diff options
-rw-r--r-- | README | 3 | ||||
-rw-r--r-- | RELNOTES | 3 | ||||
-rwxr-xr-x | configure | 12 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rwxr-xr-x | test/compile/compile.sh | 22 |
5 files changed, 40 insertions, 2 deletions
@@ -18,6 +18,9 @@ License: GPL v2 | |||
18 | Firejail Authors: | 18 | Firejail Authors: |
19 | 19 | ||
20 | netblue30 (netblue30@yahoo.com) | 20 | netblue30 (netblue30@yahoo.com) |
21 | yumkam (https://github.com/yumkam) | ||
22 | - add compile-time option to restrict --net= to root only | ||
23 | - man page fixes | ||
21 | Vasya Novikov (https://github.com/vn971) | 24 | Vasya Novikov (https://github.com/vn971) |
22 | - Wesnoth profile | 25 | - Wesnoth profile |
23 | mahdi1234 (https://github.com/mahdi1234) | 26 | mahdi1234 (https://github.com/mahdi1234) |
@@ -5,10 +5,11 @@ firejail (0.9.39) baseline; urgency=low | |||
5 | * added --nice option | 5 | * added --nice option |
6 | * addded mkdir profile command | 6 | * addded mkdir profile command |
7 | * --version also prints compile options | 7 | * --version also prints compile options |
8 | * added compile-time option to restrict --net= to root only | ||
8 | * build rpm packages using "make rpms" | 9 | * build rpm packages using "make rpms" |
9 | * new profiles: lxterminal, Epiphany, cherrytree, Polari | 10 | * new profiles: lxterminal, Epiphany, cherrytree, Polari |
10 | * bugfixes | 11 | * bugfixes |
11 | -- netblue30 <netblue30@yahoo.com> Tue, 8 Feb 2016 10:00:00 -0500 | 12 | -- netblue30 <netblue30@yahoo.com> Wed, 24 Feb 2016 10:00:00 -0500 |
12 | 13 | ||
13 | firejail (0.9.38) baseline; urgency=low | 14 | firejail (0.9.38) baseline; urgency=low |
14 | * IPv6 support (--ip6 and --netfilter6) | 15 | * IPv6 support (--ip6 and --netfilter6) |
@@ -1317,6 +1317,8 @@ Optional Features: | |||
1317 | --disable-chroot disable chroot | 1317 | --disable-chroot disable chroot |
1318 | --disable-bind disable bind | 1318 | --disable-bind disable bind |
1319 | --disable-network disable network | 1319 | --disable-network disable network |
1320 | --enable-network=restricted | ||
1321 | restrict --net= to root only | ||
1320 | --disable-userns disable user namespace | 1322 | --disable-userns disable user namespace |
1321 | --disable-x11 disable X11 support | 1323 | --disable-x11 disable X11 support |
1322 | --enable-fatal-warnings -W -Wall -Werror | 1324 | --enable-fatal-warnings -W -Wall -Werror |
@@ -3102,9 +3104,19 @@ if test "${enable_network+set}" = set; then : | |||
3102 | enableval=$enable_network; | 3104 | enableval=$enable_network; |
3103 | fi | 3105 | fi |
3104 | 3106 | ||
3107 | # Check whether --enable-network was given. | ||
3108 | if test "${enable_network+set}" = set; then : | ||
3109 | enableval=$enable_network; | ||
3110 | fi | ||
3111 | |||
3105 | if test "x$enable_network" != "xno"; then : | 3112 | if test "x$enable_network" != "xno"; then : |
3106 | 3113 | ||
3107 | HAVE_NETWORK="-DHAVE_NETWORK" | 3114 | HAVE_NETWORK="-DHAVE_NETWORK" |
3115 | if test "x$enable_network" = "xrestricted"; then : | ||
3116 | |||
3117 | HAVE_NETWORK="$HAVE_NETWORK -DHAVE_NETWORK_RESTRICTED" | ||
3118 | |||
3119 | fi | ||
3108 | 3120 | ||
3109 | 3121 | ||
3110 | fi | 3122 | fi |
diff --git a/configure.ac b/configure.ac index 9b717d333..512159568 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -36,6 +36,8 @@ AS_IF([test "x$enable_bind" != "xno"], [ | |||
36 | HAVE_NETWORK="" | 36 | HAVE_NETWORK="" |
37 | AC_ARG_ENABLE([network], | 37 | AC_ARG_ENABLE([network], |
38 | AS_HELP_STRING([--disable-network], [disable network])) | 38 | AS_HELP_STRING([--disable-network], [disable network])) |
39 | AC_ARG_ENABLE([network], | ||
40 | AS_HELP_STRING([--enable-network=restricted], [ restrict --net= to root only])) | ||
39 | AS_IF([test "x$enable_network" != "xno"], [ | 41 | AS_IF([test "x$enable_network" != "xno"], [ |
40 | HAVE_NETWORK="-DHAVE_NETWORK" | 42 | HAVE_NETWORK="-DHAVE_NETWORK" |
41 | AS_IF([test "x$enable_network" = "xrestricted"], [ | 43 | AS_IF([test "x$enable_network" = "xrestricted"], [ |
diff --git a/test/compile/compile.sh b/test/compile/compile.sh index d191b4d2b..40d37a990 100755 --- a/test/compile/compile.sh +++ b/test/compile/compile.sh | |||
@@ -7,6 +7,7 @@ arr[4]="TEST 4: compile bind disabled" | |||
7 | arr[5]="TEST 5: compile user namespace disabled" | 7 | arr[5]="TEST 5: compile user namespace disabled" |
8 | arr[6]="TEST 6: compile network disabled" | 8 | arr[6]="TEST 6: compile network disabled" |
9 | arr[7]="TEST 7: compile X11 disabled" | 9 | arr[7]="TEST 7: compile X11 disabled" |
10 | arr[8]="TEST 8: compile network restricted" | ||
10 | 11 | ||
11 | 12 | ||
12 | # remove previous reports and output file | 13 | # remove previous reports and output file |
@@ -153,7 +154,7 @@ rm output-configure output-make | |||
153 | # - disable X11 support | 154 | # - disable X11 support |
154 | # - check compilation | 155 | # - check compilation |
155 | #***************************************************************** | 156 | #***************************************************************** |
156 | print_title "${arr[6]}" | 157 | print_title "${arr[7]}" |
157 | # seccomp | 158 | # seccomp |
158 | cd firejail | 159 | cd firejail |
159 | make distclean | 160 | make distclean |
@@ -166,6 +167,24 @@ rm output-configure output-make | |||
166 | 167 | ||
167 | 168 | ||
168 | #***************************************************************** | 169 | #***************************************************************** |
170 | # TEST 8 | ||
171 | #***************************************************************** | ||
172 | # - enable network restricted | ||
173 | # - check compilation | ||
174 | #***************************************************************** | ||
175 | print_title "${arr[8]}" | ||
176 | # seccomp | ||
177 | cd firejail | ||
178 | make distclean | ||
179 | ./configure --prefix=/usr --enable-network=restricted --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
180 | make -j4 2>&1 | tee ../output-make | ||
181 | cd .. | ||
182 | grep Warning output-configure output-make > ./report-test8 | ||
183 | grep Error output-configure output-make >> ./report-test8 | ||
184 | rm output-configure output-make | ||
185 | |||
186 | |||
187 | #***************************************************************** | ||
169 | # PRINT REPORTS | 188 | # PRINT REPORTS |
170 | #***************************************************************** | 189 | #***************************************************************** |
171 | echo | 190 | echo |
@@ -186,3 +205,4 @@ echo ${arr[4]} | |||
186 | echo ${arr[5]} | 205 | echo ${arr[5]} |
187 | echo ${arr[6]} | 206 | echo ${arr[6]} |
188 | echo ${arr[7]} | 207 | echo ${arr[7]} |
208 | echo ${arr[8]} | ||