diff options
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | Makefile.in | 4 | ||||
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rwxr-xr-x | configure | 3 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | etc/bleachbit.profile | 3 | ||||
-rw-r--r-- | etc/gnome-logs.profile | 40 | ||||
-rwxr-xr-x | gcov.sh | 11 | ||||
-rw-r--r-- | src/common.mk.in | 37 | ||||
-rw-r--r-- | src/faudit/Makefile.in | 19 | ||||
-rw-r--r-- | src/fbuilder/Makefile.in | 33 | ||||
-rw-r--r-- | src/fcopy/Makefile.in | 34 | ||||
-rw-r--r-- | src/firecfg/Makefile.in | 31 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 | ||||
-rw-r--r-- | src/firejail/Makefile.in | 36 | ||||
-rw-r--r-- | src/firemon/Makefile.in | 20 | ||||
-rw-r--r-- | src/fldd/Makefile.in | 33 | ||||
-rw-r--r-- | src/fnet/Makefile.in | 33 | ||||
-rw-r--r-- | src/fnetfilter/Makefile.in | 33 | ||||
-rw-r--r-- | src/fsec-optimize/Makefile.in | 33 | ||||
-rw-r--r-- | src/fsec-print/Makefile.in | 34 | ||||
-rw-r--r-- | src/fseccomp/Makefile.in | 33 | ||||
-rw-r--r-- | src/ftee/Makefile.in | 18 | ||||
-rw-r--r-- | src/lib/Makefile.in | 16 | ||||
-rwxr-xr-x | test/root/firecfg.exp | 8 | ||||
-rwxr-xr-x | test/root/root.sh | 4 | ||||
-rwxr-xr-x | test/utils/audit.exp | 20 | ||||
-rwxr-xr-x | test/utils/build.exp | 12 | ||||
-rwxr-xr-x | test/utils/utils.sh | 8 |
31 files changed, 164 insertions, 403 deletions
diff --git a/.gitignore b/.gitignore index eeaa0bb03..1285dea92 100644 --- a/.gitignore +++ b/.gitignore | |||
@@ -38,3 +38,5 @@ seccomp.32 | |||
38 | seccomp.64 | 38 | seccomp.64 |
39 | seccomp.block_secondary | 39 | seccomp.block_secondary |
40 | seccomp.mdwx | 40 | seccomp.mdwx |
41 | src/common.mk | ||
42 | |||
diff --git a/Makefile.in b/Makefile.in index 21055b694..134e7bd66 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -75,7 +75,7 @@ distclean: clean | |||
75 | for dir in $(APPS) $(MYLIBS); do \ | 75 | for dir in $(APPS) $(MYLIBS); do \ |
76 | $(MAKE) -C $$dir distclean; \ | 76 | $(MAKE) -C $$dir distclean; \ |
77 | done | 77 | done |
78 | rm -fr Makefile autom4te.cache config.log config.status config.h uids.h dummy.o | 78 | rm -fr Makefile autom4te.cache config.log config.status config.h uids.h dummy.o src/common.mk |
79 | 79 | ||
80 | realinstall: | 80 | realinstall: |
81 | # firejail executable | 81 | # firejail executable |
@@ -107,6 +107,7 @@ endif | |||
107 | install -c -m 0755 src/fbuilder/fbuilder $(DESTDIR)/$(libdir)/firejail/. | 107 | install -c -m 0755 src/fbuilder/fbuilder $(DESTDIR)/$(libdir)/firejail/. |
108 | ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP) | 108 | ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP) |
109 | install -c -m 0755 src/fsec-print/fsec-print $(DESTDIR)/$(libdir)/firejail/. | 109 | install -c -m 0755 src/fsec-print/fsec-print $(DESTDIR)/$(libdir)/firejail/. |
110 | install -c -m 0755 src/fsec-optimize/fsec-optimize $(DESTDIR)/$(libdir)/firejail/. | ||
110 | install -c -m 0755 src/fseccomp/fseccomp $(DESTDIR)/$(libdir)/firejail/. | 111 | install -c -m 0755 src/fseccomp/fseccomp $(DESTDIR)/$(libdir)/firejail/. |
111 | install -c -m 0644 seccomp $(DESTDIR)/$(libdir)/firejail/. | 112 | install -c -m 0644 seccomp $(DESTDIR)/$(libdir)/firejail/. |
112 | install -c -m 0644 seccomp.debug $(DESTDIR)/$(libdir)/firejail/. | 113 | install -c -m 0644 seccomp.debug $(DESTDIR)/$(libdir)/firejail/. |
@@ -176,6 +177,7 @@ install-strip: all | |||
176 | strip src/fnetfilter/fnetfilter | 177 | strip src/fnetfilter/fnetfilter |
177 | strip src/fseccomp/fseccomp | 178 | strip src/fseccomp/fseccomp |
178 | strip src/fsec-print/fsec-print | 179 | strip src/fsec-print/fsec-print |
180 | strip src/fsec-optimize/fsec-optimize | ||
179 | strip src/fcopy/fcopy | 181 | strip src/fcopy/fcopy |
180 | strip src/fldd/fldd | 182 | strip src/fldd/fldd |
181 | strip src/fbuilder/fbuilder | 183 | strip src/fbuilder/fbuilder |
@@ -246,7 +246,7 @@ geg2048 (https://github.com/geg2048) | |||
246 | - kwallet profile fixes | 246 | - kwallet profile fixes |
247 | glitsj16 (https://github.com/glitsj16) | 247 | glitsj16 (https://github.com/glitsj16) |
248 | - evince-previewer, evince-thumbnailer profiles | 248 | - evince-previewer, evince-thumbnailer profiles |
249 | - gnome-recipes profile | 249 | - gnome-recipes, gnome-logs profiles |
250 | graywolf (https://github.com/graywolf) | 250 | graywolf (https://github.com/graywolf) |
251 | - spelling fix | 251 | - spelling fix |
252 | greigdp (https://github.com/greigdp) | 252 | greigdp (https://github.com/greigdp) |
@@ -308,4 +308,4 @@ Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-can | |||
308 | pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain, | 308 | pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain, |
309 | tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder, | 309 | tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder, |
310 | gnome-recipes, akonadi_control, evince-previewer, evince-thumbnailer, blender-2.8, | 310 | gnome-recipes, akonadi_control, evince-previewer, evince-thumbnailer, blender-2.8, |
311 | thunderbird-beta, ncdu | 311 | thunderbird-beta, ncdu, gnome-logs |
@@ -30,7 +30,7 @@ firejail (0.9.53) baseline; urgency=low | |||
30 | * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, | 30 | * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, |
31 | * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes | 31 | * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes |
32 | * new profiles: akonadi_controle, evince-previewer, evince-thumbnailer, | 32 | * new profiles: akonadi_controle, evince-previewer, evince-thumbnailer, |
33 | * new profiles: blender-2.8, thunderbird-beta, ncdu | 33 | * new profiles: blender-2.8, thunderbird-beta, ncdu, gnome-logs |
34 | -- netblue30 <netblue30@yahoo.com> Thu, 1 Mar 2018 08:00:00 -0500 | 34 | -- netblue30 <netblue30@yahoo.com> Thu, 1 Mar 2018 08:00:00 -0500 |
35 | 35 | ||
36 | firejail (0.9.52) baseline; urgency=low | 36 | firejail (0.9.52) baseline; urgency=low |
@@ -3863,7 +3863,7 @@ if test "$prefix" = /usr; then | |||
3863 | sysconfdir="/etc" | 3863 | sysconfdir="/etc" |
3864 | fi | 3864 | fi |
3865 | 3865 | ||
3866 | ac_config_files="$ac_config_files Makefile src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile" | 3866 | ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile" |
3867 | 3867 | ||
3868 | cat >confcache <<\_ACEOF | 3868 | cat >confcache <<\_ACEOF |
3869 | # This file is a shell script that caches the results of configure | 3869 | # This file is a shell script that caches the results of configure |
@@ -4573,6 +4573,7 @@ for ac_config_target in $ac_config_targets | |||
4573 | do | 4573 | do |
4574 | case $ac_config_target in | 4574 | case $ac_config_target in |
4575 | "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; | 4575 | "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; |
4576 | "src/common.mk") CONFIG_FILES="$CONFIG_FILES src/common.mk" ;; | ||
4576 | "src/lib/Makefile") CONFIG_FILES="$CONFIG_FILES src/lib/Makefile" ;; | 4577 | "src/lib/Makefile") CONFIG_FILES="$CONFIG_FILES src/lib/Makefile" ;; |
4577 | "src/fcopy/Makefile") CONFIG_FILES="$CONFIG_FILES src/fcopy/Makefile" ;; | 4578 | "src/fcopy/Makefile") CONFIG_FILES="$CONFIG_FILES src/fcopy/Makefile" ;; |
4578 | "src/fnet/Makefile") CONFIG_FILES="$CONFIG_FILES src/fnet/Makefile" ;; | 4579 | "src/fnet/Makefile") CONFIG_FILES="$CONFIG_FILES src/fnet/Makefile" ;; |
diff --git a/configure.ac b/configure.ac index d3405a135..460c93d50 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -199,7 +199,7 @@ if test "$prefix" = /usr; then | |||
199 | sysconfdir="/etc" | 199 | sysconfdir="/etc" |
200 | fi | 200 | fi |
201 | 201 | ||
202 | AC_OUTPUT(Makefile src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \ | 202 | AC_OUTPUT(Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \ |
203 | src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile \ | 203 | src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile \ |
204 | src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile) | 204 | src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile) |
205 | 205 | ||
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index 9785b9eae..ae40c3ec7 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile | |||
@@ -28,6 +28,7 @@ shell none | |||
28 | private-dev | 28 | private-dev |
29 | # private-tmp | 29 | # private-tmp |
30 | 30 | ||
31 | memory-deny-write-execute | 31 | # memory-deny-write-execute breaks some systems, see issue #1850 |
32 | # memory-deny-write-execute | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile new file mode 100644 index 000000000..7e7902dff --- /dev/null +++ b/etc/gnome-logs.profile | |||
@@ -0,0 +1,40 @@ | |||
1 | # Firejail profile for gnome-logs | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/gnome-logs.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | include /etc/firejail/disable-common.inc | ||
9 | include /etc/firejail/disable-devel.inc | ||
10 | include /etc/firejail/disable-passwdmgr.inc | ||
11 | include /etc/firejail/disable-programs.inc | ||
12 | |||
13 | whitelist /var/log/journal | ||
14 | include /etc/firejail/whitelist-var-common.inc | ||
15 | |||
16 | caps.drop all | ||
17 | net none | ||
18 | no3d | ||
19 | nodbus | ||
20 | nodvd | ||
21 | nogroups | ||
22 | nonewprivs | ||
23 | noroot | ||
24 | nosound | ||
25 | notv | ||
26 | novideo | ||
27 | protocol unix | ||
28 | seccomp | ||
29 | shell none | ||
30 | |||
31 | disable-mnt | ||
32 | private-bin gnome-logs | ||
33 | private-dev | ||
34 | #private-etc fonts | ||
35 | #private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.4,librsvg-2.so.2 | ||
36 | private-tmp | ||
37 | writable-var-log | ||
38 | |||
39 | noexec ${HOME} | ||
40 | noexec /tmp | ||
@@ -10,11 +10,18 @@ gcov_init() { | |||
10 | /usr/lib/firejail/fcopy --help > /dev/null | 10 | /usr/lib/firejail/fcopy --help > /dev/null |
11 | /usr/lib/firejail/fldd --help > /dev/null | 11 | /usr/lib/firejail/fldd --help > /dev/null |
12 | firecfg --help > /dev/null | 12 | firecfg --help > /dev/null |
13 | |||
14 | /usr/lib/firejail/fnetfilter --help > /dev/null | ||
15 | /usr/lib/firejail/fsec-print --help > /dev/null | ||
16 | /usr/lib/firejail/fsec-optimize --help > /dev/null | ||
17 | /usr/lib/firejail/faudit --help > /dev/null | ||
18 | /usr/lib/firejail/fbuilder --help > /dev/null | ||
19 | |||
13 | sudo chown $USER:$USER `find .` | 20 | sudo chown $USER:$USER `find .` |
14 | } | 21 | } |
15 | 22 | ||
16 | generate() { | 23 | generate() { |
17 | lcov -q --capture -d src/firejail -d src/firemon -d src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-new | 24 | lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-new |
18 | lcov --add-tracefile gcov-file-old --add-tracefile gcov-file-new --output-file gcov-file | 25 | lcov --add-tracefile gcov-file-old --add-tracefile gcov-file-new --output-file gcov-file |
19 | rm -fr gcov-dir | 26 | rm -fr gcov-dir |
20 | genhtml -q gcov-file --output-directory gcov-dir | 27 | genhtml -q gcov-file --output-directory gcov-dir |
@@ -25,7 +32,7 @@ generate() { | |||
25 | 32 | ||
26 | 33 | ||
27 | gcov_init | 34 | gcov_init |
28 | lcov -q --capture -d src/firejail -d src/firemon -d src/fcopy -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-old | 35 | lcov -q --capture -d src/firejail -d src/firemon -d src/faudit -d src/fbuilder -d src/fcopy -d src/fnetfilter -d src/fsec-print -d src/fsec-optimize -d src/fseccomp -d src/fnet -d src/ftee -d src/lib -d src/firecfg -d src/fldd --output-file gcov-file-old |
29 | 36 | ||
30 | #make test-environment | 37 | #make test-environment |
31 | #generate | 38 | #generate |
diff --git a/src/common.mk.in b/src/common.mk.in new file mode 100644 index 000000000..1d4dbe304 --- /dev/null +++ b/src/common.mk.in | |||
@@ -0,0 +1,37 @@ | |||
1 | # common definitions for all makefiles | ||
2 | |||
3 | CC=@CC@ | ||
4 | prefix=@prefix@ | ||
5 | exec_prefix=@exec_prefix@ | ||
6 | libdir=@libdir@ | ||
7 | sysconfdir=@sysconfdir@ | ||
8 | |||
9 | VERSION=@PACKAGE_VERSION@ | ||
10 | NAME=@PACKAGE_NAME@ | ||
11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
14 | HAVE_BIND=@HAVE_BIND@ | ||
15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
17 | HAVE_USERNS=@HAVE_USERNS@ | ||
18 | HAVE_X11=@HAVE_X11@ | ||
19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
25 | HAVE_GCOV=@HAVE_GCOV@ | ||
26 | HAVE_GIT_INSTALL=@HAVE_GIT_INSTALL@ | ||
27 | |||
28 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
29 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
30 | OBJS = $(C_FILE_LIST:.c=.o) | ||
31 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
32 | |||
33 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) $(HAVE_GIT_INSTALL) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
35 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
36 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
37 | |||
diff --git a/src/faudit/Makefile.in b/src/faudit/Makefile.in index a3b505c39..26df0fe51 100644 --- a/src/faudit/Makefile.in +++ b/src/faudit/Makefile.in | |||
@@ -1,25 +1,14 @@ | |||
1 | all: faudit | 1 | all: faudit |
2 | 2 | ||
3 | CC=@CC@ | 3 | include ../common.mk |
4 | PREFIX=@prefix@ | ||
5 | VERSION=@PACKAGE_VERSION@ | ||
6 | NAME=@PACKAGE_NAME@ | ||
7 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
8 | |||
9 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
10 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
11 | OBJS = $(C_FILE_LIST:.c=.o) | ||
12 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
13 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(PREFIX)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
14 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
15 | 4 | ||
16 | %.o : %.c $(H_FILE_LIST) | 5 | %.o : %.c $(H_FILE_LIST) |
17 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
18 | 7 | ||
19 | faudit: $(OBJS) | 8 | faudit: $(OBJS) |
20 | $(CC) $(LDFLAGS) -o $@ $(OBJS) | 9 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) |
21 | 10 | ||
22 | clean:; rm -f *.o faudit | 11 | clean:; rm -f *.o faudit *.gcov *.gcda *.gcno |
23 | 12 | ||
24 | distclean: clean | 13 | distclean: clean |
25 | rm -fr Makefile | 14 | rm -fr Makefile |
diff --git a/src/fbuilder/Makefile.in b/src/fbuilder/Makefile.in index 5bf78f92a..7a606c872 100644 --- a/src/fbuilder/Makefile.in +++ b/src/fbuilder/Makefile.in | |||
@@ -1,37 +1,6 @@ | |||
1 | all: fbuilder | 1 | all: fbuilder |
2 | 2 | ||
3 | CC=@CC@ | 3 | include ../common.mk |
4 | prefix=@prefix@ | ||
5 | exec_prefix=@exec_prefix@ | ||
6 | libdir=@libdir@ | ||
7 | sysconfdir=@sysconfdir@ | ||
8 | |||
9 | VERSION=@PACKAGE_VERSION@ | ||
10 | NAME=@PACKAGE_NAME@ | ||
11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
14 | HAVE_BIND=@HAVE_BIND@ | ||
15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
17 | HAVE_USERNS=@HAVE_USERNS@ | ||
18 | HAVE_X11=@HAVE_X11@ | ||
19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
25 | HAVE_GCOV=@HAVE_GCOV@ | ||
26 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
28 | |||
29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
30 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
31 | OBJS = $(C_FILE_LIST:.c=.o) | ||
32 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
33 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
35 | 4 | ||
36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h |
37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/fcopy/Makefile.in b/src/fcopy/Makefile.in index 519240c3d..c9e7d87ab 100644 --- a/src/fcopy/Makefile.in +++ b/src/fcopy/Makefile.in | |||
@@ -1,38 +1,6 @@ | |||
1 | all: fcopy | 1 | all: fcopy |
2 | 2 | ||
3 | CC=@CC@ | 3 | include ../common.mk |
4 | prefix=@prefix@ | ||
5 | exec_prefix=@exec_prefix@ | ||
6 | libdir=@libdir@ | ||
7 | sysconfdir=@sysconfdir@ | ||
8 | |||
9 | VERSION=@PACKAGE_VERSION@ | ||
10 | NAME=@PACKAGE_NAME@ | ||
11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
14 | HAVE_BIND=@HAVE_BIND@ | ||
15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
17 | HAVE_USERNS=@HAVE_USERNS@ | ||
18 | HAVE_X11=@HAVE_X11@ | ||
19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
26 | HAVE_GCOV=@HAVE_GCOV@ | ||
27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
28 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
29 | |||
30 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
31 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
32 | OBJS = $(C_FILE_LIST:.c=.o) | ||
33 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
34 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
35 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
36 | 4 | ||
37 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h |
38 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/firecfg/Makefile.in b/src/firecfg/Makefile.in index f0d389e36..b6dbb039d 100644 --- a/src/firecfg/Makefile.in +++ b/src/firecfg/Makefile.in | |||
@@ -1,33 +1,6 @@ | |||
1 | all: firecfg | 1 | all: firecfg |
2 | 2 | ||
3 | CC=@CC@ | 3 | include ../common.mk |
4 | prefix=@prefix@ | ||
5 | exec_prefix=@exec_prefix@ | ||
6 | libdir=@libdir@ | ||
7 | sysconfdir=@sysconfdir@ | ||
8 | |||
9 | VERSION=@PACKAGE_VERSION@ | ||
10 | NAME=@PACKAGE_NAME@ | ||
11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
14 | HAVE_BIND=@HAVE_BIND@ | ||
15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
17 | HAVE_USERNS=@HAVE_USERNS@ | ||
18 | HAVE_X11=@HAVE_X11@ | ||
19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
20 | HAVE_GCOV=@HAVE_GCOV@ | ||
21 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
22 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
23 | |||
24 | |||
25 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
26 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
27 | OBJS = $(C_FILE_LIST:.c=.o) | ||
28 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
29 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_SECCOMP) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
30 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
31 | 4 | ||
32 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h |
33 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
@@ -35,7 +8,7 @@ LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | |||
35 | firecfg: $(OBJS) ../lib/common.o | 8 | firecfg: $(OBJS) ../lib/common.o |
36 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o $(LIBS) $(EXTRA_LDFLAGS) | 9 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o $(LIBS) $(EXTRA_LDFLAGS) |
37 | 10 | ||
38 | clean:; rm -f *.o firecfg firecfg.1 firecfg.1.gz *.gcov *.gcda *.gcno | 11 | clean:; rm -f *.o firecfg *.gcov *.gcda *.gcno |
39 | 12 | ||
40 | distclean: clean | 13 | distclean: clean |
41 | rm -fr Makefile | 14 | rm -fr Makefile |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 2f4884105..a5eca096b 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -154,6 +154,7 @@ gnome-clocks | |||
154 | gnome-contacts | 154 | gnome-contacts |
155 | gnome-documents | 155 | gnome-documents |
156 | gnome-font-viewer | 156 | gnome-font-viewer |
157 | gnome-logs | ||
157 | gnome-maps | 158 | gnome-maps |
158 | gnome-mplayer | 159 | gnome-mplayer |
159 | gnome-music | 160 | gnome-music |
diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in index 543924103..9bd2f9c22 100644 --- a/src/firejail/Makefile.in +++ b/src/firejail/Makefile.in | |||
@@ -1,38 +1,6 @@ | |||
1 | all: firejail | 1 | all: firejail |
2 | 2 | ||
3 | CC=@CC@ | 3 | include ../common.mk |
4 | prefix=@prefix@ | ||
5 | exec_prefix=@exec_prefix@ | ||
6 | libdir=@libdir@ | ||
7 | sysconfdir=@sysconfdir@ | ||
8 | |||
9 | VERSION=@PACKAGE_VERSION@ | ||
10 | NAME=@PACKAGE_NAME@ | ||
11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
14 | HAVE_BIND=@HAVE_BIND@ | ||
15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
17 | HAVE_USERNS=@HAVE_USERNS@ | ||
18 | HAVE_X11=@HAVE_X11@ | ||
19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
25 | HAVE_GCOV=@HAVE_GCOV@ | ||
26 | HAVE_GIT_INSTALL=@HAVE_GIT_INSTALL@ | ||
27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
28 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
29 | |||
30 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
31 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
32 | OBJS = $(C_FILE_LIST:.c=.o) | ||
33 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
34 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) $(HAVE_GIT_INSTALL) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
35 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
36 | 4 | ||
37 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h |
38 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
@@ -40,7 +8,7 @@ LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | |||
40 | firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o | 8 | firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o |
41 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/ldd_utils.o $(LIBS) $(EXTRA_LDFLAGS) | 9 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/ldd_utils.o $(LIBS) $(EXTRA_LDFLAGS) |
42 | 10 | ||
43 | clean:; rm -f *.o firejail firejail.1 firejail.1.gz *.gcov *.gcda *.gcno | 11 | clean:; rm -f *.o firejail *.gcov *.gcda *.gcno |
44 | 12 | ||
45 | distclean: clean | 13 | distclean: clean |
46 | rm -fr Makefile | 14 | rm -fr Makefile |
diff --git a/src/firemon/Makefile.in b/src/firemon/Makefile.in index ede25f6b5..d3ffe5d3f 100644 --- a/src/firemon/Makefile.in +++ b/src/firemon/Makefile.in | |||
@@ -1,24 +1,6 @@ | |||
1 | all: firemon | 1 | all: firemon |
2 | 2 | ||
3 | CC=@CC@ | 3 | include ../common.mk |
4 | prefix=@prefix@ | ||
5 | VERSION=@PACKAGE_VERSION@ | ||
6 | NAME=@PACKAGE_NAME@ | ||
7 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
8 | HAVE_GCOV=@HAVE_GCOV@ | ||
9 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
10 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
11 | |||
12 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
13 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
14 | OBJS = $(C_FILE_LIST:.c=.o) | ||
15 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
16 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"' $(HAVE_APPARMOR) $(HAVE_GCOV) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
17 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now | ||
18 | HAVE_GCOV=@HAVE_GCOV@ | ||
19 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
20 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
21 | |||
22 | 4 | ||
23 | %.o : %.c $(H_FILE_LIST) | 5 | %.o : %.c $(H_FILE_LIST) |
24 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/fldd/Makefile.in b/src/fldd/Makefile.in index e199d517d..5af37cfbd 100644 --- a/src/fldd/Makefile.in +++ b/src/fldd/Makefile.in | |||
@@ -1,37 +1,6 @@ | |||
1 | all: fldd | 1 | all: fldd |
2 | 2 | ||
3 | CC=@CC@ | 3 | include ../common.mk |
4 | prefix=@prefix@ | ||
5 | exec_prefix=@exec_prefix@ | ||
6 | libdir=@libdir@ | ||
7 | sysconfdir=@sysconfdir@ | ||
8 | |||
9 | VERSION=@PACKAGE_VERSION@ | ||
10 | NAME=@PACKAGE_NAME@ | ||
11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
14 | HAVE_BIND=@HAVE_BIND@ | ||
15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
17 | HAVE_USERNS=@HAVE_USERNS@ | ||
18 | HAVE_X11=@HAVE_X11@ | ||
19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
26 | HAVE_GCOV=@HAVE_GCOV@ | ||
27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
28 | |||
29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
30 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
31 | OBJS = $(C_FILE_LIST:.c=.o) | ||
32 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
33 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
35 | 4 | ||
36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h ../include/ldd_utils.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h ../include/ldd_utils.h |
37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/fnet/Makefile.in b/src/fnet/Makefile.in index 06b8bbee7..06b3981a9 100644 --- a/src/fnet/Makefile.in +++ b/src/fnet/Makefile.in | |||
@@ -1,37 +1,6 @@ | |||
1 | all: fnet | 1 | all: fnet |
2 | 2 | ||
3 | CC=@CC@ | 3 | include ../common.mk |
4 | prefix=@prefix@ | ||
5 | exec_prefix=@exec_prefix@ | ||
6 | libdir=@libdir@ | ||
7 | sysconfdir=@sysconfdir@ | ||
8 | |||
9 | VERSION=@PACKAGE_VERSION@ | ||
10 | NAME=@PACKAGE_NAME@ | ||
11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
14 | HAVE_BIND=@HAVE_BIND@ | ||
15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
17 | HAVE_USERNS=@HAVE_USERNS@ | ||
18 | HAVE_X11=@HAVE_X11@ | ||
19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
25 | HAVE_GCOV=@HAVE_GCOV@ | ||
26 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
28 | |||
29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
30 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
31 | OBJS = $(C_FILE_LIST:.c=.o) | ||
32 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
33 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
35 | 4 | ||
36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/libnetlink.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/libnetlink.h |
37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/fnetfilter/Makefile.in b/src/fnetfilter/Makefile.in index 0a0a8acc0..2e263cc2b 100644 --- a/src/fnetfilter/Makefile.in +++ b/src/fnetfilter/Makefile.in | |||
@@ -1,37 +1,6 @@ | |||
1 | all: fnetfilter | 1 | all: fnetfilter |
2 | 2 | ||
3 | CC=@CC@ | 3 | include ../common.mk |
4 | prefix=@prefix@ | ||
5 | exec_prefix=@exec_prefix@ | ||
6 | libdir=@libdir@ | ||
7 | sysconfdir=@sysconfdir@ | ||
8 | |||
9 | VERSION=@PACKAGE_VERSION@ | ||
10 | NAME=@PACKAGE_NAME@ | ||
11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
14 | HAVE_BIND=@HAVE_BIND@ | ||
15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
17 | HAVE_USERNS=@HAVE_USERNS@ | ||
18 | HAVE_X11=@HAVE_X11@ | ||
19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
26 | HAVE_GCOV=@HAVE_GCOV@ | ||
27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
28 | |||
29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
30 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
31 | OBJS = $(C_FILE_LIST:.c=.o) | ||
32 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
33 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
35 | 4 | ||
36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h |
37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/fsec-optimize/Makefile.in b/src/fsec-optimize/Makefile.in index faa1aa476..e5e14a6a6 100644 --- a/src/fsec-optimize/Makefile.in +++ b/src/fsec-optimize/Makefile.in | |||
@@ -1,37 +1,6 @@ | |||
1 | all: fsec-optimize | 1 | all: fsec-optimize |
2 | 2 | ||
3 | CC=@CC@ | 3 | include ../common.mk |
4 | prefix=@prefix@ | ||
5 | exec_prefix=@exec_prefix@ | ||
6 | libdir=@libdir@ | ||
7 | sysconfdir=@sysconfdir@ | ||
8 | |||
9 | VERSION=@PACKAGE_VERSION@ | ||
10 | NAME=@PACKAGE_NAME@ | ||
11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
14 | HAVE_BIND=@HAVE_BIND@ | ||
15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
17 | HAVE_USERNS=@HAVE_USERNS@ | ||
18 | HAVE_X11=@HAVE_X11@ | ||
19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
25 | HAVE_GCOV=@HAVE_GCOV@ | ||
26 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
28 | |||
29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
30 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
31 | OBJS = $(C_FILE_LIST:.c=.o) | ||
32 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
33 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
35 | 4 | ||
36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/seccomp.h ../include/syscall.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/seccomp.h ../include/syscall.h |
37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/fsec-print/Makefile.in b/src/fsec-print/Makefile.in index 177b23f06..3db4406f4 100644 --- a/src/fsec-print/Makefile.in +++ b/src/fsec-print/Makefile.in | |||
@@ -1,38 +1,6 @@ | |||
1 | all: fsec-print | 1 | all: fsec-print |
2 | 2 | ||
3 | CC=@CC@ | 3 | include ../common.mk |
4 | prefix=@prefix@ | ||
5 | exec_prefix=@exec_prefix@ | ||
6 | libdir=@libdir@ | ||
7 | sysconfdir=@sysconfdir@ | ||
8 | |||
9 | VERSION=@PACKAGE_VERSION@ | ||
10 | NAME=@PACKAGE_NAME@ | ||
11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
14 | HAVE_BIND=@HAVE_BIND@ | ||
15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
17 | HAVE_USERNS=@HAVE_USERNS@ | ||
18 | HAVE_X11=@HAVE_X11@ | ||
19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
25 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
26 | HAVE_GCOV=@HAVE_GCOV@ | ||
27 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
28 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
29 | |||
30 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
31 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
32 | OBJS = $(C_FILE_LIST:.c=.o) | ||
33 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
34 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
35 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
36 | 4 | ||
37 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/seccomp.h ../include/syscall.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/seccomp.h ../include/syscall.h |
38 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/fseccomp/Makefile.in b/src/fseccomp/Makefile.in index 3fd73bc5c..2c99096bb 100644 --- a/src/fseccomp/Makefile.in +++ b/src/fseccomp/Makefile.in | |||
@@ -1,37 +1,6 @@ | |||
1 | all: fseccomp | 1 | all: fseccomp |
2 | 2 | ||
3 | CC=@CC@ | 3 | include ../common.mk |
4 | prefix=@prefix@ | ||
5 | exec_prefix=@exec_prefix@ | ||
6 | libdir=@libdir@ | ||
7 | sysconfdir=@sysconfdir@ | ||
8 | |||
9 | VERSION=@PACKAGE_VERSION@ | ||
10 | NAME=@PACKAGE_NAME@ | ||
11 | HAVE_SECCOMP_H=@HAVE_SECCOMP_H@ | ||
12 | HAVE_SECCOMP=@HAVE_SECCOMP@ | ||
13 | HAVE_CHROOT=@HAVE_CHROOT@ | ||
14 | HAVE_BIND=@HAVE_BIND@ | ||
15 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
16 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
17 | HAVE_USERNS=@HAVE_USERNS@ | ||
18 | HAVE_X11=@HAVE_X11@ | ||
19 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | ||
20 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
21 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | ||
22 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
23 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | ||
24 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | ||
25 | HAVE_GCOV=@HAVE_GCOV@ | ||
26 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
27 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
28 | |||
29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
30 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
31 | OBJS = $(C_FILE_LIST:.c=.o) | ||
32 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
33 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
35 | 4 | ||
36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h |
37 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
diff --git a/src/ftee/Makefile.in b/src/ftee/Makefile.in index 8846126f8..d3b92362c 100644 --- a/src/ftee/Makefile.in +++ b/src/ftee/Makefile.in | |||
@@ -1,26 +1,12 @@ | |||
1 | all: ftee | 1 | all: ftee |
2 | 2 | ||
3 | CC=@CC@ | 3 | include ../common.mk |
4 | PREFIX=@prefix@ | ||
5 | VERSION=@PACKAGE_VERSION@ | ||
6 | NAME=@PACKAGE_NAME@ | ||
7 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
8 | HAVE_GCOV=@HAVE_GCOV@ | ||
9 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
10 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
11 | |||
12 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
13 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
14 | OBJS = $(C_FILE_LIST:.c=.o) | ||
15 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
16 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(PREFIX)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | ||
17 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | ||
18 | 4 | ||
19 | %.o : %.c $(H_FILE_LIST) | 5 | %.o : %.c $(H_FILE_LIST) |
20 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
21 | 7 | ||
22 | ftee: $(OBJS) | 8 | ftee: $(OBJS) |
23 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(EXTRA_LDFLAGS) | 9 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) |
24 | 10 | ||
25 | clean:; rm -f *.o ftee *.gcov *.gcda *.gcno | 11 | clean:; rm -f *.o ftee *.gcov *.gcda *.gcno |
26 | 12 | ||
diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index a25014c74..a744b8d80 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in | |||
@@ -1,18 +1,4 @@ | |||
1 | CC=@CC@ | 1 | include ../common.mk |
2 | PREFIX=@prefix@ | ||
3 | VERSION=@PACKAGE_VERSION@ | ||
4 | NAME=@PACKAGE_NAME@ | ||
5 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
6 | HAVE_GCOV=@HAVE_GCOV@ | ||
7 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
8 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | ||
9 | |||
10 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
11 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
12 | OBJS = $(C_FILE_LIST:.c=.o) | ||
13 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
14 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DLIBDIR='"$(libdir)"' $(HAVE_GCOV) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security | ||
15 | LDFLAGS:=-pic -Wl,-z,relro -Wl,-z,now | ||
16 | 2 | ||
17 | all: $(OBJS) | 3 | all: $(OBJS) |
18 | 4 | ||
diff --git a/test/root/firecfg.exp b/test/root/firecfg.exp index 02f2323a0..656b8e215 100755 --- a/test/root/firecfg.exp +++ b/test/root/firecfg.exp | |||
@@ -13,7 +13,7 @@ sleep 1 | |||
13 | send -- "firecfg --clean\r" | 13 | send -- "firecfg --clean\r" |
14 | expect { | 14 | expect { |
15 | timeout {puts "TESTING ERROR 0\n";exit} | 15 | timeout {puts "TESTING ERROR 0\n";exit} |
16 | "/usr/local/bin/firefox removed" | 16 | "less removed" |
17 | } | 17 | } |
18 | sleep 1 | 18 | sleep 1 |
19 | 19 | ||
@@ -30,11 +30,11 @@ sleep 1 | |||
30 | send -- "firecfg\r" | 30 | send -- "firecfg\r" |
31 | expect { | 31 | expect { |
32 | timeout {puts "TESTING ERROR 3\n";exit} | 32 | timeout {puts "TESTING ERROR 3\n";exit} |
33 | "firefox created" | 33 | "less created" |
34 | } | 34 | } |
35 | sleep 1 | 35 | sleep 1 |
36 | 36 | ||
37 | send -- "file /usr/local/bin/firefox\r" | 37 | send -- "file /usr/local/bin/less\r" |
38 | expect { | 38 | expect { |
39 | timeout {puts "TESTING ERROR 4\n";exit} | 39 | timeout {puts "TESTING ERROR 4\n";exit} |
40 | "symbolic link to /usr/bin/firejail" | 40 | "symbolic link to /usr/bin/firejail" |
@@ -44,7 +44,7 @@ sleep 1 | |||
44 | send -- "firecfg --list\r" | 44 | send -- "firecfg --list\r" |
45 | expect { | 45 | expect { |
46 | timeout {puts "TESTING ERROR 5\n";exit} | 46 | timeout {puts "TESTING ERROR 5\n";exit} |
47 | "/usr/local/bin/firefox" | 47 | "/usr/local/bin/less" |
48 | } | 48 | } |
49 | sleep 1 | 49 | sleep 1 |
50 | 50 | ||
diff --git a/test/root/root.sh b/test/root/root.sh index 912ae23f0..22b12cf86 100755 --- a/test/root/root.sh +++ b/test/root/root.sh | |||
@@ -110,13 +110,13 @@ echo "TESTING: firemon events (test/root/firemon-events.exp)" | |||
110 | #******************************** | 110 | #******************************** |
111 | # firecfg | 111 | # firecfg |
112 | #******************************** | 112 | #******************************** |
113 | which firefox | 113 | which less |
114 | if [ "$?" -eq 0 ]; | 114 | if [ "$?" -eq 0 ]; |
115 | then | 115 | then |
116 | echo "TESTING: firecfg (test/root/firecfg.exp)" | 116 | echo "TESTING: firecfg (test/root/firecfg.exp)" |
117 | ./firecfg.exp | 117 | ./firecfg.exp |
118 | else | 118 | else |
119 | echo "TESTING SKIP: firecfg, firefox not found" | 119 | echo "TESTING SKIP: firecfg, less not found" |
120 | fi | 120 | fi |
121 | 121 | ||
122 | # restore the default config file | 122 | # restore the default config file |
diff --git a/test/utils/audit.exp b/test/utils/audit.exp index c68ee387c..684886af7 100755 --- a/test/utils/audit.exp +++ b/test/utils/audit.exp | |||
@@ -76,4 +76,24 @@ expect { | |||
76 | } | 76 | } |
77 | after 100 | 77 | after 100 |
78 | 78 | ||
79 | # run audit executable without a sandbox | ||
80 | send -- "faudit\r" | ||
81 | expect { | ||
82 | timeout {puts "TESTING ERROR 13\n";exit} | ||
83 | "is not running in a PID namespace" | ||
84 | } | ||
85 | expect { | ||
86 | timeout {puts "TESTING ERROR 14\n";exit} | ||
87 | "BAD: seccomp disabled" | ||
88 | } | ||
89 | expect { | ||
90 | timeout {puts "TESTING ERROR 15\n";exit} | ||
91 | "BAD: the capability map is" | ||
92 | } | ||
93 | expect { | ||
94 | timeout {puts "TESTING ERROR 16\n";exit} | ||
95 | "MAYBE: /dev directory seems to be fully populated" | ||
96 | } | ||
97 | after 100 | ||
98 | |||
79 | puts "\nall done\n" | 99 | puts "\nall done\n" |
diff --git a/test/utils/build.exp b/test/utils/build.exp index 916f373b9..de2a9b6ae 100755 --- a/test/utils/build.exp +++ b/test/utils/build.exp | |||
@@ -7,7 +7,15 @@ set timeout 10 | |||
7 | spawn $env(SHELL) | 7 | spawn $env(SHELL) |
8 | match_max 100000 | 8 | match_max 100000 |
9 | 9 | ||
10 | send -- "firejail --build ls ~\r" | 10 | send -- "firejail --build cat ~/firejail-test-file-7699\r" |
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "whitelist ~/firejail-test-file-7699" | ||
14 | } | ||
15 | expect { | ||
16 | timeout {puts "TESTING ERROR 0.1\n";exit} | ||
17 | "include /etc/firejail/whitelist-common.inc" | ||
18 | } | ||
11 | expect { | 19 | expect { |
12 | timeout {puts "TESTING ERROR 1\n";exit} | 20 | timeout {puts "TESTING ERROR 1\n";exit} |
13 | "private-tmp" | 21 | "private-tmp" |
@@ -22,7 +30,7 @@ expect { | |||
22 | } | 30 | } |
23 | expect { | 31 | expect { |
24 | timeout {puts "TESTING ERROR 4\n";exit} | 32 | timeout {puts "TESTING ERROR 4\n";exit} |
25 | "private-bin ls," | 33 | "private-bin cat," |
26 | } | 34 | } |
27 | expect { | 35 | expect { |
28 | timeout {puts "TESTING ERROR 5\n";exit} | 36 | timeout {puts "TESTING ERROR 5\n";exit} |
diff --git a/test/utils/utils.sh b/test/utils/utils.sh index 59cd1cfd6..d72cc2269 100755 --- a/test/utils/utils.sh +++ b/test/utils/utils.sh | |||
@@ -6,8 +6,16 @@ | |||
6 | export MALLOC_CHECK_=3 | 6 | export MALLOC_CHECK_=3 |
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | 7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) |
8 | 8 | ||
9 | if [ -f /etc/debian_version ]; then | ||
10 | libdir=$(dirname "$(dpkg -L firejail | grep faudit)") | ||
11 | export PATH="$PATH:$libdir" | ||
12 | fi | ||
13 | export PATH="$PATH:/usr/lib/firejail" | ||
14 | |||
15 | echo "testing" > ~/firejail-test-file-7699 | ||
9 | echo "TESTING: build (test/utils/build.exp)" | 16 | echo "TESTING: build (test/utils/build.exp)" |
10 | ./build.exp | 17 | ./build.exp |
18 | rm -f ~/firejail-test-file-7699 | ||
11 | 19 | ||
12 | echo "TESTING: audit (test/utils/audit.exp)" | 20 | echo "TESTING: audit (test/utils/audit.exp)" |
13 | ./audit.exp | 21 | ./audit.exp |