diff options
-rw-r--r-- | .github/workflows/build.yml | 2 | ||||
-rw-r--r-- | .gitlab-ci.yml | 16 | ||||
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | README | 4 | ||||
-rwxr-xr-x | contrib/update_deb.sh | 2 | ||||
-rw-r--r-- | etc/inc/whitelist-usr-share-common.inc | 1 | ||||
-rw-r--r-- | etc/profile-a-l/com.github.johnfactotum.Foliate.profile | 3 | ||||
-rw-r--r-- | etc/profile-m-z/open-invaders.profile | 1 | ||||
-rw-r--r-- | etc/profile-m-z/simutrans.profile | 1 | ||||
-rwxr-xr-x | mkdeb.sh | 2 | ||||
-rwxr-xr-x | test/environment/rlimit-join.exp | 4 |
11 files changed, 20 insertions, 20 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f61e19fdc..f1167b78b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
@@ -62,7 +62,7 @@ jobs: | |||
62 | - name: install dependencies | 62 | - name: install dependencies |
63 | run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois | 63 | run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois |
64 | - name: configure | 64 | - name: configure |
65 | run: CC=gcc-12 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr | 65 | run: CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux |
66 | - name: make | 66 | - name: make |
67 | run: make | 67 | run: make |
68 | - name: make install | 68 | - name: make install |
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index af590e2e1..6dcb40e67 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml | |||
@@ -9,8 +9,8 @@ build_ubuntu_package: | |||
9 | image: ubuntu:rolling | 9 | image: ubuntu:rolling |
10 | script: | 10 | script: |
11 | - apt-get update -qq | 11 | - apt-get update -qq |
12 | - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian pkg-config python3 gawk | 12 | - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config python3 gawk |
13 | - ./configure --prefix=/usr && make deb && dpkg -i firejail*.deb | 13 | - ./configure && make deb && dpkg -i firejail*.deb |
14 | - command -V firejail && firejail --version | 14 | - command -V firejail && firejail --version |
15 | - python3 contrib/sort.py etc/profile-*/*.profile etc/inc/*.inc | 15 | - python3 contrib/sort.py etc/profile-*/*.profile etc/inc/*.inc |
16 | 16 | ||
@@ -18,8 +18,8 @@ build_debian_package: | |||
18 | image: debian:stretch | 18 | image: debian:stretch |
19 | script: | 19 | script: |
20 | - apt-get update -qq | 20 | - apt-get update -qq |
21 | - apt-get install -y -qq build-essential lintian pkg-config gawk | 21 | - apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk |
22 | - ./configure --prefix=/usr && make deb && dpkg -i firejail*.deb | 22 | - ./configure && make deb && dpkg -i firejail*.deb |
23 | - command -V firejail && firejail --version | 23 | - command -V firejail && firejail --version |
24 | 24 | ||
25 | build_redhat_package: | 25 | build_redhat_package: |
@@ -49,14 +49,14 @@ build_src_package: | |||
49 | - command -V firejail && firejail --version | 49 | - command -V firejail && firejail --version |
50 | # - python3 contrib/sort.py etc/*.{profile,inc} | 50 | # - python3 contrib/sort.py etc/*.{profile,inc} |
51 | 51 | ||
52 | build_apparmor: | 52 | build_no_apparmor: |
53 | image: ubuntu:latest | 53 | image: ubuntu:latest |
54 | script: | 54 | script: |
55 | - apt-get update -qq | 55 | - apt-get update -qq |
56 | - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk | 56 | - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian pkg-config gawk |
57 | - ./configure && make deb-apparmor && dpkg -i firejail*.deb | 57 | - ./configure && make dist && ./mkdeb.sh --disable-apparmor && dpkg -i firejail*.deb |
58 | - command -V firejail && firejail --version | 58 | - command -V firejail && firejail --version |
59 | - firejail --version | grep -F 'AppArmor support is enabled' | 59 | - firejail --version | grep -F 'AppArmor support is disabled' |
60 | 60 | ||
61 | debian_ci: | 61 | debian_ci: |
62 | image: registry.salsa.debian.org/salsa-ci-team/ci-image-git-buildpackage:latest | 62 | image: registry.salsa.debian.org/salsa-ci-team/ci-image-git-buildpackage:latest |
@@ -340,10 +340,6 @@ asc: config.mk | |||
340 | deb: dist config.sh | 340 | deb: dist config.sh |
341 | ./mkdeb.sh | 341 | ./mkdeb.sh |
342 | 342 | ||
343 | .PHONY: deb-apparmor | ||
344 | deb-apparmor: dist config.sh | ||
345 | env EXTRA_VERSION=-apparmor ./mkdeb.sh --enable-apparmor | ||
346 | |||
347 | .PHONY: test-compile | 343 | .PHONY: test-compile |
348 | test-compile: dist config.mk | 344 | test-compile: dist config.mk |
349 | cd test/compile; ./compile.sh $(TARNAME)-$(VERSION) | 345 | cd test/compile; ./compile.sh $(TARNAME)-$(VERSION) |
@@ -34,7 +34,7 @@ $ sudo apt-get install git build-essential libapparmor-dev pkg-config gawk | |||
34 | For --selinux option, add libselinux1-dev (libselinux-devel for Fedora). | 34 | For --selinux option, add libselinux1-dev (libselinux-devel for Fedora). |
35 | 35 | ||
36 | We build our release firejail.tar.xz and firejail.deb packages using the following command: | 36 | We build our release firejail.tar.xz and firejail.deb packages using the following command: |
37 | $ make distclean && ./configure && make deb-apparmor | 37 | $ make distclean && ./configure && make deb |
38 | 38 | ||
39 | 39 | ||
40 | Maintainer: | 40 | Maintainer: |
@@ -329,6 +329,8 @@ Dara Adib (https://github.com/daradib) | |||
329 | - linphone profile fix | 329 | - linphone profile fix |
330 | Dario Pellegrini (https://github.com/dpellegr) | 330 | Dario Pellegrini (https://github.com/dpellegr) |
331 | - allowing links in netns | 331 | - allowing links in netns |
332 | David Fetter (https://github.com/davidfetter) | ||
333 | - bump up copyright years | ||
332 | David Thole (https://github.com/TheDarkTrumpet) | 334 | David Thole (https://github.com/TheDarkTrumpet) |
333 | - added profile for teams-for-linux | 335 | - added profile for teams-for-linux |
334 | Davide Beatrici (https://github.com/davidebeatrici) | 336 | Davide Beatrici (https://github.com/davidebeatrici) |
diff --git a/contrib/update_deb.sh b/contrib/update_deb.sh index 26be5484e..aaefc38a8 100755 --- a/contrib/update_deb.sh +++ b/contrib/update_deb.sh | |||
@@ -15,7 +15,7 @@ cd firejail | |||
15 | sed -i "s/# restricted-network .*/restricted-network yes/" \ | 15 | sed -i "s/# restricted-network .*/restricted-network yes/" \ |
16 | etc/firejail.config | 16 | etc/firejail.config |
17 | 17 | ||
18 | make deb-apparmor | 18 | make deb |
19 | sudo dpkg -i firejail*.deb | 19 | sudo dpkg -i firejail*.deb |
20 | echo "Firejail updated." | 20 | echo "Firejail updated." |
21 | cd .. | 21 | cd .. |
diff --git a/etc/inc/whitelist-usr-share-common.inc b/etc/inc/whitelist-usr-share-common.inc index bb0bcd050..dcf941004 100644 --- a/etc/inc/whitelist-usr-share-common.inc +++ b/etc/inc/whitelist-usr-share-common.inc | |||
@@ -29,6 +29,7 @@ whitelist /usr/share/gtk-engines | |||
29 | whitelist /usr/share/gtksourceview-3.0 | 29 | whitelist /usr/share/gtksourceview-3.0 |
30 | whitelist /usr/share/gtksourceview-4 | 30 | whitelist /usr/share/gtksourceview-4 |
31 | whitelist /usr/share/hunspell | 31 | whitelist /usr/share/hunspell |
32 | whitelist /usr/share/hyphen | ||
32 | whitelist /usr/share/hwdata | 33 | whitelist /usr/share/hwdata |
33 | whitelist /usr/share/icons | 34 | whitelist /usr/share/icons |
34 | whitelist /usr/share/icu | 35 | whitelist /usr/share/icu |
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile index f4533b537..6177b52c0 100644 --- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile +++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile | |||
@@ -2,7 +2,7 @@ | |||
2 | # Description: Simple and modern GTK eBook reader | 2 | # Description: Simple and modern GTK eBook reader |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include foliate.local | 5 | include com.github.johnfactotum.Foliate.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
@@ -28,7 +28,6 @@ whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate | |||
28 | whitelist ${DOCUMENTS} | 28 | whitelist ${DOCUMENTS} |
29 | whitelist ${DOWNLOADS} | 29 | whitelist ${DOWNLOADS} |
30 | whitelist /usr/share/com.github.johnfactotum.Foliate | 30 | whitelist /usr/share/com.github.johnfactotum.Foliate |
31 | whitelist /usr/share/hyphen | ||
32 | include whitelist-common.inc | 31 | include whitelist-common.inc |
33 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
34 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/open-invaders.profile b/etc/profile-m-z/open-invaders.profile index f6b070ab3..498a4f6c8 100644 --- a/etc/profile-m-z/open-invaders.profile +++ b/etc/profile-m-z/open-invaders.profile | |||
@@ -35,6 +35,7 @@ seccomp | |||
35 | 35 | ||
36 | private-bin open-invaders | 36 | private-bin open-invaders |
37 | private-dev | 37 | private-dev |
38 | private-etc @x11 | ||
38 | private-tmp | 39 | private-tmp |
39 | 40 | ||
40 | dbus-user none | 41 | dbus-user none |
diff --git a/etc/profile-m-z/simutrans.profile b/etc/profile-m-z/simutrans.profile index 6ba735556..f88ae65c8 100644 --- a/etc/profile-m-z/simutrans.profile +++ b/etc/profile-m-z/simutrans.profile | |||
@@ -35,6 +35,7 @@ seccomp | |||
35 | 35 | ||
36 | # private-bin simutrans | 36 | # private-bin simutrans |
37 | private-dev | 37 | private-dev |
38 | private-etc @games,@x11 | ||
38 | private-tmp | 39 | private-tmp |
39 | 40 | ||
40 | dbus-user none | 41 | dbus-user none |
@@ -25,7 +25,7 @@ echo "*****************************************" | |||
25 | tar -xJvf "$CODE_ARCHIVE" | 25 | tar -xJvf "$CODE_ARCHIVE" |
26 | #mkdir -p "$INSTALL_DIR" | 26 | #mkdir -p "$INSTALL_DIR" |
27 | cd "$CODE_DIR" | 27 | cd "$CODE_DIR" |
28 | ./configure --prefix=/usr "$@" | 28 | ./configure --prefix=/usr --enable-apparmor "$@" |
29 | make -j2 | 29 | make -j2 |
30 | mkdir debian | 30 | mkdir debian |
31 | DESTDIR=debian make install-strip | 31 | DESTDIR=debian make install-strip |
diff --git a/test/environment/rlimit-join.exp b/test/environment/rlimit-join.exp index 903377e11..c71dad27e 100755 --- a/test/environment/rlimit-join.exp +++ b/test/environment/rlimit-join.exp | |||
@@ -8,7 +8,7 @@ cd /home | |||
8 | spawn $env(SHELL) | 8 | spawn $env(SHELL) |
9 | match_max 100000 | 9 | match_max 100000 |
10 | 10 | ||
11 | send -- "firejail --noprofile --name=\"rlimit testing\"\r" | 11 | send -- "firejail --noprofile --name=\"rlimittesting\"\r" |
12 | expect { | 12 | expect { |
13 | timeout {puts "TESTING ERROR 0\n";exit} | 13 | timeout {puts "TESTING ERROR 0\n";exit} |
14 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" | 14 | -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" |
@@ -16,7 +16,7 @@ expect { | |||
16 | sleep 1 | 16 | sleep 1 |
17 | 17 | ||
18 | spawn $env(SHELL) | 18 | spawn $env(SHELL) |
19 | send -- "firejail --rlimit-nofile=1234 --join=\"rlimit testing\"\r" | 19 | send -- "firejail --rlimit-nofile=1234 --join=\"rlimittesting\"\r" |
20 | expect { | 20 | expect { |
21 | timeout {puts "TESTING ERROR 1\n";exit} | 21 | timeout {puts "TESTING ERROR 1\n";exit} |
22 | "Switching to pid" | 22 | "Switching to pid" |