diff options
-rwxr-xr-x | configure | 17 | ||||
-rw-r--r-- | configure.ac | 9 | ||||
-rw-r--r-- | src/firejail/Makefile.in | 3 | ||||
-rw-r--r-- | src/firejail/main.c | 5 |
4 files changed, 33 insertions, 1 deletions
@@ -629,6 +629,7 @@ EGREP | |||
629 | GREP | 629 | GREP |
630 | CPP | 630 | CPP |
631 | HAVE_FATAL_WARNINGS | 631 | HAVE_FATAL_WARNINGS |
632 | HAVE_FILE_TRANSFER | ||
632 | HAVE_X11 | 633 | HAVE_X11 |
633 | HAVE_USERNS | 634 | HAVE_USERNS |
634 | HAVE_NETWORK | 635 | HAVE_NETWORK |
@@ -693,6 +694,7 @@ enable_bind | |||
693 | enable_network | 694 | enable_network |
694 | enable_userns | 695 | enable_userns |
695 | enable_x11 | 696 | enable_x11 |
697 | enable_file_transfer | ||
696 | enable_fatal_warnings | 698 | enable_fatal_warnings |
697 | ' | 699 | ' |
698 | ac_precious_vars='build_alias | 700 | ac_precious_vars='build_alias |
@@ -1321,6 +1323,7 @@ Optional Features: | |||
1321 | restrict --net= to root only | 1323 | restrict --net= to root only |
1322 | --disable-userns disable user namespace | 1324 | --disable-userns disable user namespace |
1323 | --disable-x11 disable X11 support | 1325 | --disable-x11 disable X11 support |
1326 | --disable-file-transfer disable file transfer | ||
1324 | --enable-fatal-warnings -W -Wall -Werror | 1327 | --enable-fatal-warnings -W -Wall -Werror |
1325 | 1328 | ||
1326 | Some influential environment variables: | 1329 | Some influential environment variables: |
@@ -3147,6 +3150,19 @@ if test "x$enable_x11" != "xno"; then : | |||
3147 | 3150 | ||
3148 | fi | 3151 | fi |
3149 | 3152 | ||
3153 | HAVE_FILE_TRANSFER="" | ||
3154 | # Check whether --enable-file-transfer was given. | ||
3155 | if test "${enable_file_transfer+set}" = set; then : | ||
3156 | enableval=$enable_file_transfer; | ||
3157 | fi | ||
3158 | |||
3159 | if test "x$enable_file_transfer" != "xno"; then : | ||
3160 | |||
3161 | HAVE_FILE_TRANSFER="-DHAVE_FILE_TRANSFER" | ||
3162 | |||
3163 | |||
3164 | fi | ||
3165 | |||
3150 | HAVE_FATAL_WARNINGS="" | 3166 | HAVE_FATAL_WARNINGS="" |
3151 | # Check whether --enable-fatal_warnings was given. | 3167 | # Check whether --enable-fatal_warnings was given. |
3152 | if test "${enable_fatal_warnings+set}" = set; then : | 3168 | if test "${enable_fatal_warnings+set}" = set; then : |
@@ -4806,6 +4822,7 @@ echo " bind: $HAVE_BIND" | |||
4806 | echo " network: $HAVE_NETWORK" | 4822 | echo " network: $HAVE_NETWORK" |
4807 | echo " user namespace: $HAVE_USERNS" | 4823 | echo " user namespace: $HAVE_USERNS" |
4808 | echo " X11 support: $HAVE_X11" | 4824 | echo " X11 support: $HAVE_X11" |
4825 | echo " file transfer support: $HAVE_FILE_TRANSFER" | ||
4809 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" | 4826 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" |
4810 | echo | 4827 | echo |
4811 | 4828 | ||
diff --git a/configure.ac b/configure.ac index 512159568..71e3eb410 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -62,6 +62,14 @@ AS_IF([test "x$enable_x11" != "xno"], [ | |||
62 | AC_SUBST(HAVE_X11) | 62 | AC_SUBST(HAVE_X11) |
63 | ]) | 63 | ]) |
64 | 64 | ||
65 | HAVE_FILE_TRANSFER="" | ||
66 | AC_ARG_ENABLE([file-transfer], | ||
67 | AS_HELP_STRING([--disable-file-transfer], [disable file transfer])) | ||
68 | AS_IF([test "x$enable_file_transfer" != "xno"], [ | ||
69 | HAVE_FILE_TRANSFER="-DHAVE_FILE_TRANSFER" | ||
70 | AC_SUBST(HAVE_FILE_TRANSFER) | ||
71 | ]) | ||
72 | |||
65 | HAVE_FATAL_WARNINGS="" | 73 | HAVE_FATAL_WARNINGS="" |
66 | AC_ARG_ENABLE([fatal_warnings], | 74 | AC_ARG_ENABLE([fatal_warnings], |
67 | AS_HELP_STRING([--enable-fatal-warnings], [-W -Wall -Werror])) | 75 | AS_HELP_STRING([--enable-fatal-warnings], [-W -Wall -Werror])) |
@@ -95,6 +103,7 @@ echo " bind: $HAVE_BIND" | |||
95 | echo " network: $HAVE_NETWORK" | 103 | echo " network: $HAVE_NETWORK" |
96 | echo " user namespace: $HAVE_USERNS" | 104 | echo " user namespace: $HAVE_USERNS" |
97 | echo " X11 support: $HAVE_X11" | 105 | echo " X11 support: $HAVE_X11" |
106 | echo " file transfer support: $HAVE_FILE_TRANSFER" | ||
98 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" | 107 | echo " fatal warnings: $HAVE_FATAL_WARNINGS" |
99 | echo | 108 | echo |
100 | 109 | ||
diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in index ba6bda0a5..3ad4ba75e 100644 --- a/src/firejail/Makefile.in +++ b/src/firejail/Makefile.in | |||
@@ -15,13 +15,14 @@ HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | |||
15 | HAVE_NETWORK=@HAVE_NETWORK@ | 15 | HAVE_NETWORK=@HAVE_NETWORK@ |
16 | HAVE_USERNS=@HAVE_USERNS@ | 16 | HAVE_USERNS=@HAVE_USERNS@ |
17 | HAVE_X11=@HAVE_X11@ | 17 | HAVE_X11=@HAVE_X11@ |
18 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
18 | 19 | ||
19 | 20 | ||
20 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 21 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
21 | C_FILE_LIST = $(sort $(wildcard *.c)) | 22 | C_FILE_LIST = $(sort $(wildcard *.c)) |
22 | OBJS = $(C_FILE_LIST:.c=.o) | 23 | OBJS = $(C_FILE_LIST:.c=.o) |
23 | BINOBJS = $(foreach file, $(OBJS), $file) | 24 | BINOBJS = $(foreach file, $(OBJS), $file) |
24 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_SECCOMP) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | 25 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_SECCOMP) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security |
25 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 26 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
26 | 27 | ||
27 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h | 28 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 2c6b5a5e1..bfb0eadc9 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -271,6 +271,9 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
271 | #ifndef HAVE_X11 | 271 | #ifndef HAVE_X11 |
272 | printf("X11 support is disabled.\n"); | 272 | printf("X11 support is disabled.\n"); |
273 | #endif | 273 | #endif |
274 | #ifndef HAVE_FILE_TRANSFER | ||
275 | printf("File transfer support is disabled.\n"); | ||
276 | #endif | ||
274 | exit(0); | 277 | exit(0); |
275 | } | 278 | } |
276 | #ifdef HAVE_X11 | 279 | #ifdef HAVE_X11 |
@@ -426,6 +429,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
426 | exit(0); | 429 | exit(0); |
427 | } | 430 | } |
428 | #endif | 431 | #endif |
432 | #ifndef HAVE_FILE_TRANSFER | ||
429 | else if (strncmp(argv[i], "--get=", 6) == 0) { | 433 | else if (strncmp(argv[i], "--get=", 6) == 0) { |
430 | logargs(argc, argv); | 434 | logargs(argc, argv); |
431 | 435 | ||
@@ -472,6 +476,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
472 | sandboxfs_name(SANDBOX_FS_LS, argv[i] + 5, path); | 476 | sandboxfs_name(SANDBOX_FS_LS, argv[i] + 5, path); |
473 | exit(0); | 477 | exit(0); |
474 | } | 478 | } |
479 | #endif | ||
475 | else if (strncmp(argv[i], "--join=", 7) == 0) { | 480 | else if (strncmp(argv[i], "--join=", 7) == 0) { |
476 | logargs(argc, argv); | 481 | logargs(argc, argv); |
477 | 482 | ||