diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-07-13 00:27:09 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-07-13 07:26:42 -0300 |
commit | 80eb28483fd6935709fab71b5c9a83f2ec660b45 (patch) | |
tree | 4ba2125bc94f2a53515cb64e5cd3520a6bb952ca /Makefile | |
parent | Merge branch 'master' of ssh://github.com/netblue30/firejail (diff) | |
download | firejail-80eb28483fd6935709fab71b5c9a83f2ec660b45.tar.gz firejail-80eb28483fd6935709fab71b5c9a83f2ec660b45.tar.zst firejail-80eb28483fd6935709fab71b5c9a83f2ec660b45.zip |
build: restore seccomp filter targets
This partially reverts commit 2b34747db ("generate seccomp filters at
install time", 2023-07-07). See also commit 6fa19aab9 ("feature: use
seccomp filters build at install time for --restrict-namespaces",
2023-07-12).
The seccomp filters were always being built because
src/fseccomp/fseccomp (and other programs) are in `$(ALL_ITEMS)`, which
is incorrectly marked as phony. This commit fixes that and restores the
previous target logic, for consistency with the other targets and so
that the seccomp filters are made at build time rather than at install
time.
Diffstat (limited to 'Makefile')
-rw-r--r-- | Makefile | 26 |
1 files changed, 19 insertions, 7 deletions
@@ -37,13 +37,13 @@ SYNTAX_FILES := $(SYNTAX_FILES_IN:.in=) | |||
37 | ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS) | 37 | ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS) |
38 | 38 | ||
39 | .PHONY: all | 39 | .PHONY: all |
40 | all: all_items mydirs $(CONTRIB_TARGET) | 40 | all: all_items mydirs filters $(CONTRIB_TARGET) |
41 | 41 | ||
42 | config.mk config.sh: | 42 | config.mk config.sh: |
43 | @printf 'error: run ./configure to generate %s\n' "$@" >&2 | 43 | @printf 'error: run ./configure to generate %s\n' "$@" >&2 |
44 | @false | 44 | @false |
45 | 45 | ||
46 | .PHONY: all_items $(ALL_ITEMS) | 46 | .PHONY: all_items |
47 | all_items: $(ALL_ITEMS) | 47 | all_items: $(ALL_ITEMS) |
48 | $(ALL_ITEMS): $(MYDIRS) | 48 | $(ALL_ITEMS): $(MYDIRS) |
49 | $(MAKE) -C $(dir $@) | 49 | $(MAKE) -C $(dir $@) |
@@ -53,21 +53,34 @@ mydirs: $(MYDIRS) | |||
53 | $(MYDIRS): | 53 | $(MYDIRS): |
54 | $(MAKE) -C $@ | 54 | $(MAKE) -C $@ |
55 | 55 | ||
56 | define build_filters | 56 | .PHONY: filters |
57 | filters: $(SECCOMP_FILTERS) | ||
58 | seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
57 | src/fseccomp/fseccomp default seccomp | 59 | src/fseccomp/fseccomp default seccomp |
58 | src/fsec-optimize/fsec-optimize seccomp | 60 | src/fsec-optimize/fsec-optimize seccomp |
61 | |||
62 | seccomp.debug: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
59 | src/fseccomp/fseccomp default seccomp.debug allow-debuggers | 63 | src/fseccomp/fseccomp default seccomp.debug allow-debuggers |
60 | src/fsec-optimize/fsec-optimize seccomp.debug | 64 | src/fsec-optimize/fsec-optimize seccomp.debug |
65 | |||
66 | seccomp.32: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
61 | src/fseccomp/fseccomp secondary 32 seccomp.32 | 67 | src/fseccomp/fseccomp secondary 32 seccomp.32 |
62 | src/fsec-optimize/fsec-optimize seccomp.32 | 68 | src/fsec-optimize/fsec-optimize seccomp.32 |
69 | |||
70 | seccomp.block_secondary: src/fseccomp/fseccomp | ||
63 | src/fseccomp/fseccomp secondary block seccomp.block_secondary | 71 | src/fseccomp/fseccomp secondary block seccomp.block_secondary |
72 | |||
73 | seccomp.mdwx: src/fseccomp/fseccomp | ||
64 | src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx | 74 | src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx |
75 | |||
76 | seccomp.mdwx.32: src/fseccomp/fseccomp | ||
65 | src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32 | 77 | src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32 |
66 | src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts | ||
67 | src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts | ||
68 | endef | ||
69 | 78 | ||
79 | seccomp.namespaces: src/fseccomp/fseccomp | ||
80 | src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts | ||
70 | 81 | ||
82 | seccomp.namespaces.32: src/fseccomp/fseccomp | ||
83 | src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts | ||
71 | 84 | ||
72 | # Makes all targets in contrib/ | 85 | # Makes all targets in contrib/ |
73 | .PHONY: contrib | 86 | .PHONY: contrib |
@@ -180,7 +193,6 @@ endif | |||
180 | # libraries and plugins | 193 | # libraries and plugins |
181 | install -m 0755 -d $(DESTDIR)$(libdir)/firejail | 194 | install -m 0755 -d $(DESTDIR)$(libdir)/firejail |
182 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/firecfg/firejail-welcome.sh | 195 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/firecfg/firejail-welcome.sh |
183 | $(call build_filters) | ||
184 | install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS) | 196 | install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS) |
185 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS) | 197 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS) |
186 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/profstats/profstats | 198 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/profstats/profstats |