diff options
-rw-r--r-- | Makefile.in | 1 | ||||
-rwxr-xr-x | configure | 4 | ||||
-rw-r--r-- | configure.ac | 4 | ||||
-rw-r--r-- | etc/firejail.config | 30 |
4 files changed, 35 insertions, 4 deletions
diff --git a/Makefile.in b/Makefile.in index e60fde529..1a22700e8 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -147,6 +147,7 @@ realinstall: | |||
147 | install -c -m 0644 .etc/vivaldi-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 147 | install -c -m 0644 .etc/vivaldi-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
148 | install -c -m 0644 .etc/atril.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 148 | install -c -m 0644 .etc/atril.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
149 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 149 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
150 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | ||
150 | rm -fr .etc | 151 | rm -fr .etc |
151 | # man pages | 152 | # man pages |
152 | rm -f firejail.1.gz | 153 | rm -f firejail.1.gz |
@@ -1322,7 +1322,7 @@ Optional Features: | |||
1322 | --enable-network=restricted | 1322 | --enable-network=restricted |
1323 | restrict --net= to root only | 1323 | restrict --net= to root only |
1324 | --disable-userns disable user namespace | 1324 | --disable-userns disable user namespace |
1325 | --disable-x11 disable X11 support | 1325 | --disable-x11 disable X11 sandboxing support |
1326 | --disable-file-transfer disable file transfer | 1326 | --disable-file-transfer disable file transfer |
1327 | --enable-fatal-warnings -W -Wall -Werror | 1327 | --enable-fatal-warnings -W -Wall -Werror |
1328 | 1328 | ||
@@ -4821,7 +4821,7 @@ echo " chroot: $HAVE_CHROOT" | |||
4821 | echo " bind: $HAVE_BIND" | 4821 | echo " bind: $HAVE_BIND" |
4822 | echo " network: $HAVE_NETWORK" | 4822 | echo " network: $HAVE_NETWORK" |
4823 | echo " user namespace: $HAVE_USERNS" | 4823 | echo " user namespace: $HAVE_USERNS" |
4824 | echo " X11 support: $HAVE_X11" | 4824 | echo " X11 sandboxing support: $HAVE_X11" |
4825 | echo " file transfer support: $HAVE_FILE_TRANSFER" | 4825 | echo " file transfer support: $HAVE_FILE_TRANSFER" |
4826 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" | 4826 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" |
4827 | echo | 4827 | echo |
diff --git a/configure.ac b/configure.ac index 71e3eb410..c59f5a28b 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -56,7 +56,7 @@ AS_IF([test "x$enable_userns" != "xno"], [ | |||
56 | 56 | ||
57 | HAVE_X11="" | 57 | HAVE_X11="" |
58 | AC_ARG_ENABLE([x11], | 58 | AC_ARG_ENABLE([x11], |
59 | AS_HELP_STRING([--disable-x11], [disable X11 support])) | 59 | AS_HELP_STRING([--disable-x11], [disable X11 sandboxing support])) |
60 | AS_IF([test "x$enable_x11" != "xno"], [ | 60 | AS_IF([test "x$enable_x11" != "xno"], [ |
61 | HAVE_X11="-DHAVE_X11" | 61 | HAVE_X11="-DHAVE_X11" |
62 | AC_SUBST(HAVE_X11) | 62 | AC_SUBST(HAVE_X11) |
@@ -102,7 +102,7 @@ echo " chroot: $HAVE_CHROOT" | |||
102 | echo " bind: $HAVE_BIND" | 102 | echo " bind: $HAVE_BIND" |
103 | echo " network: $HAVE_NETWORK" | 103 | echo " network: $HAVE_NETWORK" |
104 | echo " user namespace: $HAVE_USERNS" | 104 | echo " user namespace: $HAVE_USERNS" |
105 | echo " X11 support: $HAVE_X11" | 105 | echo " X11 sandboxing support: $HAVE_X11" |
106 | echo " file transfer support: $HAVE_FILE_TRANSFER" | 106 | echo " file transfer support: $HAVE_FILE_TRANSFER" |
107 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" | 107 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" |
108 | echo | 108 | echo |
diff --git a/etc/firejail.config b/etc/firejail.config new file mode 100644 index 000000000..19525c942 --- /dev/null +++ b/etc/firejail.config | |||
@@ -0,0 +1,30 @@ | |||
1 | # This is Firejail system-wide configuration file, see firejail-config(5) for | ||
2 | # more information. The file contains keyword-argument pairs, one per line. | ||
3 | # Most features are enabled by default. Use 'yes' or 'no' as configuration | ||
4 | # values. | ||
5 | |||
6 | # Enable or disable seccomp support, default enabled. | ||
7 | # seccomp yes | ||
8 | |||
9 | # Enable or disable chroot support, default enabled. | ||
10 | # chroot yes | ||
11 | |||
12 | # Enable or disable bind support, default enabled. | ||
13 | # bind yes | ||
14 | |||
15 | # Enable or disable networking features, default enabled. | ||
16 | # network yes | ||
17 | |||
18 | # Enable or disable restricted network support, default disabled. If enabled, | ||
19 | # networking features (network yes) above should also be enabled. | ||
20 | # restricted-network no | ||
21 | |||
22 | # Enable or disable user namespace support, default enabled. | ||
23 | # userns yes | ||
24 | |||
25 | # Enable or disable X11 sandboxing support, default enabled. | ||
26 | # x11 yes | ||
27 | |||
28 | # Enable or disable file transfer support, default enabled. | ||
29 | # file-transfer yes | ||
30 | |||