diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2017-08-19 23:22:38 +0300 |
---|---|---|
committer | Topi Miettinen <toiwoton@gmail.com> | 2017-08-19 23:33:11 +0300 |
commit | d01216de45884300c87e7d3ccb70e53ebb461449 (patch) | |
tree | 480519f5849df4c6048a7f62ec97f96e51174c3e /Makefile.in | |
parent | Merge update after #1483 (diff) | |
download | firejail-d01216de45884300c87e7d3ccb70e53ebb461449.tar.gz firejail-d01216de45884300c87e7d3ccb70e53ebb461449.tar.zst firejail-d01216de45884300c87e7d3ccb70e53ebb461449.zip |
Feature: switch/config option to block secondary architectures
Add a feature for a new (opt-in) command line switch and config file
option to block secondary architectures entirely. Also block changing
Linux execution domain with personality() system call for the primary
architecture.
Closes #1479
Diffstat (limited to 'Makefile.in')
-rw-r--r-- | Makefile.in | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/Makefile.in b/Makefile.in index af30d860e..442766e27 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -2,7 +2,7 @@ all: apps man filters | |||
2 | MYLIBS = src/lib | 2 | MYLIBS = src/lib |
3 | APPS = src/firejail src/firemon src/firecfg src/libtrace src/libtracelog src/ftee src/faudit src/fnet src/fseccomp src/fcopy src/fldd src/libpostexecseccomp | 3 | APPS = src/firejail src/firemon src/firecfg src/libtrace src/libtracelog src/ftee src/faudit src/fnet src/fseccomp src/fcopy src/fldd src/libpostexecseccomp |
4 | MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 | 4 | MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 |
5 | SECCOMP_FILTERS = seccomp seccomp.i386 seccomp.amd64 | 5 | SECCOMP_FILTERS = seccomp seccomp.debug seccomp.i386 seccomp.amd64 seccomp.block_secondary seccomp.mwdx |
6 | 6 | ||
7 | prefix=@prefix@ | 7 | prefix=@prefix@ |
8 | exec_prefix=@exec_prefix@ | 8 | exec_prefix=@exec_prefix@ |
@@ -45,6 +45,7 @@ ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP) | |||
45 | src/fseccomp/fseccomp default seccomp.debug allow-debuggers | 45 | src/fseccomp/fseccomp default seccomp.debug allow-debuggers |
46 | src/fseccomp/fseccomp secondary 32 seccomp.i386 | 46 | src/fseccomp/fseccomp secondary 32 seccomp.i386 |
47 | src/fseccomp/fseccomp secondary 64 seccomp.amd64 | 47 | src/fseccomp/fseccomp secondary 64 seccomp.amd64 |
48 | src/fseccomp/fseccomp secondary block seccomp.block_secondary | ||
48 | src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx | 49 | src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx |
49 | endif | 50 | endif |
50 | 51 | ||
@@ -53,7 +54,7 @@ clean: | |||
53 | $(MAKE) -C $$dir clean; \ | 54 | $(MAKE) -C $$dir clean; \ |
54 | done | 55 | done |
55 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm | 56 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm |
56 | rm -f seccomp seccomp.debug seccomp.i386 seccomp.amd64 seccomp.mdwx | 57 | rm -f $(SECCOMP_FILTERS) |
57 | rm -f test/utils/index.html* | 58 | rm -f test/utils/index.html* |
58 | rm -f test/utils/wget-log | 59 | rm -f test/utils/wget-log |
59 | rm -f test/utils/lstesting | 60 | rm -f test/utils/lstesting |
@@ -104,6 +105,7 @@ ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP) | |||
104 | install -c -m 0644 seccomp.debug $(DESTDIR)/$(libdir)/firejail/. | 105 | install -c -m 0644 seccomp.debug $(DESTDIR)/$(libdir)/firejail/. |
105 | install -c -m 0644 seccomp.i386 $(DESTDIR)/$(libdir)/firejail/. | 106 | install -c -m 0644 seccomp.i386 $(DESTDIR)/$(libdir)/firejail/. |
106 | install -c -m 0644 seccomp.amd64 $(DESTDIR)/$(libdir)/firejail/. | 107 | install -c -m 0644 seccomp.amd64 $(DESTDIR)/$(libdir)/firejail/. |
108 | install -c -m 0644 seccomp.block_secondary $(DESTDIR)/$(libdir)/firejail/. | ||
107 | install -c -m 0644 seccomp.mdwx $(DESTDIR)/$(libdir)/firejail/. | 109 | install -c -m 0644 seccomp.mdwx $(DESTDIR)/$(libdir)/firejail/. |
108 | endif | 110 | endif |
109 | ifeq ($(HAVE_CONTRIB_INSTALL),yes) | 111 | ifeq ($(HAVE_CONTRIB_INSTALL),yes) |