From 9b56dc8e94cf2313baf19e5847a0631231497c93 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 1 Mar 2021 07:41:33 -0500 Subject: some cleanup --- RELNOTES | 10 +++++++--- src/firejail/checkcfg.c | 29 +++++++++++++++-------------- src/firejail/usage.c | 6 ++++++ 3 files changed, 28 insertions(+), 17 deletions(-) diff --git a/RELNOTES b/RELNOTES index 15d53b640..b1322e0dc 100644 --- a/RELNOTES +++ b/RELNOTES @@ -1,13 +1,17 @@ firejail (0.9.65) baseline; urgency=low * filtering environment variables * zsh completion - * --mkdir, --mkfile - * protocol now accumulates + * command line: --mkdir, --mkfile + * --protocol now accumulates * Jolla/SailfishOS patches * private-lib rework - * jailtest + * jailtest utility for testing running sandboxes + * removed --audit options, relpaced by jailtest * capabilities list update * faccessat2 syscall support + * compile time: --enable-force-nonewprivs + * compile time: --disable-output + * compile time: --enable-lts * new profiles: vmware-view, display-im6.q16, ipcalc, ipcalc-ng * ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop, * avidemux, calligragemini, vmware-player, vmware-workstation diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index a277e76d9..e1613b325 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c @@ -269,6 +269,14 @@ errout: void print_compiletime_support(void) { printf("Compile time support:\n"); + printf("\t- Always force nonewprivs support is %s\n", +#ifdef HAVE_FORCE_NONEWPRIVS + "enabled" +#else + "disabled" +#endif + ); + printf("\t- AppArmor support is %s\n", #ifdef HAVE_APPARMOR "enabled" @@ -333,6 +341,13 @@ void print_compiletime_support(void) { #endif ); + printf("\t- output logging is %s\n", +#ifdef HAVE_OUTPUT + "enabled" +#else + "disabled" +#endif + ); printf("\t- overlayfs support is %s\n", #ifdef HAVE_OVERLAYFS "enabled" @@ -381,19 +396,5 @@ void print_compiletime_support(void) { #endif ); - printf("\t- output logging is %s\n", -#ifdef HAVE_OUTPUT - "enabled" -#else - "disabled" -#endif - ); - printf("\t- Always force nonewprivs support is %s\n", -#ifdef HAVE_FORCE_NONEWPRIVS - "enabled" -#else - "disabled" -#endif - ); } diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 8f9cc065f..a9acd7692 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c @@ -55,6 +55,7 @@ static char *usage_str = #endif " --cpu=cpu-number,cpu-number - set cpu affinity.\n" " --cpu.print=name|pid - print the cpus in use.\n" +#ifdef HAVE_DBUSPROXy " --dbus-log=file - set DBus log file location.\n" " --dbus-system=filter|none - set system DBus access policy.\n" " --dbus-system.broadcast=rule - allow signals on the system DBus according to rule.\n" @@ -70,6 +71,7 @@ static char *usage_str = " --dbus-user.own=name - allow ownership of name on the session DBus.\n" " --dbus-user.see=name - allow seeing name on the session DBus.\n" " --dbus-user.talk=name - allow talking to name on the session DBus.\n" +#endif " --debug - print sandbox debug messages.\n" " --debug-blacklists - debug blacklisting.\n" " --debug-caps - print all recognized capabilities.\n" @@ -162,14 +164,18 @@ static char *usage_str = " --novideo - disable video devices.\n" " --nou2f - disable U2F devices.\n" " --nowhitelist=filename - disable whitelist for file or directory.\n" +#ifdef HAVE_OUTPUT " --output=logfile - stdout logging and log rotation.\n" " --output-stderr=logfile - stdout and stderr logging and log rotation.\n" +#endif +#ifdef HAVE_OVERLAYFS " --overlay - mount a filesystem overlay on top of the current filesystem.\n" " --overlay-named=name - mount a filesystem overlay on top of the current\n" "\tfilesystem, and store it in name directory.\n" " --overlay-tmpfs - mount a temporary filesystem overlay on top of the\n" "\tcurrent filesystem.\n" " --overlay-clean - clean all overlays stored in $HOME/.firejail directory.\n" +#endif " --private - temporary home directory.\n" " --private=directory - use directory as user home.\n" " --private-cache - temporary ~/.cache directory.\n" -- cgit v1.2.3-70-g09d2