diff options
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | Makefile.in | 4 | ||||
| -rw-r--r-- | README | 2 | ||||
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | RELNOTES | 2 | ||||
| -rwxr-xr-x | configure | 3 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | etc/bleachbit.profile | 3 | ||||
| -rw-r--r-- | etc/gnome-logs.profile | 40 | ||||
| -rwxr-xr-x | gcov.sh | 11 | ||||
| -rw-r--r-- | src/common.mk.in | 37 | ||||
| -rw-r--r-- | src/faudit/Makefile.in | 19 | ||||
| -rw-r--r-- | src/fbuilder/Makefile.in | 33 | ||||
| -rw-r--r-- | src/fcopy/Makefile.in | 34 | ||||
| -rw-r--r-- | src/firecfg/Makefile.in | 31 | ||||
| -rw-r--r-- | src/firecfg/firecfg.config | 1 | ||||
| -rw-r--r-- | src/firejail/Makefile.in | 36 | ||||
| -rw-r--r-- | src/firemon/Makefile.in | 20 | ||||
| -rw-r--r-- | src/fldd/Makefile.in | 33 | ||||
| -rw-r--r-- | src/fnet/Makefile.in | 33 | ||||
| -rw-r--r-- | src/fnetfilter/Makefile.in | 33 | ||||
| -rw-r--r-- | src/fsec-optimize/Makefile.in | 33 | ||||
| -rw-r--r-- | src/fsec-print/Makefile.in | 34 | ||||
| -rw-r--r-- | src/fseccomp/Makefile.in | 33 | ||||
| -rw-r--r-- | src/ftee/Makefile.in | 18 | ||||
| -rw-r--r-- | src/lib/Makefile.in | 16 | ||||
| -rwxr-xr-x | test/root/firecfg.exp | 8 | ||||
| -rwxr-xr-x | test/root/root.sh | 4 | ||||
| -rwxr-xr-x | test/utils/audit.exp | 20 | ||||
| -rwxr-xr-x | test/utils/build.exp | 12 | ||||
| -rwxr-xr-x | test/utils/utils.sh | 8 |
31 files changed, 164 insertions, 403 deletions
diff --git a/.gitignore b/.gitignore index eeaa0bb03..1285dea92 100644 --- a/.gitignore +++ b/.gitignore | |||
| @@ -38,3 +38,5 @@ seccomp.32 | |||
| 38 | seccomp.64 | 38 | seccomp.64 |
| 39 | seccomp.block_secondary | 39 | seccomp.block_secondary |
| 40 | seccomp.mdwx | 40 | seccomp.mdwx |
| 41 | src/common.mk | ||
| 42 | |||
diff --git a/Makefile.in b/Makefile.in index 21055b694..134e7bd66 100644 --- a/Makefile.in +++ b/Makefile.in | |||
| @@ -75,7 +75,7 @@ distclean: clean | |||
| 75 | for dir in $(APPS) $(MYLIBS); do \ | 75 | for dir in $(APPS) $(MYLIBS); do \ |
| 76 | $(MAKE) -C $$dir distclean; \ | 76 | $(MAKE) -C $$dir distclean; \ |
| 77 | done | 77 | done |
| 78 | rm -fr Makefile autom4te.cache config.log config.status config.h uids.h dummy.o | 78 | rm -fr Makefile autom4te.cache config.log config.status config.h uids.h dummy.o src/common.mk |
| 79 | 79 | ||
| 80 | realinstall: | 80 | realinstall: |
| 81 | # firejail executable | 81 | # firejail executable |
| @@ -107,6 +107,7 @@ endif | |||
| 107 | install -c -m 0755 src/fbuilder/fbuilder $(DESTDIR)/$(libdir)/firejail/. | 107 | install -c -m 0755 src/fbuilder/fbuilder $(DESTDIR)/$(libdir)/firejail/. |
| 108 | ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP) | 108 | ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP) |
| 109 | install -c -m 0755 src/fsec-print/fsec-print $(DESTDIR)/$(libdir)/firejail/. | 109 | install -c -m 0755 src/fsec-print/fsec-print $(DESTDIR)/$(libdir)/firejail/. |
| 110 | install -c -m 0755 src/fsec-optimize/fsec-optimize $(DESTDIR)/$(libdir)/firejail/. | ||
| 110 | install -c -m 0755 src/fseccomp/fseccomp $(DESTDIR)/$(libdir)/firejail/. | 111 | install -c -m 0755 src/fseccomp/fseccomp $(DESTDIR)/$(libdir)/firejail/. |
| 111 | install -c -m 0644 seccomp $(DESTDIR)/$(libdir)/firejail/. | 112 | install -c -m 0644 seccomp $(DESTDIR)/$(libdir)/firejail/. |
| 112 | install -c -m 0644 seccomp.debug $(DESTDIR)/$(libdir)/firejail/. | 113 | install -c -m 0644 seccomp.debug $(DESTDIR)/$(libdir)/firejail/. |
| @@ -176,6 +177,7 @@ install-strip: all | |||
| 176 | strip src/fnetfilter/fnetfilter | 177 | strip src/fnetfilter/fnetfilter |
| 177 | strip src/fseccomp/fseccomp | 178 | strip src/fseccomp/fseccomp |
| 178 | strip src/fsec-print/fsec-print | 179 | strip src/fsec-print/fsec-print |
| 180 | strip src/fsec-optimize/fsec-optimize | ||
| 179 | strip src/fcopy/fcopy | 181 | strip src/fcopy/fcopy |
| 180 | strip src/fldd/fldd | 182 | strip src/fldd/fldd |
| 181 | strip src/fbuilder/fbuilder | 183 | strip src/fbuilder/fbuilder |
| @@ -246,7 +246,7 @@ geg2048 (https://github.com/geg2048) | |||
| 246 | - kwallet profile fixes | 246 | - kwallet profile fixes |
| 247 | glitsj16 (https://github.com/glitsj16) | 247 | glitsj16 (https://github.com/glitsj16) |
| 248 | - evince-previewer, evince-thumbnailer profiles | 248 | - evince-previewer, evince-thumbnailer profiles |
| 249 | - gnome-recipes profile | 249 | - gnome-recipes, gnome-logs profiles |
| 250 | graywolf (https://github.com/graywolf) | 250 | graywolf (https://github.com/graywolf) |
| 251 | - spelling fix | 251 | - spelling fix |
| 252 | greigdp (https://github.com/greigdp) | 252 | greigdp (https://github.com/greigdp) |
| @@ -308,4 +308,4 @@ Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-can | |||
| 308 | pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain, | 308 | pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain, |
| 309 | tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder, | 309 | tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder, |
| 310 | gnome-recipes, akonadi_control, evince-previewer, evince-thumbnailer, blender-2.8, | 310 | gnome-recipes, akonadi_control, evince-previewer, evince-thumbnailer, blender-2.8, |
| 311 | thunderbird-beta, ncdu | 311 | thunderbird-beta, ncdu, gnome-logs |
| @@ -30,7 +30,7 @@ firejail (0.9.53) baseline; urgency=low | |||
| 30 | * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, | 30 | * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, |
| 31 | * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes | 31 | * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes |
| 32 | * new profiles: akonadi_controle, evince-previewer, evince-thumbnailer, | 32 | * new profiles: akonadi_controle, evince-previewer, evince-thumbnailer, |
| 33 | * new profiles: blender-2.8, thunderbird-beta, ncdu | 33 | * new profiles: blender-2.8, thunderbird-beta, ncdu, gnome-logs |
| 34 | -- netblue30 <netblue30@yahoo.com> Thu, 1 Mar 2018 08:00:00 -0500 | 34 | -- netblue30 <netblue30@yahoo.com> Thu, 1 Mar 2018 08:00:00 -0500 |
| 35 | 35 | ||
| 36 | firejail (0.9.52) baseline; urgency=low | 36 | firejail (0.9.52) baseline; urgency=low |
| @@ -3863,7 +3863,7 @@ if test "$prefix" = /usr; then | |||
| 3863 | sysconfdir="/etc" | 3863 | sysconfdir="/etc" |
| 3864 | fi | 3864 | fi |
| 3865 | 3865 | ||
| 3866 | ac_config_files="$ac_config_files Makefile src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile" | 3866 | ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile" |
| 3867 | 3867 | ||
| 3868 | cat >confcache <<\_ACEOF | 3868 | cat >confcache <<\_ACEOF |
| 3869 | # This file is a shell script that caches the results of configure | 3869 | # This file is a shell script that caches the results of configure |
| @@ -4573,6 +4573,7 @@ for ac_config_target in $ac_config_targets | |||
| 4573 | do | 4573 | do |
| 4574 | case $ac_config_target in | 4574 | case $ac_config_target in |
| 4575 | "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; | 4575 | "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; |
| 4576 | "src/common.mk") CONFIG_FILES="$CONFIG_FILES src/common.mk" ;; | ||
| 4576 | "src/lib/Makefile") CONFIG_FILES="$CONFIG_FILES src/lib/Makefile" ;; | 4577 | "src/lib/Makefile") CONFIG_FILES="$CONFIG_FILES src/lib/Makefile" ;; |
| 4577 | "src/fcopy/Makefile") CONFIG_FILES="$CONFIG_FILES src/fcopy/Makefile" ;; | 4578 | "src/fcopy/Makefile") CONFIG_FILES="$CONFIG_FILES src/fcopy/Makefile" ;; |
| 4578 | "src/fnet/Makefile") CONFIG_FILES="$CONFIG_FILES src/fnet/Makefile" ;; | 4579 | "src/fnet/Makefile") CONFIG_FILES="$CONFIG_FILES src/fnet/Makefile" ;; |
diff --git a/configure.ac b/configure.ac index d3405a135..460c93d50 100644 --- a/configure.ac +++ b/configure.ac | |||
| @@ -199,7 +199,7 @@ if test "$prefix" = /usr; then | |||
| 199 | sysconfdir="/etc" | 199 | sysconfdir="/etc" |
| 200 | fi | 200 | fi |
| 201 | 201 | ||
| 202 | AC_OUTPUT(Makefile src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \ | 202 | AC_OUTPUT(Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \ |
| 203 | src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile \ | 203 | src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile \ |
| 204 | src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile) | 204 | src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile) |
| 205 | 205 | ||
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index 9785b9eae..ae40c3ec7 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile | |||
| @@ -28,6 +28,7 @@ shell none | |||
| 28 | private-dev | 28 | private-dev |
| 29 | # private-tmp | 29 | # private-tmp |
| 30 | 30 | ||
| 31 | memory-deny-write-execute | 31 | # memory-deny-write-execute breaks some systems, see issue #1850 |
| 32 | # memory-deny-write-execute | ||
| 32 | noexec ${HOME} | 33 | noexec ${HOME} |
| 33 | noexec /tmp | 34 | noexec /tmp |
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile new file mode 100644 index 000000000..7e7902dff --- /dev/null +++ b/etc/gnome-logs.profile | |||
| @@ -0,0 +1,40 @@ | |||
| 1 | # Firejail profile for gnome-logs | ||
| 2 | # This file is overwritten after every install/update | ||
| 3 | # Persistent local customizations | ||
| 4 | include /etc/firejail/gnome-logs.local | ||
| 5 | # Persistent global definitions | ||
| 6 | include /etc/firejail/globals.local | ||
| 7 | |||
| 8 | include /etc/firejail/disable-common.inc | ||
| 9 | include /etc/firejail/disable-devel.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | ||
| 11 | include /etc/firejail/disable-programs.inc | ||
| 12 | |||
| 13 | whitelist /var/log/journal | ||
| 14 | include /etc/firejail/whitelist-var-common.inc | ||
| 15 | |||
| 16 | caps.drop all | ||
| 17 | net none | ||
| 18 | no3d | ||
| 19 | nodbus | ||
| 20 | nodvd | ||
| 21 | nogroups | ||
| 22 | nonewprivs | ||
| 23 | noroot | ||
| 24 | nosound | ||
| 25 | notv | ||
| 26 | novideo | ||
| 27 | protocol unix | ||
| 28 | seccomp | ||
| 29 | shell none | ||
| 30 | |||
| 31 | disable-mnt | ||
| 32 | private-bin gnome-logs | ||
| 33 | private-dev | ||
| 34 | #private-etc fonts | ||
| 35 | #private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.4,librsvg-2.so.2 | ||
| 36 | private-tmp | ||
| 37 | writable-var-log | ||
| 38 | |||
| 39 | noexec ${HOME} | ||
| 40 | noexec /tmp | ||
| @@ -10,11 +10,18 @@ gcov_init() { | |||
| 10 | /usr/lib/firejail/fcopy --help > /dev/null | 10 | /usr/lib/firejail/fcopy --help > /dev/null |
| 11 | /usr/lib/firejail/fldd --help > /dev/null | 11 | /usr/lib/firejail/fldd --help > /dev/null |
| 12 | firecfg --help > /dev/null | 12 | firecfg --help > /dev/null |
| 13 | |||
| 14 | /usr/lib/firejail/fnetfilter --help > /dev/null | ||
| 15 | /usr/lib/firejail/fsec-print --help > /dev/null | ||
| 16 | /usr/lib/firejail/fsec-optimize --help > /dev/null | ||
| 17 | /usr/lib/firejail/faudit --help > /dev/null | ||
| 18 | /usr/lib/firejail/fbuilder --help > /dev/null | ||
| 19 | |||
| 13 | sudo chown $USER:$USER `find .` | 20 | sudo chown $USER:$USER `find .` |
| 14 | } | 21 | } |
| 15 | 22 | ||
| 16 | generate() { | 23 | generate() { |
| 17 | lcov -q --capture -d src/firejail -d src/firemon -d src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-new | 24 | lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-new |
| 18 | lcov --add-tracefile gcov-file-old --add-tracefile gcov-file-new --output-file gcov-file | 25 | lcov --add-tracefile gcov-file-old --add-tracefile gcov-file-new --output-file gcov-file |
| 19 | rm -fr gcov-dir | 26 | rm -fr gcov-dir |
| 20 | genhtml -q gcov-file --output-directory gcov-dir | 27 | genhtml -q gcov-file --output-directory gcov-dir |
| @@ -25,7 +32,7 @@ generate() { | |||
| 25 | 32 | ||
| 26 | 33 | ||
| 27 | gcov_init | 34 | gcov_init |
| 28 | lcov -q --capture -d src/firejail -d src/firemon -d src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-old | 35 | lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-old |
| 29 | 36 | ||
| 30 | #make test-environment | 37 | #make test-environment |
| 31 | #generate | 38 | #generate |
diff --git a/src/common.mk.in b/src/common.mk.in new file mode 100644 index 000000000..1d4dbe304 --- /dev/null +++ b/src/common.mk.in | |||
| @@ -0,0 +1,37 @@ | |||
| 1 | # common definitions for all makefiles | ||
| 2 | |||
| 3 | CC=@CC@ | ||
| 4 | prefix=@prefix@ | ||
| 5 | exec_prefix=@exec_prefix@ | ||
| 6 | libdir=@libdir@ | ||
| 7 | sysconfdir=@sysconfdir@ | ||
| 8 | |||
| 9 | VERSION=@PACKAGE_VERSION@ | ||
| 10 | NAME=@PACKAGE_NAME@ | ||
| 11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
| 12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
| 13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
| 14 | HAVE_BIND=@HAVE_BIND@ | ||
| 15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
| 16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
| 17 | HAVE_USERNS=@HAVE_USERNS@ | ||
| 18 | HAVE_X11=@HAVE_X11@ | ||
| 19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
| 20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
| 21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
| 22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
| 23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
| 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
| 25 | HAVE_GCOV=@HAVE_GCOV@ | ||
| 26 | HAVE_GIT_INSTALL=@HAVE_GIT_INSTALL@ | ||
| 27 | |||
| 28 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
| 29 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
| 30 | OBJS = $(C_FILE_LIST:.c=.o) | ||
| 31 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
| 32 | |||
| 33 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) $(HAVE_GIT_INSTALL) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
| 34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
| 35 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
| 36 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
| 37 | |||
diff --git a/src/faudit/Makefile.in b/src/faudit/Makefile.in index a3b505c39..26df0fe51 100644 --- a/src/faudit/Makefile.in +++ b/src/faudit/Makefile.in | |||
| @@ -1,25 +1,14 @@ | |||
| 1 | all: faudit | 1 | all: faudit |
| 2 | 2 | ||
| 3 | CC=@CC@ | 3 | include ../common.mk |
| 4 | PREFIX=@prefix@ | ||
| 5 | VERSION=@PACKAGE_VERSION@ | ||
| 6 | NAME=@PACKAGE_NAME@ | ||
| 7 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
| 8 | |||
| 9 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
| 10 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
| 11 | OBJS = $(C_FILE_LIST:.c=.o) | ||
| 12 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
| 13 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(PREFIX)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
| 14 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
| 15 | 4 | ||
| 16 | %.o : %.c $(H_FILE_LIST) | 5 | %.o : %.c $(H_FILE_LIST) |
| 17 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
| 18 | 7 | ||
| 19 | faudit: $(OBJS) | 8 | faudit: $(OBJS) |
| 20 | $(CC) $(LDFLAGS) -o $@ $(OBJS) | 9 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) |
| 21 | 10 | ||
| 22 | clean:; rm -f *.o faudit | 11 | clean:; rm -f *.o faudit *.gcov *.gcda *.gcno |
| 23 | 12 | ||
| 24 | distclean: clean | 13 | distclean: clean |
| 25 | rm -fr Makefile | 14 | rm -fr Makefile |
diff --git a/src/fbuilder/Makefile.in b/src/fbuilder/Makefile.in index 5bf78f92a..7a606c872 100644 --- a/src/fbuilder/Makefile.in +++ b/src/fbuilder/Makefile.in | |||
| @@ -1,37 +1,6 @@ | |||
| 1 | all: fbuilder | 1 | all: fbuilder |
| 2 | 2 | ||
| 3 | CC=@CC@ | 3 | include ../common.mk |
| 4 | prefix=@prefix@ | ||
| 5 | exec_prefix=@exec_prefix@ | ||
| 6 | libdir=@libdir@ | ||
| 7 | sysconfdir=@sysconfdir@ | ||
| 8 | |||
| 9 | VERSION=@PACKAGE_VERSION@ | ||
| 10 | NAME=@PACKAGE_NAME@ | ||
| 11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
| 12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
| 13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
| 14 | HAVE_BIND=@HAVE_BIND@ | ||
| 15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
| 16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
| 17 | HAVE_USERNS=@HAVE_USERNS@ | ||
| 18 | HAVE_X11=@HAVE_X11@ | ||
| 19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
| 20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
| 21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
| 22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
| 23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
| 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
| 25 | HAVE_GCOV=@HAVE_GCOV@ | ||
| 26 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
| 27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
| 28 | |||
| 29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
| 30 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
| 31 | OBJS = $(C_FILE_LIST:.c=.o) | ||
| 32 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
| 33 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
| 34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
| 35 | 4 | ||
| 36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h |
| 37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/fcopy/Makefile.in b/src/fcopy/Makefile.in index 519240c3d..c9e7d87ab 100644 --- a/src/fcopy/Makefile.in +++ b/src/fcopy/Makefile.in | |||
| @@ -1,38 +1,6 @@ | |||
| 1 | all: fcopy | 1 | all: fcopy |
| 2 | 2 | ||
| 3 | CC=@CC@ | 3 | include ../common.mk |
| 4 | prefix=@prefix@ | ||
| 5 | exec_prefix=@exec_prefix@ | ||
| 6 | libdir=@libdir@ | ||
| 7 | sysconfdir=@sysconfdir@ | ||
| 8 | |||
| 9 | VERSION=@PACKAGE_VERSION@ | ||
| 10 | NAME=@PACKAGE_NAME@ | ||
| 11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
| 12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
| 13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
| 14 | HAVE_BIND=@HAVE_BIND@ | ||
| 15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
| 16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
| 17 | HAVE_USERNS=@HAVE_USERNS@ | ||
| 18 | HAVE_X11=@HAVE_X11@ | ||
| 19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
| 20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
| 21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
| 22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
| 23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
| 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
| 25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
| 26 | HAVE_GCOV=@HAVE_GCOV@ | ||
| 27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
| 28 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
| 29 | |||
| 30 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
| 31 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
| 32 | OBJS = $(C_FILE_LIST:.c=.o) | ||
| 33 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
| 34 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
| 35 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
| 36 | 4 | ||
| 37 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h |
| 38 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/firecfg/Makefile.in b/src/firecfg/Makefile.in index f0d389e36..b6dbb039d 100644 --- a/src/firecfg/Makefile.in +++ b/src/firecfg/Makefile.in | |||
| @@ -1,33 +1,6 @@ | |||
| 1 | all: firecfg | 1 | all: firecfg |
| 2 | 2 | ||
| 3 | CC=@CC@ | 3 | include ../common.mk |
| 4 | prefix=@prefix@ | ||
| 5 | exec_prefix=@exec_prefix@ | ||
| 6 | libdir=@libdir@ | ||
| 7 | sysconfdir=@sysconfdir@ | ||
| 8 | |||
| 9 | VERSION=@PACKAGE_VERSION@ | ||
| 10 | NAME=@PACKAGE_NAME@ | ||
| 11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
| 12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
| 13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
| 14 | HAVE_BIND=@HAVE_BIND@ | ||
| 15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
| 16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
| 17 | HAVE_USERNS=@HAVE_USERNS@ | ||
| 18 | HAVE_X11=@HAVE_X11@ | ||
| 19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
| 20 | HAVE_GCOV=@HAVE_GCOV@ | ||
| 21 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
| 22 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
| 23 | |||
| 24 | |||
| 25 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
| 26 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
| 27 | OBJS = $(C_FILE_LIST:.c=.o) | ||
| 28 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
| 29 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_SECCOMP) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
| 30 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
| 31 | 4 | ||
| 32 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h |
| 33 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
| @@ -35,7 +8,7 @@ LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | |||
| 35 | firecfg: $(OBJS) ../lib/common.o | 8 | firecfg: $(OBJS) ../lib/common.o |
| 36 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o $(LIBS) $(EXTRA_LDFLAGS) | 9 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o $(LIBS) $(EXTRA_LDFLAGS) |
| 37 | 10 | ||
| 38 | clean:; rm -f *.o firecfg firecfg.1 firecfg.1.gz *.gcov *.gcda *.gcno | 11 | clean:; rm -f *.o firecfg *.gcov *.gcda *.gcno |
| 39 | 12 | ||
| 40 | distclean: clean | 13 | distclean: clean |
| 41 | rm -fr Makefile | 14 | rm -fr Makefile |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 2f4884105..a5eca096b 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
| @@ -154,6 +154,7 @@ gnome-clocks | |||
| 154 | gnome-contacts | 154 | gnome-contacts |
| 155 | gnome-documents | 155 | gnome-documents |
| 156 | gnome-font-viewer | 156 | gnome-font-viewer |
| 157 | gnome-logs | ||
| 157 | gnome-maps | 158 | gnome-maps |
| 158 | gnome-mplayer | 159 | gnome-mplayer |
| 159 | gnome-music | 160 | gnome-music |
diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in index 543924103..9bd2f9c22 100644 --- a/src/firejail/Makefile.in +++ b/src/firejail/Makefile.in | |||
| @@ -1,38 +1,6 @@ | |||
| 1 | all: firejail | 1 | all: firejail |
| 2 | 2 | ||
| 3 | CC=@CC@ | 3 | include ../common.mk |
| 4 | prefix=@prefix@ | ||
| 5 | exec_prefix=@exec_prefix@ | ||
| 6 | libdir=@libdir@ | ||
| 7 | sysconfdir=@sysconfdir@ | ||
| 8 | |||
| 9 | VERSION=@PACKAGE_VERSION@ | ||
| 10 | NAME=@PACKAGE_NAME@ | ||
| 11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
| 12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
| 13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
| 14 | HAVE_BIND=@HAVE_BIND@ | ||
| 15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
| 16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
| 17 | HAVE_USERNS=@HAVE_USERNS@ | ||
| 18 | HAVE_X11=@HAVE_X11@ | ||
| 19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
| 20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
| 21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
| 22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
| 23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
| 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
| 25 | HAVE_GCOV=@HAVE_GCOV@ | ||
| 26 | HAVE_GIT_INSTALL=@HAVE_GIT_INSTALL@ | ||
| 27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
| 28 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
| 29 | |||
| 30 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
| 31 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
| 32 | OBJS = $(C_FILE_LIST:.c=.o) | ||
| 33 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
| 34 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) $(HAVE_GIT_INSTALL) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
| 35 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
| 36 | 4 | ||
| 37 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h |
| 38 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
| @@ -40,7 +8,7 @@ LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | |||
| 40 | firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o | 8 | firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o |
| 41 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/ldd_utils.o $(LIBS) $(EXTRA_LDFLAGS) | 9 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/ldd_utils.o $(LIBS) $(EXTRA_LDFLAGS) |
| 42 | 10 | ||
| 43 | clean:; rm -f *.o firejail firejail.1 firejail.1.gz *.gcov *.gcda *.gcno | 11 | clean:; rm -f *.o firejail *.gcov *.gcda *.gcno |
| 44 | 12 | ||
| 45 | distclean: clean | 13 | distclean: clean |
| 46 | rm -fr Makefile | 14 | rm -fr Makefile |
diff --git a/src/firemon/Makefile.in b/src/firemon/Makefile.in index ede25f6b5..d3ffe5d3f 100644 --- a/src/firemon/Makefile.in +++ b/src/firemon/Makefile.in | |||
| @@ -1,24 +1,6 @@ | |||
| 1 | all: firemon | 1 | all: firemon |
| 2 | 2 | ||
| 3 | CC=@CC@ | 3 | include ../common.mk |
| 4 | prefix=@prefix@ | ||
| 5 | VERSION=@PACKAGE_VERSION@ | ||
| 6 | NAME=@PACKAGE_NAME@ | ||
| 7 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
| 8 | HAVE_GCOV=@HAVE_GCOV@ | ||
| 9 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
| 10 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
| 11 | |||
| 12 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
| 13 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
| 14 | OBJS = $(C_FILE_LIST:.c=.o) | ||
| 15 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
| 16 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"' $(HAVE_APPARMOR) $(HAVE_GCOV) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
| 17 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now | ||
| 18 | HAVE_GCOV=@HAVE_GCOV@ | ||
| 19 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
| 20 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
| 21 | |||
| 22 | 4 | ||
| 23 | %.o : %.c $(H_FILE_LIST) | 5 | %.o : %.c $(H_FILE_LIST) |
| 24 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/fldd/Makefile.in b/src/fldd/Makefile.in index e199d517d..5af37cfbd 100644 --- a/src/fldd/Makefile.in +++ b/src/fldd/Makefile.in | |||
| @@ -1,37 +1,6 @@ | |||
| 1 | all: fldd | 1 | all: fldd |
| 2 | 2 | ||
| 3 | CC=@CC@ | 3 | include ../common.mk |
| 4 | prefix=@prefix@ | ||
| 5 | exec_prefix=@exec_prefix@ | ||
| 6 | libdir=@libdir@ | ||
| 7 | sysconfdir=@sysconfdir@ | ||
| 8 | |||
| 9 | VERSION=@PACKAGE_VERSION@ | ||
| 10 | NAME=@PACKAGE_NAME@ | ||
| 11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
| 12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
| 13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
| 14 | HAVE_BIND=@HAVE_BIND@ | ||
| 15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
| 16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
| 17 | HAVE_USERNS=@HAVE_USERNS@ | ||
| 18 | HAVE_X11=@HAVE_X11@ | ||
| 19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
| 20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
| 21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
| 22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
| 23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
| 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
| 25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
| 26 | HAVE_GCOV=@HAVE_GCOV@ | ||
| 27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
| 28 | |||
| 29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
| 30 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
| 31 | OBJS = $(C_FILE_LIST:.c=.o) | ||
| 32 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
| 33 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
| 34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
| 35 | 4 | ||
| 36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h ../include/ldd_utils.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h ../include/ldd_utils.h |
| 37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/fnet/Makefile.in b/src/fnet/Makefile.in index 06b8bbee7..06b3981a9 100644 --- a/src/fnet/Makefile.in +++ b/src/fnet/Makefile.in | |||
| @@ -1,37 +1,6 @@ | |||
| 1 | all: fnet | 1 | all: fnet |
| 2 | 2 | ||
| 3 | CC=@CC@ | 3 | include ../common.mk |
| 4 | prefix=@prefix@ | ||
| 5 | exec_prefix=@exec_prefix@ | ||
| 6 | libdir=@libdir@ | ||
| 7 | sysconfdir=@sysconfdir@ | ||
| 8 | |||
| 9 | VERSION=@PACKAGE_VERSION@ | ||
| 10 | NAME=@PACKAGE_NAME@ | ||
| 11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
| 12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
| 13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
| 14 | HAVE_BIND=@HAVE_BIND@ | ||
| 15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
| 16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
| 17 | HAVE_USERNS=@HAVE_USERNS@ | ||
| 18 | HAVE_X11=@HAVE_X11@ | ||
| 19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
| 20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
| 21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
| 22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
| 23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
| 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
| 25 | HAVE_GCOV=@HAVE_GCOV@ | ||
| 26 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
| 27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
| 28 | |||
| 29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
| 30 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
| 31 | OBJS = $(C_FILE_LIST:.c=.o) | ||
| 32 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
| 33 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
| 34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
| 35 | 4 | ||
| 36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/libnetlink.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/libnetlink.h |
| 37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/fnetfilter/Makefile.in b/src/fnetfilter/Makefile.in index 0a0a8acc0..2e263cc2b 100644 --- a/src/fnetfilter/Makefile.in +++ b/src/fnetfilter/Makefile.in | |||
| @@ -1,37 +1,6 @@ | |||
| 1 | all: fnetfilter | 1 | all: fnetfilter |
| 2 | 2 | ||
| 3 | CC=@CC@ | 3 | include ../common.mk |
| 4 | prefix=@prefix@ | ||
| 5 | exec_prefix=@exec_prefix@ | ||
| 6 | libdir=@libdir@ | ||
| 7 | sysconfdir=@sysconfdir@ | ||
| 8 | |||
| 9 | VERSION=@PACKAGE_VERSION@ | ||
| 10 | NAME=@PACKAGE_NAME@ | ||
| 11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
| 12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
| 13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
| 14 | HAVE_BIND=@HAVE_BIND@ | ||
| 15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
| 16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
| 17 | HAVE_USERNS=@HAVE_USERNS@ | ||
| 18 | HAVE_X11=@HAVE_X11@ | ||
| 19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
| 20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
| 21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
| 22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
| 23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
| 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
| 25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
| 26 | HAVE_GCOV=@HAVE_GCOV@ | ||
| 27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
| 28 | |||
| 29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
| 30 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
| 31 | OBJS = $(C_FILE_LIST:.c=.o) | ||
| 32 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
| 33 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
| 34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
| 35 | 4 | ||
| 36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h |
| 37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/fsec-optimize/Makefile.in b/src/fsec-optimize/Makefile.in index faa1aa476..e5e14a6a6 100644 --- a/src/fsec-optimize/Makefile.in +++ b/src/fsec-optimize/Makefile.in | |||
| @@ -1,37 +1,6 @@ | |||
| 1 | all: fsec-optimize | 1 | all: fsec-optimize |
| 2 | 2 | ||
| 3 | CC=@CC@ | 3 | include ../common.mk |
| 4 | prefix=@prefix@ | ||
| 5 | exec_prefix=@exec_prefix@ | ||
| 6 | libdir=@libdir@ | ||
| 7 | sysconfdir=@sysconfdir@ | ||
| 8 | |||
| 9 | VERSION=@PACKAGE_VERSION@ | ||
| 10 | NAME=@PACKAGE_NAME@ | ||
| 11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
| 12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
| 13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
| 14 | HAVE_BIND=@HAVE_BIND@ | ||
| 15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
| 16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
| 17 | HAVE_USERNS=@HAVE_USERNS@ | ||
| 18 | HAVE_X11=@HAVE_X11@ | ||
| 19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
| 20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
| 21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
| 22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
| 23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
| 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
| 25 | HAVE_GCOV=@HAVE_GCOV@ | ||
| 26 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
| 27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
| 28 | |||
| 29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
| 30 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
| 31 | OBJS = $(C_FILE_LIST:.c=.o) | ||
| 32 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
| 33 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
| 34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
| 35 | 4 | ||
| 36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/seccomp.h ../include/syscall.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/seccomp.h ../include/syscall.h |
| 37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/fsec-print/Makefile.in b/src/fsec-print/Makefile.in index 177b23f06..3db4406f4 100644 --- a/src/fsec-print/Makefile.in +++ b/src/fsec-print/Makefile.in | |||
| @@ -1,38 +1,6 @@ | |||
| 1 | all: fsec-print | 1 | all: fsec-print |
| 2 | 2 | ||
| 3 | CC=@CC@ | 3 | include ../common.mk |
| 4 | prefix=@prefix@ | ||
| 5 | exec_prefix=@exec_prefix@ | ||
| 6 | libdir=@libdir@ | ||
| 7 | sysconfdir=@sysconfdir@ | ||
| 8 | |||
| 9 | VERSION=@PACKAGE_VERSION@ | ||
| 10 | NAME=@PACKAGE_NAME@ | ||
| 11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
| 12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
| 13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
| 14 | HAVE_BIND=@HAVE_BIND@ | ||
| 15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
| 16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
| 17 | HAVE_USERNS=@HAVE_USERNS@ | ||
| 18 | HAVE_X11=@HAVE_X11@ | ||
| 19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
| 20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
| 21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
| 22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
| 23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
| 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
| 25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
| 26 | HAVE_GCOV=@HAVE_GCOV@ | ||
| 27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
| 28 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
| 29 | |||
| 30 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
| 31 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
| 32 | OBJS = $(C_FILE_LIST:.c=.o) | ||
| 33 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
| 34 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
| 35 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
| 36 | 4 | ||
| 37 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/seccomp.h ../include/syscall.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/seccomp.h ../include/syscall.h |
| 38 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/fseccomp/Makefile.in b/src/fseccomp/Makefile.in index 3fd73bc5c..2c99096bb 100644 --- a/src/fseccomp/Makefile.in +++ b/src/fseccomp/Makefile.in | |||
| @@ -1,37 +1,6 @@ | |||
| 1 | all: fseccomp | 1 | all: fseccomp |
| 2 | 2 | ||
| 3 | CC=@CC@ | 3 | include ../common.mk |
| 4 | prefix=@prefix@ | ||
| 5 | exec_prefix=@exec_prefix@ | ||
| 6 | libdir=@libdir@ | ||
| 7 | sysconfdir=@sysconfdir@ | ||
| 8 | |||
| 9 | VERSION=@PACKAGE_VERSION@ | ||
| 10 | NAME=@PACKAGE_NAME@ | ||
| 11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
| 12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
| 13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
| 14 | HAVE_BIND=@HAVE_BIND@ | ||
| 15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
| 16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
| 17 | HAVE_USERNS=@HAVE_USERNS@ | ||
| 18 | HAVE_X11=@HAVE_X11@ | ||
| 19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
| 20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
| 21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
| 22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
| 23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
| 24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
| 25 | HAVE_GCOV=@HAVE_GCOV@ | ||
| 26 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
| 27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
| 28 | |||
| 29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
| 30 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
| 31 | OBJS = $(C_FILE_LIST:.c=.o) | ||
| 32 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
| 33 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
| 34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
| 35 | 4 | ||
| 36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h |
| 37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/ftee/Makefile.in b/src/ftee/Makefile.in index 8846126f8..d3b92362c 100644 --- a/src/ftee/Makefile.in +++ b/src/ftee/Makefile.in | |||
| @@ -1,26 +1,12 @@ | |||
| 1 | all: ftee | 1 | all: ftee |
| 2 | 2 | ||
| 3 | CC=@CC@ | 3 | include ../common.mk |
| 4 | PREFIX=@prefix@ | ||
| 5 | VERSION=@PACKAGE_VERSION@ | ||
| 6 | NAME=@PACKAGE_NAME@ | ||
| 7 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
| 8 | HAVE_GCOV=@HAVE_GCOV@ | ||
| 9 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
| 10 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
| 11 | |||
| 12 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
| 13 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
| 14 | OBJS = $(C_FILE_LIST:.c=.o) | ||
| 15 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
| 16 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(PREFIX)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
| 17 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
| 18 | 4 | ||
| 19 | %.o : %.c $(H_FILE_LIST) | 5 | %.o : %.c $(H_FILE_LIST) |
| 20 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
| 21 | 7 | ||
| 22 | ftee: $(OBJS) | 8 | ftee: $(OBJS) |
| 23 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(EXTRA_LDFLAGS) | 9 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) |
| 24 | 10 | ||
| 25 | clean:; rm -f *.o ftee *.gcov *.gcda *.gcno | 11 | clean:; rm -f *.o ftee *.gcov *.gcda *.gcno |
| 26 | 12 | ||
diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index a25014c74..a744b8d80 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in | |||
| @@ -1,18 +1,4 @@ | |||
| 1 | CC=@CC@ | 1 | include ../common.mk |
| 2 | PREFIX=@prefix@ | ||
| 3 | VERSION=@PACKAGE_VERSION@ | ||
| 4 | NAME=@PACKAGE_NAME@ | ||
| 5 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
| 6 | HAVE_GCOV=@HAVE_GCOV@ | ||
| 7 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
| 8 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
| 9 | |||
| 10 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
| 11 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
| 12 | OBJS = $(C_FILE_LIST:.c=.o) | ||
| 13 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
| 14 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DLIBDIR='"$(libdir)"' $(HAVE_GCOV) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security | ||
| 15 | LDFLAGS:=-pic -Wl,-z,relro -Wl,-z,now | ||
| 16 | 2 | ||
| 17 | all: $(OBJS) | 3 | all: $(OBJS) |
| 18 | 4 | ||
diff --git a/test/root/firecfg.exp b/test/root/firecfg.exp index 02f2323a0..656b8e215 100755 --- a/test/root/firecfg.exp +++ b/test/root/firecfg.exp | |||
| @@ -13,7 +13,7 @@ sleep 1 | |||
| 13 | send -- "firecfg --clean\r" | 13 | send -- "firecfg --clean\r" |
| 14 | expect { | 14 | expect { |
| 15 | timeout {puts "TESTING ERROR 0\n";exit} | 15 | timeout {puts "TESTING ERROR 0\n";exit} |
| 16 | "/usr/local/bin/firefox removed" | 16 | "less removed" |
| 17 | } | 17 | } |
| 18 | sleep 1 | 18 | sleep 1 |
| 19 | 19 | ||
| @@ -30,11 +30,11 @@ sleep 1 | |||
| 30 | send -- "firecfg\r" | 30 | send -- "firecfg\r" |
| 31 | expect { | 31 | expect { |
| 32 | timeout {puts "TESTING ERROR 3\n";exit} | 32 | timeout {puts "TESTING ERROR 3\n";exit} |
| 33 | "firefox created" | 33 | "less created" |
| 34 | } | 34 | } |
| 35 | sleep 1 | 35 | sleep 1 |
| 36 | 36 | ||
| 37 | send -- "file /usr/local/bin/firefox\r" | 37 | send -- "file /usr/local/bin/less\r" |
| 38 | expect { | 38 | expect { |
| 39 | timeout {puts "TESTING ERROR 4\n";exit} | 39 | timeout {puts "TESTING ERROR 4\n";exit} |
| 40 | "symbolic link to /usr/bin/firejail" | 40 | "symbolic link to /usr/bin/firejail" |
| @@ -44,7 +44,7 @@ sleep 1 | |||
| 44 | send -- "firecfg --list\r" | 44 | send -- "firecfg --list\r" |
| 45 | expect { | 45 | expect { |
| 46 | timeout {puts "TESTING ERROR 5\n";exit} | 46 | timeout {puts "TESTING ERROR 5\n";exit} |
| 47 | "/usr/local/bin/firefox" | 47 | "/usr/local/bin/less" |
| 48 | } | 48 | } |
| 49 | sleep 1 | 49 | sleep 1 |
| 50 | 50 | ||
diff --git a/test/root/root.sh b/test/root/root.sh index 912ae23f0..22b12cf86 100755 --- a/test/root/root.sh +++ b/test/root/root.sh | |||
| @@ -110,13 +110,13 @@ echo "TESTING: firemon events (test/root/firemon-events.exp)" | |||
| 110 | #******************************** | 110 | #******************************** |
| 111 | # firecfg | 111 | # firecfg |
| 112 | #******************************** | 112 | #******************************** |
| 113 | which firefox | 113 | which less |
| 114 | if [ "$?" -eq 0 ]; | 114 | if [ "$?" -eq 0 ]; |
| 115 | then | 115 | then |
| 116 | echo "TESTING: firecfg (test/root/firecfg.exp)" | 116 | echo "TESTING: firecfg (test/root/firecfg.exp)" |
| 117 | ./firecfg.exp | 117 | ./firecfg.exp |
| 118 | else | 118 | else |
| 119 | echo "TESTING SKIP: firecfg, firefox not found" | 119 | echo "TESTING SKIP: firecfg, less not found" |
| 120 | fi | 120 | fi |
| 121 | 121 | ||
| 122 | # restore the default config file | 122 | # restore the default config file |
diff --git a/test/utils/audit.exp b/test/utils/audit.exp index c68ee387c..684886af7 100755 --- a/test/utils/audit.exp +++ b/test/utils/audit.exp | |||
| @@ -76,4 +76,24 @@ expect { | |||
| 76 | } | 76 | } |
| 77 | after 100 | 77 | after 100 |
| 78 | 78 | ||
| 79 | # run audit executable without a sandbox | ||
| 80 | send -- "faudit\r" | ||
| 81 | expect { | ||
| 82 | timeout {puts "TESTING ERROR 13\n";exit} | ||
| 83 | "is not running in a PID namespace" | ||
| 84 | } | ||
| 85 | expect { | ||
| 86 | timeout {puts "TESTING ERROR 14\n";exit} | ||
| 87 | "BAD: seccomp disabled" | ||
| 88 | } | ||
| 89 | expect { | ||
| 90 | timeout {puts "TESTING ERROR 15\n";exit} | ||
| 91 | "BAD: the capability map is" | ||
| 92 | } | ||
| 93 | expect { | ||
| 94 | timeout {puts "TESTING ERROR 16\n";exit} | ||
| 95 | "MAYBE: /dev directory seems to be fully populated" | ||
| 96 | } | ||
| 97 | after 100 | ||
| 98 | |||
| 79 | puts "\nall done\n" | 99 | puts "\nall done\n" |
diff --git a/test/utils/build.exp b/test/utils/build.exp index 916f373b9..de2a9b6ae 100755 --- a/test/utils/build.exp +++ b/test/utils/build.exp | |||
| @@ -7,7 +7,15 @@ set timeout 10 | |||
| 7 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
| 8 | match_max 100000 | 8 | match_max 100000 |
| 9 | 9 | ||
| 10 | send -- "firejail --build ls ~\r" | 10 | send -- "firejail --build cat ~/firejail-test-file-7699\r" |
| 11 | expect { | ||
| 12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
| 13 | "whitelist ~/firejail-test-file-7699" | ||
| 14 | } | ||
| 15 | expect { | ||
| 16 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
| 17 | "include /etc/firejail/whitelist-common.inc" | ||
| 18 | } | ||
| 11 | expect { | 19 | expect { |
| 12 | timeout {puts "TESTING ERROR 1\n";exit} | 20 | timeout {puts "TESTING ERROR 1\n";exit} |
| 13 | "private-tmp" | 21 | "private-tmp" |
| @@ -22,7 +30,7 @@ expect { | |||
| 22 | } | 30 | } |
| 23 | expect { | 31 | expect { |
| 24 | timeout {puts "TESTING ERROR 4\n";exit} | 32 | timeout {puts "TESTING ERROR 4\n";exit} |
| 25 | "private-bin ls," | 33 | "private-bin cat," |
| 26 | } | 34 | } |
| 27 | expect { | 35 | expect { |
| 28 | timeout {puts "TESTING ERROR 5\n";exit} | 36 | timeout {puts "TESTING ERROR 5\n";exit} |
diff --git a/test/utils/utils.sh b/test/utils/utils.sh index 59cd1cfd6..d72cc2269 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh | |||
| @@ -6,8 +6,16 @@ | |||
| 6 | export MALLOC_CHECK_=3 | 6 | export MALLOC_CHECK_=3 |
| 7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | 7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) |
| 8 | 8 | ||
| 9 | if [ -f /etc/debian_version ]; then | ||
| 10 | libdir=$(dirname "$(dpkg -L firejail | grep faudit)") | ||
| 11 | export PATH="$PATH:$libdir" | ||
| 12 | fi | ||
| 13 | export PATH="$PATH:/usr/lib/firejail" | ||
| 14 | |||
| 15 | echo "testing" > ~/firejail-test-file-7699 | ||
| 9 | echo "TESTING: build (test/utils/build.exp)" | 16 | echo "TESTING: build (test/utils/build.exp)" |
| 10 | ./build.exp | 17 | ./build.exp |
| 18 | rm -f ~/firejail-test-file-7699 | ||
| 11 | 19 | ||
| 12 | echo "TESTING: audit (test/utils/audit.exp)" | 20 | echo "TESTING: audit (test/utils/audit.exp)" |
| 13 | ./audit.exp | 21 | ./audit.exp |