deprecated --git-install and --git-uninstall

author: netblue30 <netblue30@yahoo.com> 2018-04-04 07:41:17 -0400
committer: netblue30 <netblue30@yahoo.com> 2018-04-04 07:41:17 -0400
commit: 23d10c8fa0bc1dface09d71cc9d6475d53c42645 (patch)
tree: 5a5a3b39c1a64d956e31b295990b768795780974 /src
parent: Merge branch 'master' of http://github.com/netblue30/firejail (diff)
download: firejail-23d10c8fa0bc1dface09d71cc9d6475d53c42645.tar.gz
firejail-23d10c8fa0bc1dface09d71cc9d6475d53c42645.tar.zst
firejail-23d10c8fa0bc1dface09d71cc9d6475d53c42645.zip
6 files changed, 1 insertions, 147 deletions
diff --git a/src/common.mk.in b/src/common.mk.in
index 1d4dbe304..fd9f2e5a5 100644
--- a/src/common.mk.in
+++ b/src/common.mk.in
@@ -23,14 +23,13 @@ HAVE_APPARMOR=@HAVE_APPARMOR@
 HAVE_OVERLAYFS=@HAVE_OVERLAYFS@
 HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@
 HAVE_GCOV=@HAVE_GCOV@
-HAVE_GIT_INSTALL=@HAVE_GIT_INSTALL@
 H_FILE_LIST       = $(sort $(wildcard *.[h]))
 C_FILE_LIST       = $(sort $(wildcard *.c))
 OBJS = $(C_FILE_LIST:.c=.o)
 BINOBJS =  $(foreach file, $(OBJS), $file)
-CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"'  $(HAVE_GCOV) $(HAVE_GIT_INSTALL) -DPREFIX='"$(prefix)"'  -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
+CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"'  $(HAVE_GCOV) -DPREFIX='"$(prefix)"'  -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
 LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread
 EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@
 EXTRA_CFLAGS +=@EXTRA_CFLAGS@
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 20845270e..7b0ae30b6 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -450,14 +450,6 @@ void print_compiletime_support(void) {
 #endif
                );
-        printf("\t- git install support is %s\n",
-#ifdef HAVE_GIT_INSTALL
-                "enabled"
-#else
-                "disabled"
-#endif
-                );
        printf("\t- networking support is %s\n",
 #ifdef HAVE_NETWORK
                "enabled"
diff --git a/src/firejail/git.c b/src/firejail/git.c
deleted file mode 100644
index d6525aa89..000000000
--- a/src/firejail/git.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#ifdef HAVE_GIT_INSTALL
-#include "firejail.h"
-#include <sys/utsname.h>
-#include <sched.h>
-#include <sys/mount.h>
-// install a very simple mount namespace sandbox with a tmpfs on top of /tmp
-// and drop privileges
-static void sbox_ns(void) {
-        if (unshare(CLONE_NEWNS) < 0)
-                errExit("unshare");
-        // mount events are not forwarded between the host the sandbox
-        if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) {
-                errExit("mount");
-        }
-        // mount a tmpfs on top of /tmp
-        if (mount(NULL, "/tmp", "tmpfs", 0, NULL) < 0)
-                errExit("mount");
-        // drop privileges
-        if (setgid(getgid()) < 0)
-                errExit("setgid/getgid");
-        if (setuid(getuid()) < 0)
-                errExit("setuid/getuid");
-        assert(getenv("LD_PRELOAD") == NULL);
-        printf("Running as "); fflush(0);
-        int rv = system("whoami");
-        (void) rv;
-        printf("/tmp directory: "); fflush(0);
-        rv = system("ls -l /tmp");
-        (void) rv;
-}
-void git_install(void) {
-        // redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh"
-        EUID_ASSERT();
-        EUID_ROOT();
-        // install a mount namespace with a tmpfs on top of /tmp
-        sbox_ns();
-        // run command
-        const char *cmd = LIBDIR "/firejail/fgit-install.sh";
-        int rv = system(cmd);
-        (void) rv;
-        exit(0);
-}
-void git_uninstall(void) {
-        // redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh"
-        EUID_ASSERT();
-        EUID_ROOT();
-        // install a mount namespace with a tmpfs on top of /tmp
-        sbox_ns();
-        // run command
-        const char *cmd = LIBDIR "/firejail/fgit-uninstall.sh";
-        int rv = system(cmd);
-        (void) rv;
-        exit(0);
-}
-#endif // HAVE_GIT_INSTALL
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 0d53a24a8..f34d2eb79 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -890,15 +890,6 @@ int main(int argc, char **argv) {
                profile_add(cmd);
        }
-#ifdef HAVE_GIT_INSTALL
-        // process git-install and git-uninstall
-        if (check_arg(argc, argv, "--git-install", 1))
-                git_install(); // this function will not return
-        if (check_arg(argc, argv, "--git-uninstall", 1))
-                git_uninstall(); // this function will not return
-#endif
        // profile builder
        if (check_arg(argc, argv, "--build", 0)) // supports both --build and --build=filename
                run_builder(argc, argv); // this function will not return
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 542747efc..effbf3751 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -78,11 +78,6 @@ static char *usage_str =
        "    --env=name=value - set environment variable.\n"
        "    --fs.print=name|pid - print the filesystem log.\n"
        "    --get=name|pid filename - get a file from sandbox container.\n"
-#ifdef HAVE_GIT_INSTALL
-        "    --git-install - download, compile and install mainline git version\n"
-        "\tof Firejail.\n"
-        "    --git-uninstall - uninstall mainline git version of Firejail\n"
-#endif
        "    --help, -? - this help screen.\n"
        "    --hostname=name - set sandbox hostname.\n"
        "    --hosts-file=file - use file as /etc/hosts.\n"
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 85550e576..d89a763a9 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -493,39 +493,6 @@ $ firejail \-\-fs.print=3272
 \fB\-\-get=name|pid filename
 Get a file from sandbox container, see \fBFILE TRANSFER\fR section for more details.
-.TP
-\fB\-\-git-install
-Download, compile and install mainline git version of Firejail from the official repository on GitHub.
-The software is installed in /usr/local/bin, and takes precedence over the (old) version
-installed in /usr/bin. If for any reason the new version doesn't work, the user can uninstall it
-using \-\-git-uninstall command and revert to the old version.
-.br
-.br
-Prerequisites: git and compile support are required for this command to work. On Debian/Ubuntu
-systems this support is installed using "sudo apt-get install build-essential git".
-.br
-.br
-Example:
-.br
-.br
-$ firejail \-\-git-install
-.TP
-\fB\-\-git-uninstall
-Remove the Firejail version previously installed in /usr/local/bin using \-\-git-install command.
-.br
-.br
-Example:
-.br
-.br
-$ firejail \-\-git-uninstall
 .TP
 \fB\-?\fR, \fB\-\-help\fR
 Print options end exit.
author	netblue30 <netblue30@yahoo.com>	2018-04-04 07:41:17 -0400
committer	netblue30 <netblue30@yahoo.com>	2018-04-04 07:41:17 -0400
commit	23d10c8fa0bc1dface09d71cc9d6475d53c42645 (patch)
tree	5a5a3b39c1a64d956e31b295990b768795780974 /src
parent	Merge branch 'master' of http://github.com/netblue30/firejail (diff)
download	firejail-23d10c8fa0bc1dface09d71cc9d6475d53c42645.tar.gz firejail-23d10c8fa0bc1dface09d71cc9d6475d53c42645.tar.zst firejail-23d10c8fa0bc1dface09d71cc9d6475d53c42645.zip

diff --git a/src/common.mk.in b/src/common.mk.in index 1d4dbe304..fd9f2e5a5 100644 --- a/src/common.mk.in +++ b/src/common.mk.in
@@ -23,14 +23,13 @@ HAVE_APPARMOR=@HAVE_APPARMOR@
23	HAVE_OVERLAYFS=@HAVE_OVERLAYFS@	23	HAVE_OVERLAYFS=@HAVE_OVERLAYFS@
24	HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@	24	HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@
25	HAVE_GCOV=@HAVE_GCOV@	25	HAVE_GCOV=@HAVE_GCOV@
26	HAVE_GIT_INSTALL=@HAVE_GIT_INSTALL@
27		26
28	H_FILE_LIST = $(sort $(wildcard *.[h]))	27	H_FILE_LIST = $(sort $(wildcard *.[h]))
29	C_FILE_LIST = $(sort $(wildcard *.c))	28	C_FILE_LIST = $(sort $(wildcard *.c))
30	OBJS = $(C_FILE_LIST:.c=.o)	29	OBJS = $(C_FILE_LIST:.c=.o)
31	BINOBJS = $(foreach file, $(OBJS), $file)	30	BINOBJS = $(foreach file, $(OBJS), $file)
32		31
33	CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) $(HAVE_GIT_INSTALL) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security	32	CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
34	LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread	33	LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread
35	EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@	34	EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@
36	EXTRA_CFLAGS +=@EXTRA_CFLAGS@	35	EXTRA_CFLAGS +=@EXTRA_CFLAGS@


diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 20845270e..7b0ae30b6 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c
@@ -450,14 +450,6 @@ void print_compiletime_support(void) {
450	#endif	450	#endif
451	);	451	);
452		452
453	printf("\t- git install support is %s\n",
454	#ifdef HAVE_GIT_INSTALL
455	"enabled"
456	#else
457	"disabled"
458	#endif
459	);
460
461	printf("\t- networking support is %s\n",	453	printf("\t- networking support is %s\n",
462	#ifdef HAVE_NETWORK	454	#ifdef HAVE_NETWORK
463	"enabled"	455	"enabled"


diff --git a/src/firejail/git.c b/src/firejail/git.c deleted file mode 100644 index d6525aa89..000000000 --- a/src/firejail/git.c +++ /dev/null
@@ -1,90 +0,0 @@
1	/*
2	* Copyright (C) 2014-2018 Firejail Authors
3	*
4	* This file is part of firejail project
5	*
6	* This program is free software; you can redistribute it and/or modify
7	* it under the terms of the GNU General Public License as published by
8	* the Free Software Foundation; either version 2 of the License, or
9	* (at your option) any later version.
10	*
11	* This program is distributed in the hope that it will be useful,
12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU General Public License for more details.
15	*
16	* You should have received a copy of the GNU General Public License along
17	* with this program; if not, write to the Free Software Foundation, Inc.,
18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19	*/
20
21	#ifdef HAVE_GIT_INSTALL
22
23	#include "firejail.h"
24	#include <sys/utsname.h>
25	#include <sched.h>
26	#include <sys/mount.h>
27
28	// install a very simple mount namespace sandbox with a tmpfs on top of /tmp
29	// and drop privileges
30	static void sbox_ns(void) {
31	if (unshare(CLONE_NEWNS) < 0)
32	errExit("unshare");
33
34	// mount events are not forwarded between the host the sandbox
35	if (mount(NULL, "/", NULL, MS_SLAVE \| MS_REC, NULL) < 0) {
36	errExit("mount");
37	}
38
39	// mount a tmpfs on top of /tmp
40	if (mount(NULL, "/tmp", "tmpfs", 0, NULL) < 0)
41	errExit("mount");
42
43
44	// drop privileges
45	if (setgid(getgid()) < 0)
46	errExit("setgid/getgid");
47	if (setuid(getuid()) < 0)
48	errExit("setuid/getuid");
49	assert(getenv("LD_PRELOAD") == NULL);
50
51	printf("Running as "); fflush(0);
52	int rv = system("whoami");
53	(void) rv;
54	printf("/tmp directory: "); fflush(0);
55	rv = system("ls -l /tmp");
56	(void) rv;
57	}
58
59
60	void git_install(void) {
61	// redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh"
62	EUID_ASSERT();
63	EUID_ROOT();
64
65	// install a mount namespace with a tmpfs on top of /tmp
66	sbox_ns();
67
68	// run command
69	const char *cmd = LIBDIR "/firejail/fgit-install.sh";
70	int rv = system(cmd);
71	(void) rv;
72	exit(0);
73	}
74
75	void git_uninstall(void) {
76	// redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh"
77	EUID_ASSERT();
78	EUID_ROOT();
79
80	// install a mount namespace with a tmpfs on top of /tmp
81	sbox_ns();
82
83	// run command
84	const char *cmd = LIBDIR "/firejail/fgit-uninstall.sh";
85	int rv = system(cmd);
86	(void) rv;
87	exit(0);
88	}
89
90	#endif // HAVE_GIT_INSTALL


diff --git a/src/firejail/main.c b/src/firejail/main.c index 0d53a24a8..f34d2eb79 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -890,15 +890,6 @@ int main(int argc, char **argv) {
890	profile_add(cmd);	890	profile_add(cmd);
891	}	891	}
892		892
893
894	#ifdef HAVE_GIT_INSTALL
895	// process git-install and git-uninstall
896	if (check_arg(argc, argv, "--git-install", 1))
897	git_install(); // this function will not return
898	if (check_arg(argc, argv, "--git-uninstall", 1))
899	git_uninstall(); // this function will not return
900	#endif
901
902	// profile builder	893	// profile builder
903	if (check_arg(argc, argv, "--build", 0)) // supports both --build and --build=filename	894	if (check_arg(argc, argv, "--build", 0)) // supports both --build and --build=filename
904	run_builder(argc, argv); // this function will not return	895	run_builder(argc, argv); // this function will not return


diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 542747efc..effbf3751 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c
@@ -78,11 +78,6 @@ static char *usage_str =
78	" --env=name=value - set environment variable.\n"	78	" --env=name=value - set environment variable.\n"
79	" --fs.print=name\|pid - print the filesystem log.\n"	79	" --fs.print=name\|pid - print the filesystem log.\n"
80	" --get=name\|pid filename - get a file from sandbox container.\n"	80	" --get=name\|pid filename - get a file from sandbox container.\n"
81	#ifdef HAVE_GIT_INSTALL
82	" --git-install - download, compile and install mainline git version\n"
83	"\tof Firejail.\n"
84	" --git-uninstall - uninstall mainline git version of Firejail\n"
85	#endif
86	" --help, -? - this help screen.\n"	81	" --help, -? - this help screen.\n"
87	" --hostname=name - set sandbox hostname.\n"	82	" --hostname=name - set sandbox hostname.\n"
88	" --hosts-file=file - use file as /etc/hosts.\n"	83	" --hosts-file=file - use file as /etc/hosts.\n"


diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 85550e576..d89a763a9 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -493,39 +493,6 @@ $ firejail \-\-fs.print=3272
493	\fB\-\-get=name\|pid filename	493	\fB\-\-get=name\|pid filename
494	Get a file from sandbox container, see \fBFILE TRANSFER\fR section for more details.	494	Get a file from sandbox container, see \fBFILE TRANSFER\fR section for more details.
495		495
496
497	.TP
498	\fB\-\-git-install
499	Download, compile and install mainline git version of Firejail from the official repository on GitHub.
500	The software is installed in /usr/local/bin, and takes precedence over the (old) version
501	installed in /usr/bin. If for any reason the new version doesn't work, the user can uninstall it
502	using \-\-git-uninstall command and revert to the old version.
503	.br
504
505	.br
506	Prerequisites: git and compile support are required for this command to work. On Debian/Ubuntu
507	systems this support is installed using "sudo apt-get install build-essential git".
508	.br
509
510	.br
511	Example:
512	.br
513
514	.br
515	$ firejail \-\-git-install
516
517	.TP
518	\fB\-\-git-uninstall
519	Remove the Firejail version previously installed in /usr/local/bin using \-\-git-install command.
520	.br
521
522	.br
523	Example:
524	.br
525
526	.br
527	$ firejail \-\-git-uninstall
528
529	.TP	496	.TP
530	\fB\-?\fR, \fB\-\-help\fR	497	\fB\-?\fR, \fB\-\-help\fR
531	Print options end exit.	498	Print options end exit.