diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-03-12 11:16:34 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-03-12 11:16:34 -0500 |
| commit | ff097d8113d9c0caf27ad3c86ebf54823c9151dc (patch) | |
| tree | df593ce04e98125a8771192eb9ac9a9e87a413e9 | |
| parent | compile test (diff) | |
| download | firejail-ff097d8113d9c0caf27ad3c86ebf54823c9151dc.tar.gz firejail-ff097d8113d9c0caf27ad3c86ebf54823c9151dc.tar.zst firejail-ff097d8113d9c0caf27ad3c86ebf54823c9151dc.zip | |
added firejail.config
| -rw-r--r-- | Makefile.in | 1 | ||||
| -rwxr-xr-x | configure | 4 | ||||
| -rw-r--r-- | configure.ac | 4 | ||||
| -rw-r--r-- | etc/firejail.config | 30 |
4 files changed, 35 insertions, 4 deletions
diff --git a/Makefile.in b/Makefile.in index e60fde529..1a22700e8 100644 --- a/Makefile.in +++ b/Makefile.in | |||
| @@ -147,6 +147,7 @@ realinstall: | |||
| 147 | install -c -m 0644 .etc/vivaldi-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 147 | install -c -m 0644 .etc/vivaldi-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
| 148 | install -c -m 0644 .etc/atril.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 148 | install -c -m 0644 .etc/atril.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
| 149 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 149 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
| 150 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | ||
| 150 | rm -fr .etc | 151 | rm -fr .etc |
| 151 | # man pages | 152 | # man pages |
| 152 | rm -f firejail.1.gz | 153 | rm -f firejail.1.gz |
| @@ -1322,7 +1322,7 @@ Optional Features: | |||
| 1322 | --enable-network=restricted | 1322 | --enable-network=restricted |
| 1323 | restrict --net= to root only | 1323 | restrict --net= to root only |
| 1324 | --disable-userns disable user namespace | 1324 | --disable-userns disable user namespace |
| 1325 | --disable-x11 disable X11 support | 1325 | --disable-x11 disable X11 sandboxing support |
| 1326 | --disable-file-transfer disable file transfer | 1326 | --disable-file-transfer disable file transfer |
| 1327 | --enable-fatal-warnings -W -Wall -Werror | 1327 | --enable-fatal-warnings -W -Wall -Werror |
| 1328 | 1328 | ||
| @@ -4821,7 +4821,7 @@ echo " chroot: $HAVE_CHROOT" | |||
| 4821 | echo " bind: $HAVE_BIND" | 4821 | echo " bind: $HAVE_BIND" |
| 4822 | echo " network: $HAVE_NETWORK" | 4822 | echo " network: $HAVE_NETWORK" |
| 4823 | echo " user namespace: $HAVE_USERNS" | 4823 | echo " user namespace: $HAVE_USERNS" |
| 4824 | echo " X11 support: $HAVE_X11" | 4824 | echo " X11 sandboxing support: $HAVE_X11" |
| 4825 | echo " file transfer support: $HAVE_FILE_TRANSFER" | 4825 | echo " file transfer support: $HAVE_FILE_TRANSFER" |
| 4826 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" | 4826 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" |
| 4827 | echo | 4827 | echo |
diff --git a/configure.ac b/configure.ac index 71e3eb410..c59f5a28b 100644 --- a/configure.ac +++ b/configure.ac | |||
| @@ -56,7 +56,7 @@ AS_IF([test "x$enable_userns" != "xno"], [ | |||
| 56 | 56 | ||
| 57 | HAVE_X11="" | 57 | HAVE_X11="" |
| 58 | AC_ARG_ENABLE([x11], | 58 | AC_ARG_ENABLE([x11], |
| 59 | AS_HELP_STRING([--disable-x11], [disable X11 support])) | 59 | AS_HELP_STRING([--disable-x11], [disable X11 sandboxing support])) |
| 60 | AS_IF([test "x$enable_x11" != "xno"], [ | 60 | AS_IF([test "x$enable_x11" != "xno"], [ |
| 61 | HAVE_X11="-DHAVE_X11" | 61 | HAVE_X11="-DHAVE_X11" |
| 62 | AC_SUBST(HAVE_X11) | 62 | AC_SUBST(HAVE_X11) |
| @@ -102,7 +102,7 @@ echo " chroot: $HAVE_CHROOT" | |||
| 102 | echo " bind: $HAVE_BIND" | 102 | echo " bind: $HAVE_BIND" |
| 103 | echo " network: $HAVE_NETWORK" | 103 | echo " network: $HAVE_NETWORK" |
| 104 | echo " user namespace: $HAVE_USERNS" | 104 | echo " user namespace: $HAVE_USERNS" |
| 105 | echo " X11 support: $HAVE_X11" | 105 | echo " X11 sandboxing support: $HAVE_X11" |
| 106 | echo " file transfer support: $HAVE_FILE_TRANSFER" | 106 | echo " file transfer support: $HAVE_FILE_TRANSFER" |
| 107 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" | 107 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" |
| 108 | echo | 108 | echo |
diff --git a/etc/firejail.config b/etc/firejail.config new file mode 100644 index 000000000..19525c942 --- /dev/null +++ b/etc/firejail.config | |||
| @@ -0,0 +1,30 @@ | |||
| 1 | # This is Firejail system-wide configuration file, see firejail-config(5) for | ||
| 2 | # more information. The file contains keyword-argument pairs, one per line. | ||
| 3 | # Most features are enabled by default. Use 'yes' or 'no' as configuration | ||
| 4 | # values. | ||
| 5 | |||
| 6 | # Enable or disable seccomp support, default enabled. | ||
| 7 | # seccomp yes | ||
| 8 | |||
| 9 | # Enable or disable chroot support, default enabled. | ||
| 10 | # chroot yes | ||
| 11 | |||
| 12 | # Enable or disable bind support, default enabled. | ||
| 13 | # bind yes | ||
| 14 | |||
| 15 | # Enable or disable networking features, default enabled. | ||
| 16 | # network yes | ||
| 17 | |||
| 18 | # Enable or disable restricted network support, default disabled. If enabled, | ||
| 19 | # networking features (network yes) above should also be enabled. | ||
| 20 | # restricted-network no | ||
| 21 | |||
| 22 | # Enable or disable user namespace support, default enabled. | ||
| 23 | # userns yes | ||
| 24 | |||
| 25 | # Enable or disable X11 sandboxing support, default enabled. | ||
| 26 | # x11 yes | ||
| 27 | |||
| 28 | # Enable or disable file transfer support, default enabled. | ||
| 29 | # file-transfer yes | ||
| 30 | |||