1674 | Similar to \-\-output, but stderr is also stored. | 1675 | Similar to \-\-output, but stderr is also stored. |
1676 | #endif | ||
1675 | 1677 | ||
1676 | #ifdef HAVE_OVERLAYFS | 1678 | #ifdef HAVE_OVERLAYFS |
1677 | .TP | 1679 | .TP |