diff options
| author |  Topi Miettinen <toiwoton@gmail.com> | 2017-08-19 23:22:38 +0300 |
|---|---|---|
| committer | Topi Miettinen <toiwoton@gmail.com> | 2017-08-19 23:33:11 +0300 |
| commit | d01216de45884300c87e7d3ccb70e53ebb461449 (patch) | |
| tree | 480519f5849df4c6048a7f62ec97f96e51174c3e /Makefile.in | |
| parent | Merge update after #1483 (diff) | |
| download | firejail-d01216de45884300c87e7d3ccb70e53ebb461449.tar.gz firejail-d01216de45884300c87e7d3ccb70e53ebb461449.tar.zst firejail-d01216de45884300c87e7d3ccb70e53ebb461449.zip | |
Feature: switch/config option to block secondary architectures
Add a feature for a new (opt-in) command line switch and config file
option to block secondary architectures entirely. Also block changing
Linux execution domain with personality() system call for the primary
architecture.
Closes #1479
Diffstat (limited to 'Makefile.in')
| -rw-r--r-- | Makefile.in | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/Makefile.in b/Makefile.in index af30d860e..442766e27 100644 --- a/Makefile.in +++ b/Makefile.in | |||
| @@ -2,7 +2,7 @@ all: apps man filters | |||
| 2 | MYLIBS = src/lib | 2 | MYLIBS = src/lib |
| 3 | APPS = src/firejail src/firemon src/firecfg src/libtrace src/libtracelog src/ftee src/faudit src/fnet src/fseccomp src/fcopy src/fldd src/libpostexecseccomp | 3 | APPS = src/firejail src/firemon src/firecfg src/libtrace src/libtracelog src/ftee src/faudit src/fnet src/fseccomp src/fcopy src/fldd src/libpostexecseccomp |
| 4 | MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 | 4 | MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 |
| 5 | SECCOMP_FILTERS = seccomp seccomp.i386 seccomp.amd64 | 5 | SECCOMP_FILTERS = seccomp seccomp.debug seccomp.i386 seccomp.amd64 seccomp.block_secondary seccomp.mwdx |
| 6 | 6 | ||
| 7 | prefix=@prefix@ | 7 | prefix=@prefix@ |
| 8 | exec_prefix=@exec_prefix@ | 8 | exec_prefix=@exec_prefix@ |
| @@ -45,6 +45,7 @@ ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP) | |||
| 45 | src/fseccomp/fseccomp default seccomp.debug allow-debuggers | 45 | src/fseccomp/fseccomp default seccomp.debug allow-debuggers |
| 46 | src/fseccomp/fseccomp secondary 32 seccomp.i386 | 46 | src/fseccomp/fseccomp secondary 32 seccomp.i386 |
| 47 | src/fseccomp/fseccomp secondary 64 seccomp.amd64 | 47 | src/fseccomp/fseccomp secondary 64 seccomp.amd64 |
| 48 | src/fseccomp/fseccomp secondary block seccomp.block_secondary | ||
| 48 | src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx | 49 | src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx |
| 49 | endif | 50 | endif |
| 50 | 51 | ||
| @@ -53,7 +54,7 @@ clean: | |||
| 53 | $(MAKE) -C $$dir clean; \ | 54 | $(MAKE) -C $$dir clean; \ |
| 54 | done | 55 | done |
| 55 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm | 56 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm |
| 56 | rm -f seccomp seccomp.debug seccomp.i386 seccomp.amd64 seccomp.mdwx | 57 | rm -f $(SECCOMP_FILTERS) |
| 57 | rm -f test/utils/index.html* | 58 | rm -f test/utils/index.html* |
| 58 | rm -f test/utils/wget-log | 59 | rm -f test/utils/wget-log |
| 59 | rm -f test/utils/lstesting | 60 | rm -f test/utils/lstesting |
| @@ -104,6 +105,7 @@ ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP) | |||
| 104 | install -c -m 0644 seccomp.debug $(DESTDIR)/$(libdir)/firejail/. | 105 | install -c -m 0644 seccomp.debug $(DESTDIR)/$(libdir)/firejail/. |
| 105 | install -c -m 0644 seccomp.i386 $(DESTDIR)/$(libdir)/firejail/. | 106 | install -c -m 0644 seccomp.i386 $(DESTDIR)/$(libdir)/firejail/. |
| 106 | install -c -m 0644 seccomp.amd64 $(DESTDIR)/$(libdir)/firejail/. | 107 | install -c -m 0644 seccomp.amd64 $(DESTDIR)/$(libdir)/firejail/. |
| 108 | install -c -m 0644 seccomp.block_secondary $(DESTDIR)/$(libdir)/firejail/. | ||
| 107 | install -c -m 0644 seccomp.mdwx $(DESTDIR)/$(libdir)/firejail/. | 109 | install -c -m 0644 seccomp.mdwx $(DESTDIR)/$(libdir)/firejail/. |
| 108 | endif | 110 | endif |
| 109 | ifeq ($(HAVE_CONTRIB_INSTALL),yes) | 111 | ifeq ($(HAVE_CONTRIB_INSTALL),yes) |