diff options
Diffstat (limited to 'Makefile')
| -rw-r--r-- | Makefile | 55 |
1 files changed, 37 insertions, 18 deletions
| @@ -2,6 +2,10 @@ | |||
| 2 | ROOT = . | 2 | ROOT = . |
| 3 | -include config.mk | 3 | -include config.mk |
| 4 | 4 | ||
| 5 | ifneq ($(HAVE_MAN),no) | ||
| 6 | MAN_TARGET = man | ||
| 7 | endif | ||
| 8 | |||
| 5 | ifneq ($(HAVE_CONTRIB_INSTALL),no) | 9 | ifneq ($(HAVE_CONTRIB_INSTALL),no) |
| 6 | CONTRIB_TARGET = contrib | 10 | CONTRIB_TARGET = contrib |
| 7 | endif | 11 | endif |
| @@ -14,11 +18,16 @@ SBOX_APPS_NON_DUMPABLE = src/fcopy/fcopy src/fldd/fldd src/fnet/fnet src/fnetfil | |||
| 14 | SBOX_APPS_NON_DUMPABLE += src/fsec-optimize/fsec-optimize src/fsec-print/fsec-print src/fseccomp/fseccomp | 18 | SBOX_APPS_NON_DUMPABLE += src/fsec-optimize/fsec-optimize src/fsec-print/fsec-print src/fseccomp/fseccomp |
| 15 | SBOX_APPS_NON_DUMPABLE += src/fnettrace/fnettrace src/fnettrace-dns/fnettrace-dns src/fnettrace-sni/fnettrace-sni | 19 | SBOX_APPS_NON_DUMPABLE += src/fnettrace/fnettrace src/fnettrace-dns/fnettrace-dns src/fnettrace-sni/fnettrace-sni |
| 16 | SBOX_APPS_NON_DUMPABLE += src/fnettrace-icmp/fnettrace-icmp | 20 | SBOX_APPS_NON_DUMPABLE += src/fnettrace-icmp/fnettrace-icmp |
| 17 | MYDIRS = src/lib src/man $(COMPLETIONDIRS) | 21 | MYDIRS = src/lib $(COMPLETIONDIRS) |
| 18 | MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so | 22 | MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so |
| 19 | COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion | 23 | COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion |
| 20 | SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32 seccomp.namespaces seccomp.namespaces.32 | 24 | SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32 seccomp.namespaces seccomp.namespaces.32 |
| 21 | 25 | ||
| 26 | MANPAGES1_IN := $(sort $(wildcard src/man/*.1.in)) | ||
| 27 | MANPAGES5_IN := $(sort $(wildcard src/man/*.5.in)) | ||
| 28 | MANPAGES1_GZ := $(MANPAGES1_IN:.in=.gz) | ||
| 29 | MANPAGES5_GZ := $(MANPAGES5_IN:.in=.gz) | ||
| 30 | |||
| 22 | SYSCALL_HEADERS := $(sort $(wildcard src/include/syscall*.h)) | 31 | SYSCALL_HEADERS := $(sort $(wildcard src/include/syscall*.h)) |
| 23 | 32 | ||
| 24 | # Lists of keywords used in profiles; used for generating syntax files. | 33 | # Lists of keywords used in profiles; used for generating syntax files. |
| @@ -37,13 +46,13 @@ SYNTAX_FILES := $(SYNTAX_FILES_IN:.in=) | |||
| 37 | ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS) | 46 | ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS) |
| 38 | 47 | ||
| 39 | .PHONY: all | 48 | .PHONY: all |
| 40 | all: all_items mydirs $(CONTRIB_TARGET) | 49 | all: all_items mydirs filters $(MAN_TARGET) $(CONTRIB_TARGET) |
| 41 | 50 | ||
| 42 | config.mk config.sh: | 51 | config.mk config.sh: |
| 43 | @printf 'error: run ./configure to generate %s\n' "$@" >&2 | 52 | @printf 'error: run ./configure to generate %s\n' "$@" >&2 |
| 44 | @false | 53 | @false |
| 45 | 54 | ||
| 46 | .PHONY: all_items $(ALL_ITEMS) | 55 | .PHONY: all_items |
| 47 | all_items: $(ALL_ITEMS) | 56 | all_items: $(ALL_ITEMS) |
| 48 | $(ALL_ITEMS): $(MYDIRS) | 57 | $(ALL_ITEMS): $(MYDIRS) |
| 49 | $(MAKE) -C $(dir $@) | 58 | $(MAKE) -C $(dir $@) |
| @@ -53,21 +62,38 @@ mydirs: $(MYDIRS) | |||
| 53 | $(MYDIRS): | 62 | $(MYDIRS): |
| 54 | $(MAKE) -C $@ | 63 | $(MAKE) -C $@ |
| 55 | 64 | ||
| 56 | define build_filters | 65 | .PHONY: filters |
| 66 | filters: $(SECCOMP_FILTERS) | ||
| 67 | seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
| 57 | src/fseccomp/fseccomp default seccomp | 68 | src/fseccomp/fseccomp default seccomp |
| 58 | src/fsec-optimize/fsec-optimize seccomp | 69 | src/fsec-optimize/fsec-optimize seccomp |
| 70 | |||
| 71 | seccomp.debug: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
| 59 | src/fseccomp/fseccomp default seccomp.debug allow-debuggers | 72 | src/fseccomp/fseccomp default seccomp.debug allow-debuggers |
| 60 | src/fsec-optimize/fsec-optimize seccomp.debug | 73 | src/fsec-optimize/fsec-optimize seccomp.debug |
| 74 | |||
| 75 | seccomp.32: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
| 61 | src/fseccomp/fseccomp secondary 32 seccomp.32 | 76 | src/fseccomp/fseccomp secondary 32 seccomp.32 |
| 62 | src/fsec-optimize/fsec-optimize seccomp.32 | 77 | src/fsec-optimize/fsec-optimize seccomp.32 |
| 78 | |||
| 79 | seccomp.block_secondary: src/fseccomp/fseccomp | ||
| 63 | src/fseccomp/fseccomp secondary block seccomp.block_secondary | 80 | src/fseccomp/fseccomp secondary block seccomp.block_secondary |
| 81 | |||
| 82 | seccomp.mdwx: src/fseccomp/fseccomp | ||
| 64 | src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx | 83 | src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx |
| 84 | |||
| 85 | seccomp.mdwx.32: src/fseccomp/fseccomp | ||
| 65 | src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32 | 86 | src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32 |
| 87 | |||
| 88 | seccomp.namespaces: src/fseccomp/fseccomp | ||
| 66 | src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts | 89 | src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts |
| 67 | src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts | ||
| 68 | endef | ||
| 69 | 90 | ||
| 91 | seccomp.namespaces.32: src/fseccomp/fseccomp | ||
| 92 | src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts | ||
| 70 | 93 | ||
| 94 | .PHONY: man | ||
| 95 | man: | ||
| 96 | $(MAKE) -C src/man | ||
| 71 | 97 | ||
| 72 | # Makes all targets in contrib/ | 98 | # Makes all targets in contrib/ |
| 73 | .PHONY: contrib | 99 | .PHONY: contrib |
| @@ -137,6 +163,7 @@ clean: | |||
| 137 | for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \ | 163 | for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \ |
| 138 | $(MAKE) -C $$dir clean; \ | 164 | $(MAKE) -C $$dir clean; \ |
| 139 | done | 165 | done |
| 166 | $(MAKE) -C src/man clean | ||
| 140 | $(MAKE) -C test clean | 167 | $(MAKE) -C test clean |
| 141 | rm -f $(SECCOMP_FILTERS) | 168 | rm -f $(SECCOMP_FILTERS) |
| 142 | rm -f firejail*.rpm | 169 | rm -f firejail*.rpm |
| @@ -180,7 +207,6 @@ endif | |||
| 180 | # libraries and plugins | 207 | # libraries and plugins |
| 181 | install -m 0755 -d $(DESTDIR)$(libdir)/firejail | 208 | install -m 0755 -d $(DESTDIR)$(libdir)/firejail |
| 182 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/firecfg/firejail-welcome.sh | 209 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/firecfg/firejail-welcome.sh |
| 183 | $(call build_filters) | ||
| 184 | install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS) | 210 | install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS) |
| 185 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS) | 211 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS) |
| 186 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/profstats/profstats | 212 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/profstats/profstats |
| @@ -230,13 +256,8 @@ endif | |||
| 230 | ifneq ($(HAVE_MAN),no) | 256 | ifneq ($(HAVE_MAN),no) |
| 231 | # man pages | 257 | # man pages |
| 232 | install -m 0755 -d $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(mandir)/man5 | 258 | install -m 0755 -d $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(mandir)/man5 |
| 233 | install -m 0644 src/man/firejail.1.gz $(DESTDIR)$(mandir)/man1/ | 259 | install -m 0644 $(MANPAGES1_GZ) $(DESTDIR)$(mandir)/man1/ |
| 234 | install -m 0644 src/man/firemon.1.gz $(DESTDIR)$(mandir)/man1/ | 260 | install -m 0644 $(MANPAGES5_GZ) $(DESTDIR)$(mandir)/man5/ |
| 235 | install -m 0644 src/man/firecfg.1.gz $(DESTDIR)$(mandir)/man1/ | ||
| 236 | install -m 0644 src/man/jailcheck.1.gz $(DESTDIR)$(mandir)/man1/ | ||
| 237 | install -m 0644 src/man/firejail-login.5.gz $(DESTDIR)$(mandir)/man5/ | ||
| 238 | install -m 0644 src/man/firejail-users.5.gz $(DESTDIR)$(mandir)/man5/ | ||
| 239 | install -m 0644 src/man/firejail-profile.5.gz $(DESTDIR)$(mandir)/man5/ | ||
| 240 | endif | 261 | endif |
| 241 | # bash completion | 262 | # bash completion |
| 242 | install -m 0755 -d $(DESTDIR)$(datarootdir)/bash-completion/completions | 263 | install -m 0755 -d $(DESTDIR)$(datarootdir)/bash-completion/completions |
| @@ -264,10 +285,8 @@ uninstall: config.mk | |||
| 264 | rm -f $(DESTDIR)$(bindir)/jailcheck | 285 | rm -f $(DESTDIR)$(bindir)/jailcheck |
| 265 | rm -fr $(DESTDIR)$(libdir)/firejail | 286 | rm -fr $(DESTDIR)$(libdir)/firejail |
| 266 | rm -fr $(DESTDIR)$(datarootdir)/doc/firejail | 287 | rm -fr $(DESTDIR)$(datarootdir)/doc/firejail |
| 267 | for man in $(MANPAGES); do \ | 288 | rm -f $(addprefix $(DESTDIR)$(mandir)/man1/,$(notdir $(MANPAGES1_GZ))) |
| 268 | rm -f $(DESTDIR)$(mandir)/man5/$$man*; \ | 289 | rm -f $(addprefix $(DESTDIR)$(mandir)/man5/,$(notdir $(MANPAGES5_GZ))) |
| 269 | rm -f $(DESTDIR)$(mandir)/man1/$$man*; \ | ||
| 270 | done | ||
| 271 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firejail | 290 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firejail |
| 272 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firemon | 291 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firemon |
| 273 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firecfg | 292 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firecfg |