diff options
| author |  rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-03-01 12:40:02 +0100 |
|---|---|---|
| committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-03-01 12:40:02 +0100 |
| commit | b02d8f91c7fa2ba7c0e0b8a255952d4c8c86fc5e (patch) | |
| tree | e50efc1e1dcb77e7b250fab9b0a50ca4b2082acf /src/common.mk.in | |
| parent | fixes (diff) | |
| download | firejail-b02d8f91c7fa2ba7c0e0b8a255952d4c8c86fc5e.tar.gz firejail-b02d8f91c7fa2ba7c0e0b8a255952d4c8c86fc5e.tar.zst firejail-b02d8f91c7fa2ba7c0e0b8a255952d4c8c86fc5e.zip | |
Add ./configure --enable-force-nonewprivs
This will always set 'nonewprivs', 'caps.drop all' and 'nogroups'.
Diffstat (limited to 'src/common.mk.in')
| -rw-r--r-- | src/common.mk.in | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/common.mk.in b/src/common.mk.in index eae4138c0..a3df4abb6 100644 --- a/src/common.mk.in +++ b/src/common.mk.in | |||
| @@ -27,6 +27,7 @@ HAVE_DBUSPROXY=@HAVE_DBUSPROXY@ | |||
| 27 | HAVE_USERTMPFS=@HAVE_USERTMPFS@ | 27 | HAVE_USERTMPFS=@HAVE_USERTMPFS@ |
| 28 | HAVE_OUTPUT=@HAVE_OUTPUT@ | 28 | HAVE_OUTPUT=@HAVE_OUTPUT@ |
| 29 | HAVE_LTS=@HAVE_LTS@ | 29 | HAVE_LTS=@HAVE_LTS@ |
| 30 | HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@ | ||
| 30 | 31 | ||
| 31 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 32 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
| 32 | C_FILE_LIST = $(sort $(wildcard *.c)) | 33 | C_FILE_LIST = $(sort $(wildcard *.c)) |
| @@ -36,7 +37,7 @@ BINOBJS = $(foreach file, $(OBJS), $file) | |||
| 36 | CFLAGS = @CFLAGS@ | 37 | CFLAGS = @CFLAGS@ |
| 37 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | 38 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) |
| 38 | CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' | 39 | CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' |
| 39 | MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) | 40 | MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) $(HAVE_FORCE_NONEWPRIVS) |
| 40 | CFLAGS += $(MANFLAGS) | 41 | CFLAGS += $(MANFLAGS) |
| 41 | CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security | 42 | CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security |
| 42 | LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread | 43 | LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread |