remove LTS and FIRETUNNEL support

author: netblue30 <netblue30@protonmail.com> 2023-12-23 08:29:33 -0500
committer: netblue30 <netblue30@protonmail.com> 2023-12-23 08:29:33 -0500
commit: db09546f2946c921da1b07d9d3569c287238989b (patch)
tree: 5eb6edfb8cccfd9e9698a7750e19189b5deca2fe /src
parent: fix cppcheck (diff)
download: firejail-db09546f2946c921da1b07d9d3569c287238989b.tar.gz
firejail-db09546f2946c921da1b07d9d3569c287238989b.tar.zst
firejail-db09546f2946c921da1b07d9d3569c287238989b.zip
4 files changed, 0 insertions, 69 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 7792c6541..3283fae13 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -349,13 +349,6 @@ static const char *const compiletime_support =
                "disabled"
 #endif
-        "\n\t- firetunnel support is "
-#ifdef HAVE_FIRETUNNEL
-                "enabled"
-#else
-                "disabled"
-#endif
        "\n\t- IDS support is "
 #ifdef HAVE_IDS
                "enabled"
diff --git a/src/firejail/main.c b/src/firejail/main.c
index aaa7c8a2f..76bfcede8 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1827,33 +1827,6 @@ int main(int argc, char **argv, char **envp) {
                                exit_err_feature("overlayfs");
                }
 #endif
-#ifdef HAVE_FIRETUNNEL
-                else if (strcmp(argv[i], "--tunnel") == 0) {
-                        // try to connect to the default client side of the tunnel
-                        // if this fails, try the default server side of the tunnel
-                        if (access("/run/firetunnel/ftc", R_OK) == 0)
-                                profile_read("/run/firetunnel/ftc");
-                        else if (access("/run/firetunnel/fts", R_OK) == 0)
-                                profile_read("/run/firetunnel/fts");
-                        else {
-                                fprintf(stderr, "Error: no default firetunnel found, please specify it using --tunnel=devname option\n");
-                                exit(1);
-                        }
-                }
-                else if (strncmp(argv[i], "--tunnel=", 9) == 0) {
-                        char *fname;
-                        if (asprintf(&fname, "/run/firetunnel/%s", argv[i] + 9) == -1)
-                                errExit("asprintf");
-                        invalid_filename(fname, 0); // no globbing
-                        if (access(fname, R_OK) == 0)
-                                profile_read(fname);
-                        else {
-                                fprintf(stderr, "Error: tunnel not found\n");
-                                exit(1);
-                        }
-                }
-#endif
                else if (strncmp(argv[i], "--include=", 10) == 0) {
                        char *ppath = expand_macros(argv[i] + 10);
                        if (!ppath)
diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in
index 9761edb76..ccc9a50a5 100644
--- a/src/man/firejail.1.in
+++ b/src/man/firejail.1.in
@@ -42,15 +42,6 @@ Miscellaneous:
 firejail {\-? | \-\-debug-caps | \-\-debug-errnos | \-\-debug-syscalls | \-\-debug-syscalls32 | \-\-debug-protocols | \-\-help | \-\-version}
 .RE
 .SH DESCRIPTION
-#ifdef HAVE_LTS
-This is Firejail long-term support (LTS), an enterprise focused version of the software,
-LTS is usually supported for two or three years.
-During this time only bugs and the occasional documentation problems are fixed.
-The attack surface of the SUID executable was greatly reduced by removing some of the features.
-.br
-.br
-#endif
 Firejail is a SUID sandbox program that reduces the risk of security breaches by
 restricting the running environment of untrusted applications using Linux
 namespaces, seccomp-bpf and Linux capabilities.
@@ -3043,28 +3034,6 @@ $ firejail \-\-tree
 .br
  11970:netblue:transmission-gtk
-#ifdef HAVE_FIRETUNNEL
-.TP
-\fB\-\-tunnel[=devname]
-Connect the sandbox to a network overlay/VPN tunnel created by firetunnel utility. This options
-tries first the client side of the tunnel. If this fails, it tries the server side. If multiple tunnels are active,
-please specify the tunnel device using \-\-tunnel=devname.
-.br
-.br
-The available tunnel devices are listed in /etc/firetunnel directory, one file for each device.
-The files are regular firejail profile files containing the network configuration,
-and are created and managed by firetunnel utility.
-By default ftc is the client-side device and fts is the server-side device. For more information
-please see man 1 firetunnel.
-.br
-.br
-Example:
-.br
-$ firejail --tunnel firefox
-.br
-#endif
 .TP
 \fB\-\-version
 Print program version/compile time support and exit.
diff --git a/src/zsh_completion/_firejail.in b/src/zsh_completion/_firejail.in
index bea5df2be..c4056b902 100644
--- a/src/zsh_completion/_firejail.in
+++ b/src/zsh_completion/_firejail.in
@@ -213,10 +213,6 @@ _firejail_args=(
    '--ls=-[list files in sandbox container name|pid]: :_all_firejails'
 #endif
-#ifdef HAVE_FIRETUNNEL
-    '--tunnel=-[connect the sandbox to a tunnel created by firetunnel utility]: :'
-#endif
 #ifdef HAVE_NETWORK
    '--bandwidth=-[set bandwidth limits name|pid]: :_all_firejails'
    '--defaultgw=[configure default gateway]: :'
author	netblue30 <netblue30@protonmail.com>	2023-12-23 08:29:33 -0500
committer	netblue30 <netblue30@protonmail.com>	2023-12-23 08:29:33 -0500
commit	db09546f2946c921da1b07d9d3569c287238989b (patch)
tree	5eb6edfb8cccfd9e9698a7750e19189b5deca2fe /src
parent	fix cppcheck (diff)
download	firejail-db09546f2946c921da1b07d9d3569c287238989b.tar.gz firejail-db09546f2946c921da1b07d9d3569c287238989b.tar.zst firejail-db09546f2946c921da1b07d9d3569c287238989b.zip

diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 7792c6541..3283fae13 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c
@@ -349,13 +349,6 @@ static const char *const compiletime_support =
349	"disabled"	349	"disabled"
350	#endif	350	#endif
351		351
352	"\n\t- firetunnel support is "
353	#ifdef HAVE_FIRETUNNEL
354	"enabled"
355	#else
356	"disabled"
357	#endif
358
359	"\n\t- IDS support is "	352	"\n\t- IDS support is "
360	#ifdef HAVE_IDS	353	#ifdef HAVE_IDS
361	"enabled"	354	"enabled"


diff --git a/src/firejail/main.c b/src/firejail/main.c index aaa7c8a2f..76bfcede8 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -1827,33 +1827,6 @@ int main(int argc, char argv, char envp) {
1827	exit_err_feature("overlayfs");	1827	exit_err_feature("overlayfs");
1828	}	1828	}
1829	#endif	1829	#endif
1830	#ifdef HAVE_FIRETUNNEL
1831	else if (strcmp(argv[i], "--tunnel") == 0) {
1832	// try to connect to the default client side of the tunnel
1833	// if this fails, try the default server side of the tunnel
1834	if (access("/run/firetunnel/ftc", R_OK) == 0)
1835	profile_read("/run/firetunnel/ftc");
1836	else if (access("/run/firetunnel/fts", R_OK) == 0)
1837	profile_read("/run/firetunnel/fts");
1838	else {
1839	fprintf(stderr, "Error: no default firetunnel found, please specify it using --tunnel=devname option\n");
1840	exit(1);
1841	}
1842	}
1843	else if (strncmp(argv[i], "--tunnel=", 9) == 0) {
1844	char *fname;
1845
1846	if (asprintf(&fname, "/run/firetunnel/%s", argv[i] + 9) == -1)
1847	errExit("asprintf");
1848	invalid_filename(fname, 0); // no globbing
1849	if (access(fname, R_OK) == 0)
1850	profile_read(fname);
1851	else {
1852	fprintf(stderr, "Error: tunnel not found\n");
1853	exit(1);
1854	}
1855	}
1856	#endif
1857	else if (strncmp(argv[i], "--include=", 10) == 0) {	1830	else if (strncmp(argv[i], "--include=", 10) == 0) {
1858	char *ppath = expand_macros(argv[i] + 10);	1831	char *ppath = expand_macros(argv[i] + 10);
1859	if (!ppath)	1832	if (!ppath)


diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in index 9761edb76..ccc9a50a5 100644 --- a/src/man/firejail.1.in +++ b/src/man/firejail.1.in
@@ -42,15 +42,6 @@ Miscellaneous:
42	firejail {\-? \| \-\-debug-caps \| \-\-debug-errnos \| \-\-debug-syscalls \| \-\-debug-syscalls32 \| \-\-debug-protocols \| \-\-help \| \-\-version}	42	firejail {\-? \| \-\-debug-caps \| \-\-debug-errnos \| \-\-debug-syscalls \| \-\-debug-syscalls32 \| \-\-debug-protocols \| \-\-help \| \-\-version}
43	.RE	43	.RE
44	.SH DESCRIPTION	44	.SH DESCRIPTION
45	#ifdef HAVE_LTS
46	This is Firejail long-term support (LTS), an enterprise focused version of the software,
47	LTS is usually supported for two or three years.
48	During this time only bugs and the occasional documentation problems are fixed.
49	The attack surface of the SUID executable was greatly reduced by removing some of the features.
50	.br
51
52	.br
53	#endif
54	Firejail is a SUID sandbox program that reduces the risk of security breaches by	45	Firejail is a SUID sandbox program that reduces the risk of security breaches by
55	restricting the running environment of untrusted applications using Linux	46	restricting the running environment of untrusted applications using Linux
56	namespaces, seccomp-bpf and Linux capabilities.	47	namespaces, seccomp-bpf and Linux capabilities.
@@ -3043,28 +3034,6 @@ $ firejail \-\-tree
3043	.br	3034	.br
3044	11970:netblue:transmission-gtk	3035	11970:netblue:transmission-gtk
3045		3036
3046	#ifdef HAVE_FIRETUNNEL
3047	.TP
3048	\fB\-\-tunnel[=devname]
3049	Connect the sandbox to a network overlay/VPN tunnel created by firetunnel utility. This options
3050	tries first the client side of the tunnel. If this fails, it tries the server side. If multiple tunnels are active,
3051	please specify the tunnel device using \-\-tunnel=devname.
3052	.br
3053
3054	.br
3055	The available tunnel devices are listed in /etc/firetunnel directory, one file for each device.
3056	The files are regular firejail profile files containing the network configuration,
3057	and are created and managed by firetunnel utility.
3058	By default ftc is the client-side device and fts is the server-side device. For more information
3059	please see man 1 firetunnel.
3060	.br
3061
3062	.br
3063	Example:
3064	.br
3065	$ firejail --tunnel firefox
3066	.br
3067	#endif
3068	.TP	3037	.TP
3069	\fB\-\-version	3038	\fB\-\-version
3070	Print program version/compile time support and exit.	3039	Print program version/compile time support and exit.


diff --git a/src/zsh_completion/_firejail.in b/src/zsh_completion/_firejail.in index bea5df2be..c4056b902 100644 --- a/src/zsh_completion/_firejail.in +++ b/src/zsh_completion/_firejail.in
@@ -213,10 +213,6 @@ _firejail_args=(
213	'--ls=-[list files in sandbox container name\|pid]: :_all_firejails'	213	'--ls=-[list files in sandbox container name\|pid]: :_all_firejails'
214	#endif	214	#endif
215		215
216	#ifdef HAVE_FIRETUNNEL
217	'--tunnel=-[connect the sandbox to a tunnel created by firetunnel utility]: :'
218	#endif
219
220	#ifdef HAVE_NETWORK	216	#ifdef HAVE_NETWORK
221	'--bandwidth=-[set bandwidth limits name\|pid]: :_all_firejails'	217	'--bandwidth=-[set bandwidth limits name\|pid]: :_all_firejails'
222	'--defaultgw=[configure default gateway]: :'	218	'--defaultgw=[configure default gateway]: :'