remove LTS and FIRETUNNEL support

author: netblue30 <netblue30@protonmail.com> 2023-12-23 08:29:33 -0500
committer: netblue30 <netblue30@protonmail.com> 2023-12-23 08:29:33 -0500
commit: db09546f2946c921da1b07d9d3569c287238989b (patch)
tree: 5eb6edfb8cccfd9e9698a7750e19189b5deca2fe
parent: fix cppcheck (diff)
download: firejail-db09546f2946c921da1b07d9d3569c287238989b.tar.gz
firejail-db09546f2946c921da1b07d9d3569c287238989b.tar.zst
firejail-db09546f2946c921da1b07d9d3569c287238989b.zip
9 files changed, 2 insertions, 186 deletions
diff --git a/README b/README
index 81cf42dcd..b21de0f65 100644
--- a/README
+++ b/README
@@ -59,7 +59,7 @@ Committers:
 - rusty-snake (https://github.com/rusty-snake)
 - smitsohu (https://github.com/smitsohu)
 - SkewedZeppelin (https://github.com/SkewedZeppelin)
- startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches
+- startx2017 (https://github.com/startx2017)
  maintainer)
 - Topi Miettinen (https://github.com/topimiettinen)
 - veloute (https://github.com/veloute)
diff --git a/RELNOTES b/RELNOTES
index 02d9259a9..0ffd40049 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,5 +1,6 @@
 firejail (0.9.73) baseline; urgency=low
  * work in progress
+  * removed LTS and FIRETUNNEL support
  * feature: Add "keep-shell-rc" command and option (#1127 #5634)
  * feature: Print the argument when failing with "too long arguments" (#5677)
  * feature: a random hostname is assigned to each sandbox unless
diff --git a/config.mk.in b/config.mk.in
index d50c7d2f5..958efdb34 100644
--- a/config.mk.in
+++ b/config.mk.in
@@ -34,12 +34,10 @@ HAVE_APPARMOR=@HAVE_APPARMOR@
 HAVE_CHROOT=@HAVE_CHROOT@
 HAVE_DBUSPROXY=@HAVE_DBUSPROXY@
 HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@
-HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@
 HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@
 HAVE_GLOBALCFG=@HAVE_GLOBALCFG@
 HAVE_IDS=@HAVE_IDS@
 HAVE_LANDLOCK=@HAVE_LANDLOCK@
-HAVE_LTS=@HAVE_LTS@
 HAVE_NETWORK=@HAVE_NETWORK@
 HAVE_ONLY_SYSCFG_PROFILES=@HAVE_ONLY_SYSCFG_PROFILES@
 HAVE_OUTPUT=@HAVE_OUTPUT@
@@ -57,12 +55,10 @@ MANFLAGS = \
        $(HAVE_CHROOT) \
        $(HAVE_DBUSPROXY) \
        $(HAVE_FILE_TRANSFER) \
-        $(HAVE_FIRETUNNEL) \
        $(HAVE_FORCE_NONEWPRIVS) \
        $(HAVE_GLOBALCFG) \
        $(HAVE_IDS) \
        $(HAVE_LANDLOCK) \
-        $(HAVE_LTS) \
        $(HAVE_NETWORK) \
        $(HAVE_ONLY_SYSCFG_PROFILES) \
        $(HAVE_OUTPUT) \
diff --git a/configure b/configure
index 8c2d3b894..6bc68741e 100755
--- a/configure
+++ b/configure
@@ -650,7 +650,6 @@ ac_includes_default="\
 ac_header_c_list=
 ac_subst_vars='LTLIBOBJS
 LIBOBJS
-HAVE_LTS
 HAVE_ONLY_SYSCFG_PROFILES
 HAVE_FORCE_NONEWPRIVS
 HAVE_CONTRIB_INSTALL
@@ -666,7 +665,6 @@ HAVE_GLOBALCFG
 HAVE_CHROOT
 HAVE_PRIVATE_LIB
 HAVE_PRIVATE_HOME
-HAVE_FIRETUNNEL
 HAVE_GAWK
 HAVE_MAN
 HAVE_USERTMPFS
@@ -743,7 +741,6 @@ enable_dbusproxy
 enable_output
 enable_usertmpfs
 enable_man
-enable_firetunnel
 enable_private_home
 enable_private_lib
 enable_chroot
@@ -759,7 +756,6 @@ enable_gcov
 enable_contrib_install
 enable_force_nonewprivs
 enable_only_syscfg_profiles
-enable_lts
 '
      ac_precious_vars='build_alias
 host_alias
@@ -1403,7 +1399,6 @@ Optional Features:
  --disable-output        disable --output logging
  --disable-usertmpfs     disable tmpfs as regular user
  --disable-man           disable man pages
-  --enable-firetunnel     enable firetunnel
  --disable-private-home  disable private home feature
  --disable-private-lib   disable private lib feature
  --disable-chroot        disable chroot
@@ -1424,7 +1419,6 @@ Optional Features:
                          enable force nonewprivs
  --enable-only-syscfg-profiles
                          disable profiles in $HOME/.config/firejail
-  --enable-lts            enable long-term support software version (LTS)
 Some influential environment variables:
  CC          C compiler command
@@ -3913,21 +3907,6 @@ fi
 fi
-HAVE_FIRETUNNEL=""
-# Check whether --enable-firetunnel was given.
-if test ${enable_firetunnel+y}
-then :
-  enableval=$enable_firetunnel;
-fi
-if test "x$enable_firetunnel" = "xyes"
-then :
-        HAVE_FIRETUNNEL="-DHAVE_FIRETUNNEL"
-fi
 HAVE_PRIVATE_HOME=""
 # Check whether --enable-private-home was given.
@@ -4155,39 +4134,6 @@ then :
 fi
-HAVE_LTS=""
-# Check whether --enable-lts was given.
-if test ${enable_lts+y}
-then :
-  enableval=$enable_lts;
-fi
-if test "x$enable_lts" = "xyes"
-then :
-        HAVE_LTS="-DHAVE_LTS"
-        HAVE_LANDLOCK=""
-        HAVE_IDS=""
-        HAVE_DBUSPROXY=""
-        HAVE_OVERLAYFS=""
-        HAVE_OUTPUT=""
-        HAVE_USERTMPFS=""
-        HAVE_MAN="-DHAVE_MAN"
-        HAVE_FIRETUNNEL=""
-        HAVE_PRIVATE_HOME=""
-        HAVE_PRIVATE_LIB=""
-        HAVE_CHROOT=""
-        HAVE_GLOBALCFG=""
-        HAVE_USERNS=""
-        HAVE_X11=""
-        HAVE_FILE_TRANSFER=""
-        HAVE_SUID="-DHAVE_SUID"
-        BUSYBOX_WORKAROUND="no"
-        HAVE_CONTRIB_INSTALL="no"
-fi
 ac_fn_c_check_header_compile "$LINENO" "linux/seccomp.h" "ac_cv_header_linux_seccomp_h" "$ac_includes_default"
 if test "x$ac_cv_header_linux_seccomp_h" = xyes
 then :
@@ -5384,11 +5330,9 @@ Features:
   disable user profiles: $HAVE_ONLY_SYSCFG_PROFILES
   enable --output logging: $HAVE_OUTPUT
   file transfer support: $HAVE_FILE_TRANSFER
-   firetunnel support: $HAVE_FIRETUNNEL
   global config: $HAVE_GLOBALCFG
   IDS support: $HAVE_IDS
   Landlock support: $HAVE_LANDLOCK
-   LTS: $HAVE_LTS
   manpage support: $HAVE_MAN
   network: $HAVE_NETWORK
   overlayfs support: $HAVE_OVERLAYFS
@@ -5400,13 +5344,3 @@ Features:
 EOF
-if test "$HAVE_LTS" = -DHAVE_LTS; then
-        cat <<\EOF
-*********************************************************
-*    Warning: Long-term support (LTS) was enabled!      *
-*    Most compile-time options have been rewritten!     *
-*********************************************************
-EOF
-fi
diff --git a/configure.ac b/configure.ac
index bd80150ed..fc99820de 100644
--- a/configure.ac
+++ b/configure.ac
@@ -137,14 +137,6 @@ AS_IF([test "x$enable_man" != "xno"], [
        AS_IF([test "x$HAVE_GAWK" != "xyes"], [AC_MSG_ERROR([*** gawk not found ***])])
 ])
-HAVE_FIRETUNNEL=""
-AC_SUBST([HAVE_FIRETUNNEL])
-AC_ARG_ENABLE([firetunnel],
-    [AS_HELP_STRING([--enable-firetunnel], [enable firetunnel])])
-AS_IF([test "x$enable_firetunnel" = "xyes"], [
-        HAVE_FIRETUNNEL="-DHAVE_FIRETUNNEL"
-])
 HAVE_PRIVATE_HOME=""
 AC_SUBST([HAVE_PRIVATE_HOME])
 AC_ARG_ENABLE([private-home],
@@ -268,32 +260,6 @@ AS_IF([test "x$enable_only_syscfg_profiles" = "xyes"], [
        HAVE_ONLY_SYSCFG_PROFILES="-DHAVE_ONLY_SYSCFG_PROFILES"
 ])
-HAVE_LTS=""
-AC_SUBST([HAVE_LTS])
-AC_ARG_ENABLE([lts],
-    [AS_HELP_STRING([--enable-lts], [enable long-term support software version (LTS)])])
-AS_IF([test "x$enable_lts" = "xyes"], [
-        HAVE_LTS="-DHAVE_LTS"
-        HAVE_LANDLOCK=""
-        HAVE_IDS=""
-        HAVE_DBUSPROXY=""
-        HAVE_OVERLAYFS=""
-        HAVE_OUTPUT=""
-        HAVE_USERTMPFS=""
-        HAVE_MAN="-DHAVE_MAN"
-        HAVE_FIRETUNNEL=""
-        HAVE_PRIVATE_HOME=""
-        HAVE_PRIVATE_LIB=""
-        HAVE_CHROOT=""
-        HAVE_GLOBALCFG=""
-        HAVE_USERNS=""
-        HAVE_X11=""
-        HAVE_FILE_TRANSFER=""
-        HAVE_SUID="-DHAVE_SUID"
-        BUSYBOX_WORKAROUND="no"
-        HAVE_CONTRIB_INSTALL="no"
-])
 AC_CHECK_HEADER([linux/seccomp.h], [],
    [AC_MSG_ERROR([*** SECCOMP support is not installed (/usr/include/linux/seccomp.h missing) ***])])
@@ -332,11 +298,9 @@ Features:
   disable user profiles: $HAVE_ONLY_SYSCFG_PROFILES
   enable --output logging: $HAVE_OUTPUT
   file transfer support: $HAVE_FILE_TRANSFER
-   firetunnel support: $HAVE_FIRETUNNEL
   global config: $HAVE_GLOBALCFG
   IDS support: $HAVE_IDS
   Landlock support: $HAVE_LANDLOCK
-   LTS: $HAVE_LTS
   manpage support: $HAVE_MAN
   network: $HAVE_NETWORK
   overlayfs support: $HAVE_OVERLAYFS
@@ -347,13 +311,3 @@ Features:
   X11 sandboxing support: $HAVE_X11
 EOF
-if test "$HAVE_LTS" = -DHAVE_LTS; then
-        cat <<\EOF
-*********************************************************
-*    Warning: Long-term support (LTS) was enabled!      *
-*    Most compile-time options have been rewritten!     *
-*********************************************************
-EOF
-fi
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 7792c6541..3283fae13 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -349,13 +349,6 @@ static const char *const compiletime_support =
                "disabled"
 #endif
-        "\n\t- firetunnel support is "
-#ifdef HAVE_FIRETUNNEL
-                "enabled"
-#else
-                "disabled"
-#endif
        "\n\t- IDS support is "
 #ifdef HAVE_IDS
                "enabled"
diff --git a/src/firejail/main.c b/src/firejail/main.c
index aaa7c8a2f..76bfcede8 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1827,33 +1827,6 @@ int main(int argc, char **argv, char **envp) {
                                exit_err_feature("overlayfs");
                }
 #endif
-#ifdef HAVE_FIRETUNNEL
-                else if (strcmp(argv[i], "--tunnel") == 0) {
-                        // try to connect to the default client side of the tunnel
-                        // if this fails, try the default server side of the tunnel
-                        if (access("/run/firetunnel/ftc", R_OK) == 0)
-                                profile_read("/run/firetunnel/ftc");
-                        else if (access("/run/firetunnel/fts", R_OK) == 0)
-                                profile_read("/run/firetunnel/fts");
-                        else {
-                                fprintf(stderr, "Error: no default firetunnel found, please specify it using --tunnel=devname option\n");
-                                exit(1);
-                        }
-                }
-                else if (strncmp(argv[i], "--tunnel=", 9) == 0) {
-                        char *fname;
-                        if (asprintf(&fname, "/run/firetunnel/%s", argv[i] + 9) == -1)
-                                errExit("asprintf");
-                        invalid_filename(fname, 0); // no globbing
-                        if (access(fname, R_OK) == 0)
-                                profile_read(fname);
-                        else {
-                                fprintf(stderr, "Error: tunnel not found\n");
-                                exit(1);
-                        }
-                }
-#endif
                else if (strncmp(argv[i], "--include=", 10) == 0) {
                        char *ppath = expand_macros(argv[i] + 10);
                        if (!ppath)
diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in
index 9761edb76..ccc9a50a5 100644
--- a/src/man/firejail.1.in
+++ b/src/man/firejail.1.in
@@ -42,15 +42,6 @@ Miscellaneous:
 firejail {\-? | \-\-debug-caps | \-\-debug-errnos | \-\-debug-syscalls | \-\-debug-syscalls32 | \-\-debug-protocols | \-\-help | \-\-version}
 .RE
 .SH DESCRIPTION
-#ifdef HAVE_LTS
-This is Firejail long-term support (LTS), an enterprise focused version of the software,
-LTS is usually supported for two or three years.
-During this time only bugs and the occasional documentation problems are fixed.
-The attack surface of the SUID executable was greatly reduced by removing some of the features.
-.br
-.br
-#endif
 Firejail is a SUID sandbox program that reduces the risk of security breaches by
 restricting the running environment of untrusted applications using Linux
 namespaces, seccomp-bpf and Linux capabilities.
@@ -3043,28 +3034,6 @@ $ firejail \-\-tree
 .br
  11970:netblue:transmission-gtk
-#ifdef HAVE_FIRETUNNEL
-.TP
-\fB\-\-tunnel[=devname]
-Connect the sandbox to a network overlay/VPN tunnel created by firetunnel utility. This options
-tries first the client side of the tunnel. If this fails, it tries the server side. If multiple tunnels are active,
-please specify the tunnel device using \-\-tunnel=devname.
-.br
-.br
-The available tunnel devices are listed in /etc/firetunnel directory, one file for each device.
-The files are regular firejail profile files containing the network configuration,
-and are created and managed by firetunnel utility.
-By default ftc is the client-side device and fts is the server-side device. For more information
-please see man 1 firetunnel.
-.br
-.br
-Example:
-.br
-$ firejail --tunnel firefox
-.br
-#endif
 .TP
 \fB\-\-version
 Print program version/compile time support and exit.
diff --git a/src/zsh_completion/_firejail.in b/src/zsh_completion/_firejail.in
index bea5df2be..c4056b902 100644
--- a/src/zsh_completion/_firejail.in
+++ b/src/zsh_completion/_firejail.in
@@ -213,10 +213,6 @@ _firejail_args=(
    '--ls=-[list files in sandbox container name|pid]: :_all_firejails'
 #endif
-#ifdef HAVE_FIRETUNNEL
-    '--tunnel=-[connect the sandbox to a tunnel created by firetunnel utility]: :'
-#endif
 #ifdef HAVE_NETWORK
    '--bandwidth=-[set bandwidth limits name|pid]: :_all_firejails'
    '--defaultgw=[configure default gateway]: :'
author	netblue30 <netblue30@protonmail.com>	2023-12-23 08:29:33 -0500
committer	netblue30 <netblue30@protonmail.com>	2023-12-23 08:29:33 -0500
commit	db09546f2946c921da1b07d9d3569c287238989b (patch)
tree	5eb6edfb8cccfd9e9698a7750e19189b5deca2fe
parent	fix cppcheck (diff)
download	firejail-db09546f2946c921da1b07d9d3569c287238989b.tar.gz firejail-db09546f2946c921da1b07d9d3569c287238989b.tar.zst firejail-db09546f2946c921da1b07d9d3569c287238989b.zip

diff --git a/README b/README index 81cf42dcd..b21de0f65 100644 --- a/README +++ b/README
@@ -59,7 +59,7 @@ Committers:
59	- rusty-snake (https://github.com/rusty-snake)	59	- rusty-snake (https://github.com/rusty-snake)
60	- smitsohu (https://github.com/smitsohu)	60	- smitsohu (https://github.com/smitsohu)
61	- SkewedZeppelin (https://github.com/SkewedZeppelin)	61	- SkewedZeppelin (https://github.com/SkewedZeppelin)
62	- startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches	62	- startx2017 (https://github.com/startx2017)
63	maintainer)	63	maintainer)
64	- Topi Miettinen (https://github.com/topimiettinen)	64	- Topi Miettinen (https://github.com/topimiettinen)
65	- veloute (https://github.com/veloute)	65	- veloute (https://github.com/veloute)


diff --git a/RELNOTES b/RELNOTES index 02d9259a9..0ffd40049 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -1,5 +1,6 @@
1	firejail (0.9.73) baseline; urgency=low	1	firejail (0.9.73) baseline; urgency=low
2	* work in progress	2	* work in progress
		3	* removed LTS and FIRETUNNEL support
3	* feature: Add "keep-shell-rc" command and option (#1127 #5634)	4	* feature: Add "keep-shell-rc" command and option (#1127 #5634)
4	* feature: Print the argument when failing with "too long arguments" (#5677)	5	* feature: Print the argument when failing with "too long arguments" (#5677)
5	* feature: a random hostname is assigned to each sandbox unless	6	* feature: a random hostname is assigned to each sandbox unless


diff --git a/config.mk.in b/config.mk.in index d50c7d2f5..958efdb34 100644 --- a/config.mk.in +++ b/config.mk.in
@@ -34,12 +34,10 @@ HAVE_APPARMOR=@HAVE_APPARMOR@
34	HAVE_CHROOT=@HAVE_CHROOT@	34	HAVE_CHROOT=@HAVE_CHROOT@
35	HAVE_DBUSPROXY=@HAVE_DBUSPROXY@	35	HAVE_DBUSPROXY=@HAVE_DBUSPROXY@
36	HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@	36	HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@
37	HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@
38	HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@	37	HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@
39	HAVE_GLOBALCFG=@HAVE_GLOBALCFG@	38	HAVE_GLOBALCFG=@HAVE_GLOBALCFG@
40	HAVE_IDS=@HAVE_IDS@	39	HAVE_IDS=@HAVE_IDS@
41	HAVE_LANDLOCK=@HAVE_LANDLOCK@	40	HAVE_LANDLOCK=@HAVE_LANDLOCK@
42	HAVE_LTS=@HAVE_LTS@
43	HAVE_NETWORK=@HAVE_NETWORK@	41	HAVE_NETWORK=@HAVE_NETWORK@
44	HAVE_ONLY_SYSCFG_PROFILES=@HAVE_ONLY_SYSCFG_PROFILES@	42	HAVE_ONLY_SYSCFG_PROFILES=@HAVE_ONLY_SYSCFG_PROFILES@
45	HAVE_OUTPUT=@HAVE_OUTPUT@	43	HAVE_OUTPUT=@HAVE_OUTPUT@
@@ -57,12 +55,10 @@ MANFLAGS = \
57	$(HAVE_CHROOT) \	55	$(HAVE_CHROOT) \
58	$(HAVE_DBUSPROXY) \	56	$(HAVE_DBUSPROXY) \
59	$(HAVE_FILE_TRANSFER) \	57	$(HAVE_FILE_TRANSFER) \
60	$(HAVE_FIRETUNNEL) \
61	$(HAVE_FORCE_NONEWPRIVS) \	58	$(HAVE_FORCE_NONEWPRIVS) \
62	$(HAVE_GLOBALCFG) \	59	$(HAVE_GLOBALCFG) \
63	$(HAVE_IDS) \	60	$(HAVE_IDS) \
64	$(HAVE_LANDLOCK) \	61	$(HAVE_LANDLOCK) \
65	$(HAVE_LTS) \
66	$(HAVE_NETWORK) \	62	$(HAVE_NETWORK) \
67	$(HAVE_ONLY_SYSCFG_PROFILES) \	63	$(HAVE_ONLY_SYSCFG_PROFILES) \
68	$(HAVE_OUTPUT) \	64	$(HAVE_OUTPUT) \


diff --git a/configure b/configure index 8c2d3b894..6bc68741e 100755 --- a/configure +++ b/configure
@@ -650,7 +650,6 @@ ac_includes_default="\
650	ac_header_c_list=	650	ac_header_c_list=
651	ac_subst_vars='LTLIBOBJS	651	ac_subst_vars='LTLIBOBJS
652	LIBOBJS	652	LIBOBJS
653	HAVE_LTS
654	HAVE_ONLY_SYSCFG_PROFILES	653	HAVE_ONLY_SYSCFG_PROFILES
655	HAVE_FORCE_NONEWPRIVS	654	HAVE_FORCE_NONEWPRIVS
656	HAVE_CONTRIB_INSTALL	655	HAVE_CONTRIB_INSTALL
@@ -666,7 +665,6 @@ HAVE_GLOBALCFG
666	HAVE_CHROOT	665	HAVE_CHROOT
667	HAVE_PRIVATE_LIB	666	HAVE_PRIVATE_LIB
668	HAVE_PRIVATE_HOME	667	HAVE_PRIVATE_HOME
669	HAVE_FIRETUNNEL
670	HAVE_GAWK	668	HAVE_GAWK
671	HAVE_MAN	669	HAVE_MAN
672	HAVE_USERTMPFS	670	HAVE_USERTMPFS
@@ -743,7 +741,6 @@ enable_dbusproxy
743	enable_output	741	enable_output
744	enable_usertmpfs	742	enable_usertmpfs
745	enable_man	743	enable_man
746	enable_firetunnel
747	enable_private_home	744	enable_private_home
748	enable_private_lib	745	enable_private_lib
749	enable_chroot	746	enable_chroot
@@ -759,7 +756,6 @@ enable_gcov
759	enable_contrib_install	756	enable_contrib_install
760	enable_force_nonewprivs	757	enable_force_nonewprivs
761	enable_only_syscfg_profiles	758	enable_only_syscfg_profiles
762	enable_lts
763	'	759	'
764	ac_precious_vars='build_alias	760	ac_precious_vars='build_alias
765	host_alias	761	host_alias
@@ -1403,7 +1399,6 @@ Optional Features:
1403	--disable-output disable --output logging	1399	--disable-output disable --output logging
1404	--disable-usertmpfs disable tmpfs as regular user	1400	--disable-usertmpfs disable tmpfs as regular user
1405	--disable-man disable man pages	1401	--disable-man disable man pages
1406	--enable-firetunnel enable firetunnel
1407	--disable-private-home disable private home feature	1402	--disable-private-home disable private home feature
1408	--disable-private-lib disable private lib feature	1403	--disable-private-lib disable private lib feature
1409	--disable-chroot disable chroot	1404	--disable-chroot disable chroot
@@ -1424,7 +1419,6 @@ Optional Features:
1424	enable force nonewprivs	1419	enable force nonewprivs
1425	--enable-only-syscfg-profiles	1420	--enable-only-syscfg-profiles
1426	disable profiles in $HOME/.config/firejail	1421	disable profiles in $HOME/.config/firejail
1427	--enable-lts enable long-term support software version (LTS)
1428		1422
1429	Some influential environment variables:	1423	Some influential environment variables:
1430	CC C compiler command	1424	CC C compiler command
@@ -3913,21 +3907,6 @@ fi
3913		3907
3914	fi	3908	fi
3915		3909
3916	HAVE_FIRETUNNEL=""
3917
3918	# Check whether --enable-firetunnel was given.
3919	if test ${enable_firetunnel+y}
3920	then :
3921	enableval=$enable_firetunnel;
3922	fi
3923
3924	if test "x$enable_firetunnel" = "xyes"
3925	then :
3926
3927	HAVE_FIRETUNNEL="-DHAVE_FIRETUNNEL"
3928
3929	fi
3930
3931	HAVE_PRIVATE_HOME=""	3910	HAVE_PRIVATE_HOME=""
3932		3911
3933	# Check whether --enable-private-home was given.	3912	# Check whether --enable-private-home was given.
@@ -4155,39 +4134,6 @@ then :
4155		4134
4156	fi	4135	fi
4157		4136
4158	HAVE_LTS=""
4159
4160	# Check whether --enable-lts was given.
4161	if test ${enable_lts+y}
4162	then :
4163	enableval=$enable_lts;
4164	fi
4165
4166	if test "x$enable_lts" = "xyes"
4167	then :
4168
4169	HAVE_LTS="-DHAVE_LTS"
4170	HAVE_LANDLOCK=""
4171	HAVE_IDS=""
4172	HAVE_DBUSPROXY=""
4173	HAVE_OVERLAYFS=""
4174	HAVE_OUTPUT=""
4175	HAVE_USERTMPFS=""
4176	HAVE_MAN="-DHAVE_MAN"
4177	HAVE_FIRETUNNEL=""
4178	HAVE_PRIVATE_HOME=""
4179	HAVE_PRIVATE_LIB=""
4180	HAVE_CHROOT=""
4181	HAVE_GLOBALCFG=""
4182	HAVE_USERNS=""
4183	HAVE_X11=""
4184	HAVE_FILE_TRANSFER=""
4185	HAVE_SUID="-DHAVE_SUID"
4186	BUSYBOX_WORKAROUND="no"
4187	HAVE_CONTRIB_INSTALL="no"
4188
4189	fi
4190
4191	ac_fn_c_check_header_compile "$LINENO" "linux/seccomp.h" "ac_cv_header_linux_seccomp_h" "$ac_includes_default"	4137	ac_fn_c_check_header_compile "$LINENO" "linux/seccomp.h" "ac_cv_header_linux_seccomp_h" "$ac_includes_default"
4192	if test "x$ac_cv_header_linux_seccomp_h" = xyes	4138	if test "x$ac_cv_header_linux_seccomp_h" = xyes
4193	then :	4139	then :
@@ -5384,11 +5330,9 @@ Features:
5384	disable user profiles: $HAVE_ONLY_SYSCFG_PROFILES	5330	disable user profiles: $HAVE_ONLY_SYSCFG_PROFILES
5385	enable --output logging: $HAVE_OUTPUT	5331	enable --output logging: $HAVE_OUTPUT
5386	file transfer support: $HAVE_FILE_TRANSFER	5332	file transfer support: $HAVE_FILE_TRANSFER
5387	firetunnel support: $HAVE_FIRETUNNEL
5388	global config: $HAVE_GLOBALCFG	5333	global config: $HAVE_GLOBALCFG
5389	IDS support: $HAVE_IDS	5334	IDS support: $HAVE_IDS
5390	Landlock support: $HAVE_LANDLOCK	5335	Landlock support: $HAVE_LANDLOCK
5391	LTS: $HAVE_LTS
5392	manpage support: $HAVE_MAN	5336	manpage support: $HAVE_MAN
5393	network: $HAVE_NETWORK	5337	network: $HAVE_NETWORK
5394	overlayfs support: $HAVE_OVERLAYFS	5338	overlayfs support: $HAVE_OVERLAYFS
@@ -5400,13 +5344,3 @@ Features:
5400		5344
5401	EOF	5345	EOF
5402		5346
5403	if test "$HAVE_LTS" = -DHAVE_LTS; then
5404	cat <<\EOF
5405	*********************************************************
5406	* Warning: Long-term support (LTS) was enabled! *
5407	* Most compile-time options have been rewritten! *
5408	*********************************************************
5409
5410	EOF
5411	fi
5412


diff --git a/configure.ac b/configure.ac index bd80150ed..fc99820de 100644 --- a/configure.ac +++ b/configure.ac
@@ -137,14 +137,6 @@ AS_IF([test "x$enable_man" != "xno"], [
137	AS_IF([test "x$HAVE_GAWK" != "xyes"], [AC_MSG_ERROR([* gawk not found *])])	137	AS_IF([test "x$HAVE_GAWK" != "xyes"], [AC_MSG_ERROR([* gawk not found *])])
138	])	138	])
139		139
140	HAVE_FIRETUNNEL=""
141	AC_SUBST([HAVE_FIRETUNNEL])
142	AC_ARG_ENABLE([firetunnel],
143	[AS_HELP_STRING([--enable-firetunnel], [enable firetunnel])])
144	AS_IF([test "x$enable_firetunnel" = "xyes"], [
145	HAVE_FIRETUNNEL="-DHAVE_FIRETUNNEL"
146	])
147
148	HAVE_PRIVATE_HOME=""	140	HAVE_PRIVATE_HOME=""
149	AC_SUBST([HAVE_PRIVATE_HOME])	141	AC_SUBST([HAVE_PRIVATE_HOME])
150	AC_ARG_ENABLE([private-home],	142	AC_ARG_ENABLE([private-home],
@@ -268,32 +260,6 @@ AS_IF([test "x$enable_only_syscfg_profiles" = "xyes"], [
268	HAVE_ONLY_SYSCFG_PROFILES="-DHAVE_ONLY_SYSCFG_PROFILES"	260	HAVE_ONLY_SYSCFG_PROFILES="-DHAVE_ONLY_SYSCFG_PROFILES"
269	])	261	])
270		262
271	HAVE_LTS=""
272	AC_SUBST([HAVE_LTS])
273	AC_ARG_ENABLE([lts],
274	[AS_HELP_STRING([--enable-lts], [enable long-term support software version (LTS)])])
275	AS_IF([test "x$enable_lts" = "xyes"], [
276	HAVE_LTS="-DHAVE_LTS"
277	HAVE_LANDLOCK=""
278	HAVE_IDS=""
279	HAVE_DBUSPROXY=""
280	HAVE_OVERLAYFS=""
281	HAVE_OUTPUT=""
282	HAVE_USERTMPFS=""
283	HAVE_MAN="-DHAVE_MAN"
284	HAVE_FIRETUNNEL=""
285	HAVE_PRIVATE_HOME=""
286	HAVE_PRIVATE_LIB=""
287	HAVE_CHROOT=""
288	HAVE_GLOBALCFG=""
289	HAVE_USERNS=""
290	HAVE_X11=""
291	HAVE_FILE_TRANSFER=""
292	HAVE_SUID="-DHAVE_SUID"
293	BUSYBOX_WORKAROUND="no"
294	HAVE_CONTRIB_INSTALL="no"
295	])
296
297	AC_CHECK_HEADER([linux/seccomp.h], [],	263	AC_CHECK_HEADER([linux/seccomp.h], [],
298	[AC_MSG_ERROR([* SECCOMP support is not installed (/usr/include/linux/seccomp.h missing) *])])	264	[AC_MSG_ERROR([* SECCOMP support is not installed (/usr/include/linux/seccomp.h missing) *])])
299		265
@@ -332,11 +298,9 @@ Features:
332	disable user profiles: $HAVE_ONLY_SYSCFG_PROFILES	298	disable user profiles: $HAVE_ONLY_SYSCFG_PROFILES
333	enable --output logging: $HAVE_OUTPUT	299	enable --output logging: $HAVE_OUTPUT
334	file transfer support: $HAVE_FILE_TRANSFER	300	file transfer support: $HAVE_FILE_TRANSFER
335	firetunnel support: $HAVE_FIRETUNNEL
336	global config: $HAVE_GLOBALCFG	301	global config: $HAVE_GLOBALCFG
337	IDS support: $HAVE_IDS	302	IDS support: $HAVE_IDS
338	Landlock support: $HAVE_LANDLOCK	303	Landlock support: $HAVE_LANDLOCK
339	LTS: $HAVE_LTS
340	manpage support: $HAVE_MAN	304	manpage support: $HAVE_MAN
341	network: $HAVE_NETWORK	305	network: $HAVE_NETWORK
342	overlayfs support: $HAVE_OVERLAYFS	306	overlayfs support: $HAVE_OVERLAYFS
@@ -347,13 +311,3 @@ Features:
347	X11 sandboxing support: $HAVE_X11	311	X11 sandboxing support: $HAVE_X11
348		312
349	EOF	313	EOF
350
351	if test "$HAVE_LTS" = -DHAVE_LTS; then
352	cat <<\EOF
353	*********************************************************
354	* Warning: Long-term support (LTS) was enabled! *
355	* Most compile-time options have been rewritten! *
356	*********************************************************
357
358	EOF
359	fi


diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 7792c6541..3283fae13 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c
@@ -349,13 +349,6 @@ static const char *const compiletime_support =
349	"disabled"	349	"disabled"
350	#endif	350	#endif
351		351
352	"\n\t- firetunnel support is "
353	#ifdef HAVE_FIRETUNNEL
354	"enabled"
355	#else
356	"disabled"
357	#endif
358
359	"\n\t- IDS support is "	352	"\n\t- IDS support is "
360	#ifdef HAVE_IDS	353	#ifdef HAVE_IDS
361	"enabled"	354	"enabled"


diff --git a/src/firejail/main.c b/src/firejail/main.c index aaa7c8a2f..76bfcede8 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -1827,33 +1827,6 @@ int main(int argc, char argv, char envp) {
1827	exit_err_feature("overlayfs");	1827	exit_err_feature("overlayfs");
1828	}	1828	}
1829	#endif	1829	#endif
1830	#ifdef HAVE_FIRETUNNEL
1831	else if (strcmp(argv[i], "--tunnel") == 0) {
1832	// try to connect to the default client side of the tunnel
1833	// if this fails, try the default server side of the tunnel
1834	if (access("/run/firetunnel/ftc", R_OK) == 0)
1835	profile_read("/run/firetunnel/ftc");
1836	else if (access("/run/firetunnel/fts", R_OK) == 0)
1837	profile_read("/run/firetunnel/fts");
1838	else {
1839	fprintf(stderr, "Error: no default firetunnel found, please specify it using --tunnel=devname option\n");
1840	exit(1);
1841	}
1842	}
1843	else if (strncmp(argv[i], "--tunnel=", 9) == 0) {
1844	char *fname;
1845
1846	if (asprintf(&fname, "/run/firetunnel/%s", argv[i] + 9) == -1)
1847	errExit("asprintf");
1848	invalid_filename(fname, 0); // no globbing
1849	if (access(fname, R_OK) == 0)
1850	profile_read(fname);
1851	else {
1852	fprintf(stderr, "Error: tunnel not found\n");
1853	exit(1);
1854	}
1855	}
1856	#endif
1857	else if (strncmp(argv[i], "--include=", 10) == 0) {	1830	else if (strncmp(argv[i], "--include=", 10) == 0) {
1858	char *ppath = expand_macros(argv[i] + 10);	1831	char *ppath = expand_macros(argv[i] + 10);
1859	if (!ppath)	1832	if (!ppath)


diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in index 9761edb76..ccc9a50a5 100644 --- a/src/man/firejail.1.in +++ b/src/man/firejail.1.in
@@ -42,15 +42,6 @@ Miscellaneous:
42	firejail {\-? \| \-\-debug-caps \| \-\-debug-errnos \| \-\-debug-syscalls \| \-\-debug-syscalls32 \| \-\-debug-protocols \| \-\-help \| \-\-version}	42	firejail {\-? \| \-\-debug-caps \| \-\-debug-errnos \| \-\-debug-syscalls \| \-\-debug-syscalls32 \| \-\-debug-protocols \| \-\-help \| \-\-version}
43	.RE	43	.RE
44	.SH DESCRIPTION	44	.SH DESCRIPTION
45	#ifdef HAVE_LTS
46	This is Firejail long-term support (LTS), an enterprise focused version of the software,
47	LTS is usually supported for two or three years.
48	During this time only bugs and the occasional documentation problems are fixed.
49	The attack surface of the SUID executable was greatly reduced by removing some of the features.
50	.br
51
52	.br
53	#endif
54	Firejail is a SUID sandbox program that reduces the risk of security breaches by	45	Firejail is a SUID sandbox program that reduces the risk of security breaches by
55	restricting the running environment of untrusted applications using Linux	46	restricting the running environment of untrusted applications using Linux
56	namespaces, seccomp-bpf and Linux capabilities.	47	namespaces, seccomp-bpf and Linux capabilities.
@@ -3043,28 +3034,6 @@ $ firejail \-\-tree
3043	.br	3034	.br
3044	11970:netblue:transmission-gtk	3035	11970:netblue:transmission-gtk
3045		3036
3046	#ifdef HAVE_FIRETUNNEL
3047	.TP
3048	\fB\-\-tunnel[=devname]
3049	Connect the sandbox to a network overlay/VPN tunnel created by firetunnel utility. This options
3050	tries first the client side of the tunnel. If this fails, it tries the server side. If multiple tunnels are active,
3051	please specify the tunnel device using \-\-tunnel=devname.
3052	.br
3053
3054	.br
3055	The available tunnel devices are listed in /etc/firetunnel directory, one file for each device.
3056	The files are regular firejail profile files containing the network configuration,
3057	and are created and managed by firetunnel utility.
3058	By default ftc is the client-side device and fts is the server-side device. For more information
3059	please see man 1 firetunnel.
3060	.br
3061
3062	.br
3063	Example:
3064	.br
3065	$ firejail --tunnel firefox
3066	.br
3067	#endif
3068	.TP	3037	.TP
3069	\fB\-\-version	3038	\fB\-\-version
3070	Print program version/compile time support and exit.	3039	Print program version/compile time support and exit.


diff --git a/src/zsh_completion/_firejail.in b/src/zsh_completion/_firejail.in index bea5df2be..c4056b902 100644 --- a/src/zsh_completion/_firejail.in +++ b/src/zsh_completion/_firejail.in
@@ -213,10 +213,6 @@ _firejail_args=(
213	'--ls=-[list files in sandbox container name\|pid]: :_all_firejails'	213	'--ls=-[list files in sandbox container name\|pid]: :_all_firejails'
214	#endif	214	#endif
215		215
216	#ifdef HAVE_FIRETUNNEL
217	'--tunnel=-[connect the sandbox to a tunnel created by firetunnel utility]: :'
218	#endif
219
220	#ifdef HAVE_NETWORK	216	#ifdef HAVE_NETWORK
221	'--bandwidth=-[set bandwidth limits name\|pid]: :_all_firejails'	217	'--bandwidth=-[set bandwidth limits name\|pid]: :_all_firejails'
222	'--defaultgw=[configure default gateway]: :'	218	'--defaultgw=[configure default gateway]: :'