diff options
Diffstat (limited to 'Makefile')
-rw-r--r-- | Makefile | 55 |
1 files changed, 37 insertions, 18 deletions
@@ -2,6 +2,10 @@ | |||
2 | ROOT = . | 2 | ROOT = . |
3 | -include config.mk | 3 | -include config.mk |
4 | 4 | ||
5 | ifneq ($(HAVE_MAN),no) | ||
6 | MAN_TARGET = man | ||
7 | endif | ||
8 | |||
5 | ifneq ($(HAVE_CONTRIB_INSTALL),no) | 9 | ifneq ($(HAVE_CONTRIB_INSTALL),no) |
6 | CONTRIB_TARGET = contrib | 10 | CONTRIB_TARGET = contrib |
7 | endif | 11 | endif |
@@ -14,11 +18,16 @@ SBOX_APPS_NON_DUMPABLE = src/fcopy/fcopy src/fldd/fldd src/fnet/fnet src/fnetfil | |||
14 | SBOX_APPS_NON_DUMPABLE += src/fsec-optimize/fsec-optimize src/fsec-print/fsec-print src/fseccomp/fseccomp | 18 | SBOX_APPS_NON_DUMPABLE += src/fsec-optimize/fsec-optimize src/fsec-print/fsec-print src/fseccomp/fseccomp |
15 | SBOX_APPS_NON_DUMPABLE += src/fnettrace/fnettrace src/fnettrace-dns/fnettrace-dns src/fnettrace-sni/fnettrace-sni | 19 | SBOX_APPS_NON_DUMPABLE += src/fnettrace/fnettrace src/fnettrace-dns/fnettrace-dns src/fnettrace-sni/fnettrace-sni |
16 | SBOX_APPS_NON_DUMPABLE += src/fnettrace-icmp/fnettrace-icmp | 20 | SBOX_APPS_NON_DUMPABLE += src/fnettrace-icmp/fnettrace-icmp |
17 | MYDIRS = src/lib src/man $(COMPLETIONDIRS) | 21 | MYDIRS = src/lib $(COMPLETIONDIRS) |
18 | MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so | 22 | MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so |
19 | COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion | 23 | COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion |
20 | SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32 seccomp.namespaces seccomp.namespaces.32 | 24 | SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32 seccomp.namespaces seccomp.namespaces.32 |
21 | 25 | ||
26 | MANPAGES1_IN := $(sort $(wildcard src/man/*.1.in)) | ||
27 | MANPAGES5_IN := $(sort $(wildcard src/man/*.5.in)) | ||
28 | MANPAGES1_GZ := $(MANPAGES1_IN:.in=.gz) | ||
29 | MANPAGES5_GZ := $(MANPAGES5_IN:.in=.gz) | ||
30 | |||
22 | SYSCALL_HEADERS := $(sort $(wildcard src/include/syscall*.h)) | 31 | SYSCALL_HEADERS := $(sort $(wildcard src/include/syscall*.h)) |
23 | 32 | ||
24 | # Lists of keywords used in profiles; used for generating syntax files. | 33 | # Lists of keywords used in profiles; used for generating syntax files. |
@@ -37,13 +46,13 @@ SYNTAX_FILES := $(SYNTAX_FILES_IN:.in=) | |||
37 | ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS) | 46 | ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS) |
38 | 47 | ||
39 | .PHONY: all | 48 | .PHONY: all |
40 | all: all_items mydirs $(CONTRIB_TARGET) | 49 | all: all_items mydirs filters $(MAN_TARGET) $(CONTRIB_TARGET) |
41 | 50 | ||
42 | config.mk config.sh: | 51 | config.mk config.sh: |
43 | @printf 'error: run ./configure to generate %s\n' "$@" >&2 | 52 | @printf 'error: run ./configure to generate %s\n' "$@" >&2 |
44 | @false | 53 | @false |
45 | 54 | ||
46 | .PHONY: all_items $(ALL_ITEMS) | 55 | .PHONY: all_items |
47 | all_items: $(ALL_ITEMS) | 56 | all_items: $(ALL_ITEMS) |
48 | $(ALL_ITEMS): $(MYDIRS) | 57 | $(ALL_ITEMS): $(MYDIRS) |
49 | $(MAKE) -C $(dir $@) | 58 | $(MAKE) -C $(dir $@) |
@@ -53,21 +62,38 @@ mydirs: $(MYDIRS) | |||
53 | $(MYDIRS): | 62 | $(MYDIRS): |
54 | $(MAKE) -C $@ | 63 | $(MAKE) -C $@ |
55 | 64 | ||
56 | define build_filters | 65 | .PHONY: filters |
66 | filters: $(SECCOMP_FILTERS) | ||
67 | seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
57 | src/fseccomp/fseccomp default seccomp | 68 | src/fseccomp/fseccomp default seccomp |
58 | src/fsec-optimize/fsec-optimize seccomp | 69 | src/fsec-optimize/fsec-optimize seccomp |
70 | |||
71 | seccomp.debug: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
59 | src/fseccomp/fseccomp default seccomp.debug allow-debuggers | 72 | src/fseccomp/fseccomp default seccomp.debug allow-debuggers |
60 | src/fsec-optimize/fsec-optimize seccomp.debug | 73 | src/fsec-optimize/fsec-optimize seccomp.debug |
74 | |||
75 | seccomp.32: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
61 | src/fseccomp/fseccomp secondary 32 seccomp.32 | 76 | src/fseccomp/fseccomp secondary 32 seccomp.32 |
62 | src/fsec-optimize/fsec-optimize seccomp.32 | 77 | src/fsec-optimize/fsec-optimize seccomp.32 |
78 | |||
79 | seccomp.block_secondary: src/fseccomp/fseccomp | ||
63 | src/fseccomp/fseccomp secondary block seccomp.block_secondary | 80 | src/fseccomp/fseccomp secondary block seccomp.block_secondary |
81 | |||
82 | seccomp.mdwx: src/fseccomp/fseccomp | ||
64 | src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx | 83 | src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx |
84 | |||
85 | seccomp.mdwx.32: src/fseccomp/fseccomp | ||
65 | src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32 | 86 | src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32 |
87 | |||
88 | seccomp.namespaces: src/fseccomp/fseccomp | ||
66 | src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts | 89 | src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts |
67 | src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts | ||
68 | endef | ||
69 | 90 | ||
91 | seccomp.namespaces.32: src/fseccomp/fseccomp | ||
92 | src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts | ||
70 | 93 | ||
94 | .PHONY: man | ||
95 | man: | ||
96 | $(MAKE) -C src/man | ||
71 | 97 | ||
72 | # Makes all targets in contrib/ | 98 | # Makes all targets in contrib/ |
73 | .PHONY: contrib | 99 | .PHONY: contrib |
@@ -137,6 +163,7 @@ clean: | |||
137 | for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \ | 163 | for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \ |
138 | $(MAKE) -C $$dir clean; \ | 164 | $(MAKE) -C $$dir clean; \ |
139 | done | 165 | done |
166 | $(MAKE) -C src/man clean | ||
140 | $(MAKE) -C test clean | 167 | $(MAKE) -C test clean |
141 | rm -f $(SECCOMP_FILTERS) | 168 | rm -f $(SECCOMP_FILTERS) |
142 | rm -f firejail*.rpm | 169 | rm -f firejail*.rpm |
@@ -180,7 +207,6 @@ endif | |||
180 | # libraries and plugins | 207 | # libraries and plugins |
181 | install -m 0755 -d $(DESTDIR)$(libdir)/firejail | 208 | install -m 0755 -d $(DESTDIR)$(libdir)/firejail |
182 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/firecfg/firejail-welcome.sh | 209 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/firecfg/firejail-welcome.sh |
183 | $(call build_filters) | ||
184 | install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS) | 210 | install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS) |
185 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS) | 211 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS) |
186 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/profstats/profstats | 212 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/profstats/profstats |
@@ -230,13 +256,8 @@ endif | |||
230 | ifneq ($(HAVE_MAN),no) | 256 | ifneq ($(HAVE_MAN),no) |
231 | # man pages | 257 | # man pages |
232 | install -m 0755 -d $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(mandir)/man5 | 258 | install -m 0755 -d $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(mandir)/man5 |
233 | install -m 0644 src/man/firejail.1.gz $(DESTDIR)$(mandir)/man1/ | 259 | install -m 0644 $(MANPAGES1_GZ) $(DESTDIR)$(mandir)/man1/ |
234 | install -m 0644 src/man/firemon.1.gz $(DESTDIR)$(mandir)/man1/ | 260 | install -m 0644 $(MANPAGES5_GZ) $(DESTDIR)$(mandir)/man5/ |
235 | install -m 0644 src/man/firecfg.1.gz $(DESTDIR)$(mandir)/man1/ | ||
236 | install -m 0644 src/man/jailcheck.1.gz $(DESTDIR)$(mandir)/man1/ | ||
237 | install -m 0644 src/man/firejail-login.5.gz $(DESTDIR)$(mandir)/man5/ | ||
238 | install -m 0644 src/man/firejail-users.5.gz $(DESTDIR)$(mandir)/man5/ | ||
239 | install -m 0644 src/man/firejail-profile.5.gz $(DESTDIR)$(mandir)/man5/ | ||
240 | endif | 261 | endif |
241 | # bash completion | 262 | # bash completion |
242 | install -m 0755 -d $(DESTDIR)$(datarootdir)/bash-completion/completions | 263 | install -m 0755 -d $(DESTDIR)$(datarootdir)/bash-completion/completions |
@@ -264,10 +285,8 @@ uninstall: config.mk | |||
264 | rm -f $(DESTDIR)$(bindir)/jailcheck | 285 | rm -f $(DESTDIR)$(bindir)/jailcheck |
265 | rm -fr $(DESTDIR)$(libdir)/firejail | 286 | rm -fr $(DESTDIR)$(libdir)/firejail |
266 | rm -fr $(DESTDIR)$(datarootdir)/doc/firejail | 287 | rm -fr $(DESTDIR)$(datarootdir)/doc/firejail |
267 | for man in $(MANPAGES); do \ | 288 | rm -f $(addprefix $(DESTDIR)$(mandir)/man1/,$(notdir $(MANPAGES1_GZ))) |
268 | rm -f $(DESTDIR)$(mandir)/man5/$$man*; \ | 289 | rm -f $(addprefix $(DESTDIR)$(mandir)/man5/,$(notdir $(MANPAGES5_GZ))) |
269 | rm -f $(DESTDIR)$(mandir)/man1/$$man*; \ | ||
270 | done | ||
271 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firejail | 290 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firejail |
272 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firemon | 291 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firemon |
273 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firecfg | 292 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firecfg |