diff options
-rwxr-xr-x | configure | 68 | ||||
-rw-r--r-- | configure.ac | 36 | ||||
-rw-r--r-- | src/common.mk.in | 6 |
3 files changed, 1 insertions, 109 deletions
@@ -631,15 +631,11 @@ HAVE_FATAL_WARNINGS | |||
631 | HAVE_SUID | 631 | HAVE_SUID |
632 | HAVE_WHITELIST | 632 | HAVE_WHITELIST |
633 | HAVE_FILE_TRANSFER | 633 | HAVE_FILE_TRANSFER |
634 | HAVE_X11 | ||
635 | HAVE_USERNS | 634 | HAVE_USERNS |
636 | HAVE_NETWORK | 635 | HAVE_NETWORK |
637 | HAVE_GLOBALCFG | 636 | HAVE_GLOBALCFG |
638 | HAVE_BIND | 637 | HAVE_BIND |
639 | HAVE_CHROOT | ||
640 | HAVE_SECCOMP | 638 | HAVE_SECCOMP |
641 | HAVE_PRIVATE_HOME | ||
642 | HAVE_OVERLAYFS | ||
643 | EXTRA_LDFLAGS | 639 | EXTRA_LDFLAGS |
644 | EGREP | 640 | EGREP |
645 | GREP | 641 | GREP |
@@ -700,15 +696,11 @@ ac_subst_files='' | |||
700 | ac_user_opts=' | 696 | ac_user_opts=' |
701 | enable_option_checking | 697 | enable_option_checking |
702 | enable_apparmor | 698 | enable_apparmor |
703 | enable_overlayfs | ||
704 | enable_private_home | ||
705 | enable_seccomp | 699 | enable_seccomp |
706 | enable_chroot | ||
707 | enable_bind | 700 | enable_bind |
708 | enable_globalcfg | 701 | enable_globalcfg |
709 | enable_network | 702 | enable_network |
710 | enable_userns | 703 | enable_userns |
711 | enable_x11 | ||
712 | enable_file_transfer | 704 | enable_file_transfer |
713 | enable_whitelist | 705 | enable_whitelist |
714 | enable_suid | 706 | enable_suid |
@@ -1346,16 +1338,12 @@ Optional Features: | |||
1346 | --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) | 1338 | --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) |
1347 | --enable-FEATURE[=ARG] include FEATURE [ARG=yes] | 1339 | --enable-FEATURE[=ARG] include FEATURE [ARG=yes] |
1348 | --enable-apparmor enable apparmor | 1340 | --enable-apparmor enable apparmor |
1349 | --disable-overlayfs disable overlayfs | ||
1350 | --disable-private-home disable private home feature | ||
1351 | --disable-seccomp disable seccomp | 1341 | --disable-seccomp disable seccomp |
1352 | --disable-chroot disable chroot | ||
1353 | --disable-bind disable bind | 1342 | --disable-bind disable bind |
1354 | --disable-globalcfg if the global config file firejail.cfg is not | 1343 | --disable-globalcfg if the global config file firejail.cfg is not |
1355 | present, continue the program using defaults | 1344 | present, continue the program using defaults |
1356 | --disable-network disable network | 1345 | --disable-network disable network |
1357 | --disable-userns disable user namespace | 1346 | --disable-userns disable user namespace |
1358 | --disable-x11 disable X11 sandboxing support | ||
1359 | --disable-file-transfer disable file transfer | 1347 | --disable-file-transfer disable file transfer |
1360 | --disable-whitelist disable whitelist | 1348 | --disable-whitelist disable whitelist |
1361 | --disable-suid install as a non-SUID executable | 1349 | --disable-suid install as a non-SUID executable |
@@ -3574,32 +3562,6 @@ if test "x$enable_apparmor" = "xyes"; then : | |||
3574 | fi | 3562 | fi |
3575 | 3563 | ||
3576 | 3564 | ||
3577 | HAVE_OVERLAYFS="" | ||
3578 | # Check whether --enable-overlayfs was given. | ||
3579 | if test "${enable_overlayfs+set}" = set; then : | ||
3580 | enableval=$enable_overlayfs; | ||
3581 | fi | ||
3582 | |||
3583 | if test "x$enable_overlayfs" != "xno"; then : | ||
3584 | |||
3585 | HAVE_OVERLAYFS="-DHAVE_OVERLAYFS" | ||
3586 | |||
3587 | |||
3588 | fi | ||
3589 | |||
3590 | HAVE_PRIVATEHOME="" | ||
3591 | # Check whether --enable-private-home was given. | ||
3592 | if test "${enable_private_home+set}" = set; then : | ||
3593 | enableval=$enable_private_home; | ||
3594 | fi | ||
3595 | |||
3596 | if test "x$enable_private_home" != "xno"; then : | ||
3597 | |||
3598 | HAVE_PRIVATE_HOME="-DHAVE_PRIVATE_HOME" | ||
3599 | |||
3600 | |||
3601 | fi | ||
3602 | |||
3603 | HAVE_SECCOMP="" | 3565 | HAVE_SECCOMP="" |
3604 | # Check whether --enable-seccomp was given. | 3566 | # Check whether --enable-seccomp was given. |
3605 | if test "${enable_seccomp+set}" = set; then : | 3567 | if test "${enable_seccomp+set}" = set; then : |
@@ -3613,19 +3575,6 @@ if test "x$enable_seccomp" != "xno"; then : | |||
3613 | 3575 | ||
3614 | fi | 3576 | fi |
3615 | 3577 | ||
3616 | HAVE_CHROOT="" | ||
3617 | # Check whether --enable-chroot was given. | ||
3618 | if test "${enable_chroot+set}" = set; then : | ||
3619 | enableval=$enable_chroot; | ||
3620 | fi | ||
3621 | |||
3622 | if test "x$enable_chroot" != "xno"; then : | ||
3623 | |||
3624 | HAVE_CHROOT="-DHAVE_CHROOT" | ||
3625 | |||
3626 | |||
3627 | fi | ||
3628 | |||
3629 | HAVE_BIND="" | 3578 | HAVE_BIND="" |
3630 | # Check whether --enable-bind was given. | 3579 | # Check whether --enable-bind was given. |
3631 | if test "${enable_bind+set}" = set; then : | 3580 | if test "${enable_bind+set}" = set; then : |
@@ -3678,19 +3627,6 @@ if test "x$enable_userns" != "xno"; then : | |||
3678 | 3627 | ||
3679 | fi | 3628 | fi |
3680 | 3629 | ||
3681 | HAVE_X11="" | ||
3682 | # Check whether --enable-x11 was given. | ||
3683 | if test "${enable_x11+set}" = set; then : | ||
3684 | enableval=$enable_x11; | ||
3685 | fi | ||
3686 | |||
3687 | if test "x$enable_x11" != "xno"; then : | ||
3688 | |||
3689 | HAVE_X11="-DHAVE_X11" | ||
3690 | |||
3691 | |||
3692 | fi | ||
3693 | |||
3694 | HAVE_FILE_TRANSFER="" | 3630 | HAVE_FILE_TRANSFER="" |
3695 | # Check whether --enable-file-transfer was given. | 3631 | # Check whether --enable-file-transfer was given. |
3696 | if test "${enable_file_transfer+set}" = set; then : | 3632 | if test "${enable_file_transfer+set}" = set; then : |
@@ -5021,15 +4957,11 @@ echo " seccomp: $HAVE_SECCOMP" | |||
5021 | echo " <linux/seccomp.h>: $HAVE_SECCOMP_H" | 4957 | echo " <linux/seccomp.h>: $HAVE_SECCOMP_H" |
5022 | echo " apparmor: $HAVE_APPARMOR" | 4958 | echo " apparmor: $HAVE_APPARMOR" |
5023 | echo " global config: $HAVE_GLOBALCFG" | 4959 | echo " global config: $HAVE_GLOBALCFG" |
5024 | echo " chroot: $HAVE_CHROOT" | ||
5025 | echo " bind: $HAVE_BIND" | 4960 | echo " bind: $HAVE_BIND" |
5026 | echo " network: $HAVE_NETWORK" | 4961 | echo " network: $HAVE_NETWORK" |
5027 | echo " user namespace: $HAVE_USERNS" | 4962 | echo " user namespace: $HAVE_USERNS" |
5028 | echo " X11 sandboxing support: $HAVE_X11" | ||
5029 | echo " whitelisting: $HAVE_WHITELIST" | 4963 | echo " whitelisting: $HAVE_WHITELIST" |
5030 | echo " private home support: $HAVE_PRIVATE_HOME" | ||
5031 | echo " file transfer support: $HAVE_FILE_TRANSFER" | 4964 | echo " file transfer support: $HAVE_FILE_TRANSFER" |
5032 | echo " overlayfs support: $HAVE_OVERLAYFS" | ||
5033 | echo " busybox workaround: $BUSYBOX_WORKAROUND" | 4965 | echo " busybox workaround: $BUSYBOX_WORKAROUND" |
5034 | echo " Spectre compiler patch: $HAVE_SPECTRE" | 4966 | echo " Spectre compiler patch: $HAVE_SPECTRE" |
5035 | echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" | 4967 | echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" |
diff --git a/configure.ac b/configure.ac index 6408609fd..0cd5c7dd0 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -55,22 +55,6 @@ AS_IF([test "x$enable_apparmor" = "xyes"], [ | |||
55 | ]) | 55 | ]) |
56 | AC_SUBST([EXTRA_LDFLAGS]) | 56 | AC_SUBST([EXTRA_LDFLAGS]) |
57 | 57 | ||
58 | HAVE_OVERLAYFS="" | ||
59 | AC_ARG_ENABLE([overlayfs], | ||
60 | AS_HELP_STRING([--disable-overlayfs], [disable overlayfs])) | ||
61 | AS_IF([test "x$enable_overlayfs" != "xno"], [ | ||
62 | HAVE_OVERLAYFS="-DHAVE_OVERLAYFS" | ||
63 | AC_SUBST(HAVE_OVERLAYFS) | ||
64 | ]) | ||
65 | |||
66 | HAVE_PRIVATEHOME="" | ||
67 | AC_ARG_ENABLE([private-home], | ||
68 | AS_HELP_STRING([--disable-private-home], [disable private home feature])) | ||
69 | AS_IF([test "x$enable_private_home" != "xno"], [ | ||
70 | HAVE_PRIVATE_HOME="-DHAVE_PRIVATE_HOME" | ||
71 | AC_SUBST(HAVE_PRIVATE_HOME) | ||
72 | ]) | ||
73 | |||
74 | HAVE_SECCOMP="" | 58 | HAVE_SECCOMP="" |
75 | AC_ARG_ENABLE([seccomp], | 59 | AC_ARG_ENABLE([seccomp], |
76 | AS_HELP_STRING([--disable-seccomp], [disable seccomp])) | 60 | AS_HELP_STRING([--disable-seccomp], [disable seccomp])) |
@@ -79,14 +63,6 @@ AS_IF([test "x$enable_seccomp" != "xno"], [ | |||
79 | AC_SUBST(HAVE_SECCOMP) | 63 | AC_SUBST(HAVE_SECCOMP) |
80 | ]) | 64 | ]) |
81 | 65 | ||
82 | HAVE_CHROOT="" | ||
83 | AC_ARG_ENABLE([chroot], | ||
84 | AS_HELP_STRING([--disable-chroot], [disable chroot])) | ||
85 | AS_IF([test "x$enable_chroot" != "xno"], [ | ||
86 | HAVE_CHROOT="-DHAVE_CHROOT" | ||
87 | AC_SUBST(HAVE_CHROOT) | ||
88 | ]) | ||
89 | |||
90 | HAVE_BIND="" | 66 | HAVE_BIND="" |
91 | AC_ARG_ENABLE([bind], | 67 | AC_ARG_ENABLE([bind], |
92 | AS_HELP_STRING([--disable-bind], [disable bind])) | 68 | AS_HELP_STRING([--disable-bind], [disable bind])) |
@@ -119,14 +95,6 @@ AS_IF([test "x$enable_userns" != "xno"], [ | |||
119 | AC_SUBST(HAVE_USERNS) | 95 | AC_SUBST(HAVE_USERNS) |
120 | ]) | 96 | ]) |
121 | 97 | ||
122 | HAVE_X11="" | ||
123 | AC_ARG_ENABLE([x11], | ||
124 | AS_HELP_STRING([--disable-x11], [disable X11 sandboxing support])) | ||
125 | AS_IF([test "x$enable_x11" != "xno"], [ | ||
126 | HAVE_X11="-DHAVE_X11" | ||
127 | AC_SUBST(HAVE_X11) | ||
128 | ]) | ||
129 | |||
130 | HAVE_FILE_TRANSFER="" | 98 | HAVE_FILE_TRANSFER="" |
131 | AC_ARG_ENABLE([file-transfer], | 99 | AC_ARG_ENABLE([file-transfer], |
132 | AS_HELP_STRING([--disable-file-transfer], [disable file transfer])) | 100 | AS_HELP_STRING([--disable-file-transfer], [disable file transfer])) |
@@ -201,15 +169,11 @@ echo " seccomp: $HAVE_SECCOMP" | |||
201 | echo " <linux/seccomp.h>: $HAVE_SECCOMP_H" | 169 | echo " <linux/seccomp.h>: $HAVE_SECCOMP_H" |
202 | echo " apparmor: $HAVE_APPARMOR" | 170 | echo " apparmor: $HAVE_APPARMOR" |
203 | echo " global config: $HAVE_GLOBALCFG" | 171 | echo " global config: $HAVE_GLOBALCFG" |
204 | echo " chroot: $HAVE_CHROOT" | ||
205 | echo " bind: $HAVE_BIND" | 172 | echo " bind: $HAVE_BIND" |
206 | echo " network: $HAVE_NETWORK" | 173 | echo " network: $HAVE_NETWORK" |
207 | echo " user namespace: $HAVE_USERNS" | 174 | echo " user namespace: $HAVE_USERNS" |
208 | echo " X11 sandboxing support: $HAVE_X11" | ||
209 | echo " whitelisting: $HAVE_WHITELIST" | 175 | echo " whitelisting: $HAVE_WHITELIST" |
210 | echo " private home support: $HAVE_PRIVATE_HOME" | ||
211 | echo " file transfer support: $HAVE_FILE_TRANSFER" | 176 | echo " file transfer support: $HAVE_FILE_TRANSFER" |
212 | echo " overlayfs support: $HAVE_OVERLAYFS" | ||
213 | echo " busybox workaround: $BUSYBOX_WORKAROUND" | 177 | echo " busybox workaround: $BUSYBOX_WORKAROUND" |
214 | echo " Spectre compiler patch: $HAVE_SPECTRE" | 178 | echo " Spectre compiler patch: $HAVE_SPECTRE" |
215 | echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" | 179 | echo " EXTRA_LDFLAGS: $EXTRA_LDFLAGS" |
diff --git a/src/common.mk.in b/src/common.mk.in index fd9f2e5a5..7440b7b45 100644 --- a/src/common.mk.in +++ b/src/common.mk.in | |||
@@ -10,18 +10,14 @@ VERSION=@PACKAGE_VERSION@ | |||
10 | NAME=@PACKAGE_NAME@ | 10 | NAME=@PACKAGE_NAME@ |
11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | 11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ |
12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | 12 | HAVE_SECCOMP=@HAVE_SECCOMP@ |
13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
14 | HAVE_BIND=@HAVE_BIND@ | 13 | HAVE_BIND=@HAVE_BIND@ |
15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | 14 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ |
16 | HAVE_NETWORK=@HAVE_NETWORK@ | 15 | HAVE_NETWORK=@HAVE_NETWORK@ |
17 | HAVE_USERNS=@HAVE_USERNS@ | 16 | HAVE_USERNS=@HAVE_USERNS@ |
18 | HAVE_X11=@HAVE_X11@ | ||
19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | 17 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ |
20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | 18 | HAVE_WHITELIST=@HAVE_WHITELIST@ |
21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | 19 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ |
22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | 20 | HAVE_APPARMOR=@HAVE_APPARMOR@ |
23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
25 | HAVE_GCOV=@HAVE_GCOV@ | 21 | HAVE_GCOV=@HAVE_GCOV@ |
26 | 22 | ||
27 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 23 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
@@ -29,7 +25,7 @@ C_FILE_LIST = $(sort $(wildcard *.c)) | |||
29 | OBJS = $(C_FILE_LIST:.c=.o) | 25 | OBJS = $(C_FILE_LIST:.c=.o) |
30 | BINOBJS = $(foreach file, $(OBJS), $file) | 26 | BINOBJS = $(foreach file, $(OBJS), $file) |
31 | 27 | ||
32 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | 28 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_APPARMOR) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security |
33 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 29 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
34 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 30 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
35 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | 31 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ |