diff options
| -rw-r--r-- | Makefile.in | 3 | ||||
| -rwxr-xr-x | configure | 19 | ||||
| -rw-r--r-- | configure.ac | 10 | ||||
| -rwxr-xr-x | mketc.sh | 14 |
4 files changed, 45 insertions, 1 deletions
diff --git a/Makefile.in b/Makefile.in index 5269170c2..6c98742b7 100644 --- a/Makefile.in +++ b/Makefile.in | |||
| @@ -16,6 +16,7 @@ NAME=@PACKAGE_NAME@ | |||
| 16 | PACKAGE_TARNAME=@PACKAGE_TARNAME@ | 16 | PACKAGE_TARNAME=@PACKAGE_TARNAME@ |
| 17 | DOCDIR=@docdir@ | 17 | DOCDIR=@docdir@ |
| 18 | HAVE_APPARMOR=@HAVE_APPARMOR@ | 18 | HAVE_APPARMOR=@HAVE_APPARMOR@ |
| 19 | BUSYBOX_WORKAROUND=@BUSYBOX_WORKAROUND@ | ||
| 19 | 20 | ||
| 20 | .PHONY: mylibs $(MYLIBS) | 21 | .PHONY: mylibs $(MYLIBS) |
| 21 | mylibs: $(MYLIBS) | 22 | mylibs: $(MYLIBS) |
| @@ -79,7 +80,7 @@ realinstall: | |||
| 79 | install -c -m 0644 README $(DESTDIR)/$(DOCDIR)/. | 80 | install -c -m 0644 README $(DESTDIR)/$(DOCDIR)/. |
| 80 | install -c -m 0644 RELNOTES $(DESTDIR)/$(DOCDIR)/. | 81 | install -c -m 0644 RELNOTES $(DESTDIR)/$(DOCDIR)/. |
| 81 | # etc files | 82 | # etc files |
| 82 | ./mketc.sh $(sysconfdir) | 83 | ./mketc.sh $(sysconfdir) $(BUSYBOX_WORKAROUND) |
| 83 | install -m 0755 -d $(DESTDIR)/$(sysconfdir)/firejail | 84 | install -m 0755 -d $(DESTDIR)/$(sysconfdir)/firejail |
| 84 | for file in .etc/* etc/firejail.config; do \ | 85 | for file in .etc/* etc/firejail.config; do \ |
| 85 | install -c -m 0644 $$file $(DESTDIR)/$(sysconfdir)/firejail; \ | 86 | install -c -m 0644 $$file $(DESTDIR)/$(sysconfdir)/firejail; \ |
| @@ -625,6 +625,7 @@ ac_includes_default="\ | |||
| 625 | ac_subst_vars='LTLIBOBJS | 625 | ac_subst_vars='LTLIBOBJS |
| 626 | LIBOBJS | 626 | LIBOBJS |
| 627 | HAVE_SECCOMP_H | 627 | HAVE_SECCOMP_H |
| 628 | BUSYBOX_WORKAROUND | ||
| 628 | HAVE_FATAL_WARNINGS | 629 | HAVE_FATAL_WARNINGS |
| 629 | HAVE_WHITELIST | 630 | HAVE_WHITELIST |
| 630 | HAVE_FILE_TRANSFER | 631 | HAVE_FILE_TRANSFER |
| @@ -703,6 +704,7 @@ enable_x11 | |||
| 703 | enable_file_transfer | 704 | enable_file_transfer |
| 704 | enable_whitelist | 705 | enable_whitelist |
| 705 | enable_fatal_warnings | 706 | enable_fatal_warnings |
| 707 | enable_busybox_workaround | ||
| 706 | ' | 708 | ' |
| 707 | ac_precious_vars='build_alias | 709 | ac_precious_vars='build_alias |
| 708 | host_alias | 710 | host_alias |
| @@ -1336,6 +1338,8 @@ Optional Features: | |||
| 1336 | --disable-file-transfer disable file transfer | 1338 | --disable-file-transfer disable file transfer |
| 1337 | --disable-whitelist disable whitelist | 1339 | --disable-whitelist disable whitelist |
| 1338 | --enable-fatal-warnings -W -Wall -Werror | 1340 | --enable-fatal-warnings -W -Wall -Werror |
| 1341 | --enable-busybox-workaround | ||
| 1342 | enable busybox workaround | ||
| 1339 | 1343 | ||
| 1340 | Some influential environment variables: | 1344 | Some influential environment variables: |
| 1341 | CC C compiler command | 1345 | CC C compiler command |
| @@ -3647,6 +3651,20 @@ if test "x$enable_fatal_warnings" = "xyes"; then : | |||
| 3647 | 3651 | ||
| 3648 | fi | 3652 | fi |
| 3649 | 3653 | ||
| 3654 | BUSYBOX_WORKAROUND="no" | ||
| 3655 | # Check whether --enable-busybox-workaround was given. | ||
| 3656 | if test "${enable_busybox_workaround+set}" = set; then : | ||
| 3657 | enableval=$enable_busybox_workaround; | ||
| 3658 | fi | ||
| 3659 | |||
| 3660 | if test "x$enable_busybox_workaround" = "xyes"; then : | ||
| 3661 | |||
| 3662 | BUSYBOX_WORKAROUND="yes" | ||
| 3663 | |||
| 3664 | |||
| 3665 | fi | ||
| 3666 | |||
| 3667 | |||
| 3650 | 3668 | ||
| 3651 | # checking pthread library | 3669 | # checking pthread library |
| 3652 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5 | 3670 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5 |
| @@ -4905,6 +4923,7 @@ echo " X11 sandboxing support: $HAVE_X11" | |||
| 4905 | echo " whitelisting: $HAVE_WHITELIST" | 4923 | echo " whitelisting: $HAVE_WHITELIST" |
| 4906 | echo " file transfer support: $HAVE_FILE_TRANSFER" | 4924 | echo " file transfer support: $HAVE_FILE_TRANSFER" |
| 4907 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" | 4925 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" |
| 4926 | echo " busybox workaround: $BUSYBOX_WORKAROUND" | ||
| 4908 | printf " uid_min: "; grep UID_MIN uids.h | 4927 | printf " uid_min: "; grep UID_MIN uids.h |
| 4909 | printf " gid_min: "; grep GID_MIN uids.h | 4928 | printf " gid_min: "; grep GID_MIN uids.h |
| 4910 | printf " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" | 4929 | printf " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" |
diff --git a/configure.ac b/configure.ac index 315c25038..149f76eae 100644 --- a/configure.ac +++ b/configure.ac | |||
| @@ -115,6 +115,15 @@ AS_IF([test "x$enable_fatal_warnings" = "xyes"], [ | |||
| 115 | AC_SUBST(HAVE_FATAL_WARNINGS) | 115 | AC_SUBST(HAVE_FATAL_WARNINGS) |
| 116 | ]) | 116 | ]) |
| 117 | 117 | ||
| 118 | BUSYBOX_WORKAROUND="no" | ||
| 119 | AC_ARG_ENABLE([busybox-workaround], | ||
| 120 | AS_HELP_STRING([--enable-busybox-workaround], [enable busybox workaround])) | ||
| 121 | AS_IF([test "x$enable_busybox_workaround" = "xyes"], [ | ||
| 122 | BUSYBOX_WORKAROUND="yes" | ||
| 123 | AC_SUBST(BUSYBOX_WORKAROUND) | ||
| 124 | ]) | ||
| 125 | |||
| 126 | |||
| 118 | 127 | ||
| 119 | # checking pthread library | 128 | # checking pthread library |
| 120 | AC_CHECK_LIB([pthread], [main], [], AC_MSG_ERROR([*** POSIX thread support not installed ***])) | 129 | AC_CHECK_LIB([pthread], [main], [], AC_MSG_ERROR([*** POSIX thread support not installed ***])) |
| @@ -148,6 +157,7 @@ echo " X11 sandboxing support: $HAVE_X11" | |||
| 148 | echo " whitelisting: $HAVE_WHITELIST" | 157 | echo " whitelisting: $HAVE_WHITELIST" |
| 149 | echo " file transfer support: $HAVE_FILE_TRANSFER" | 158 | echo " file transfer support: $HAVE_FILE_TRANSFER" |
| 150 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" | 159 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" |
| 160 | echo " busybox workaround: $BUSYBOX_WORKAROUND" | ||
| 151 | printf " uid_min: "; grep UID_MIN uids.h | 161 | printf " uid_min: "; grep UID_MIN uids.h |
| 152 | printf " gid_min: "; grep GID_MIN uids.h | 162 | printf " gid_min: "; grep GID_MIN uids.h |
| 153 | printf " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" | 163 | printf " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" |
| @@ -6,3 +6,17 @@ for file in etc/*.profile etc/*.inc etc/*.net; | |||
| 6 | do | 6 | do |
| 7 | sed "s;/etc/firejail;$1/firejail;g" $file > .$file | 7 | sed "s;/etc/firejail;$1/firejail;g" $file > .$file |
| 8 | done | 8 | done |
| 9 | |||
| 10 | if [ "x$2" = "xyes" ] | ||
| 11 | then | ||
| 12 | sed -i -e ' | ||
| 13 | 1i# Workaround for systems where common UNIX utilities are symlinks to busybox.\ | ||
| 14 | # If this is not your case you can remove --enable-busybox-workaround from\ | ||
| 15 | # ./configure options, for added security.\ | ||
| 16 | noblacklist \${PATH}/mount\ | ||
| 17 | noblacklist \${PATH}/umount\ | ||
| 18 | noblacklist \${PATH}/su\ | ||
| 19 | noblacklist \${PATH}/sudo\ | ||
| 20 | noblacklist \${PATH}/nc\ | ||
| 21 | ' .etc/disable-common.inc | ||
| 22 | fi | ||