From 23d10c8fa0bc1dface09d71cc9d6475d53c42645 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 4 Apr 2018 07:41:17 -0400 Subject: deprecated --git-install and --git-uninstall --- src/common.mk.in | 3 +- src/firejail/checkcfg.c | 8 ----- src/firejail/git.c | 90 ------------------------------------------------- src/firejail/main.c | 9 ----- src/firejail/usage.c | 5 --- src/man/firejail.txt | 33 ------------------ 6 files changed, 1 insertion(+), 147 deletions(-) delete mode 100644 src/firejail/git.c (limited to 'src') diff --git a/src/common.mk.in b/src/common.mk.in index 1d4dbe304..fd9f2e5a5 100644 --- a/src/common.mk.in +++ b/src/common.mk.in @@ -23,14 +23,13 @@ HAVE_APPARMOR=@HAVE_APPARMOR@ HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ HAVE_GCOV=@HAVE_GCOV@ -HAVE_GIT_INSTALL=@HAVE_GIT_INSTALL@ H_FILE_LIST = $(sort $(wildcard *.[h])) C_FILE_LIST = $(sort $(wildcard *.c)) OBJS = $(C_FILE_LIST:.c=.o) BINOBJS = $(foreach file, $(OBJS), $file) -CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) $(HAVE_GIT_INSTALL) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security +CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ EXTRA_CFLAGS +=@EXTRA_CFLAGS@ diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 20845270e..7b0ae30b6 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c @@ -450,14 +450,6 @@ void print_compiletime_support(void) { #endif ); - printf("\t- git install support is %s\n", -#ifdef HAVE_GIT_INSTALL - "enabled" -#else - "disabled" -#endif - ); - printf("\t- networking support is %s\n", #ifdef HAVE_NETWORK "enabled" diff --git a/src/firejail/git.c b/src/firejail/git.c deleted file mode 100644 index d6525aa89..000000000 --- a/src/firejail/git.c +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (C) 2014-2018 Firejail Authors - * - * This file is part of firejail project - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -#ifdef HAVE_GIT_INSTALL - -#include "firejail.h" -#include -#include -#include - -// install a very simple mount namespace sandbox with a tmpfs on top of /tmp -// and drop privileges -static void sbox_ns(void) { - if (unshare(CLONE_NEWNS) < 0) - errExit("unshare"); - - // mount events are not forwarded between the host the sandbox - if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) { - errExit("mount"); - } - - // mount a tmpfs on top of /tmp - if (mount(NULL, "/tmp", "tmpfs", 0, NULL) < 0) - errExit("mount"); - - - // drop privileges - if (setgid(getgid()) < 0) - errExit("setgid/getgid"); - if (setuid(getuid()) < 0) - errExit("setuid/getuid"); - assert(getenv("LD_PRELOAD") == NULL); - - printf("Running as "); fflush(0); - int rv = system("whoami"); - (void) rv; - printf("/tmp directory: "); fflush(0); - rv = system("ls -l /tmp"); - (void) rv; -} - - -void git_install(void) { - // redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh" - EUID_ASSERT(); - EUID_ROOT(); - - // install a mount namespace with a tmpfs on top of /tmp - sbox_ns(); - - // run command - const char *cmd = LIBDIR "/firejail/fgit-install.sh"; - int rv = system(cmd); - (void) rv; - exit(0); -} - -void git_uninstall(void) { - // redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh" - EUID_ASSERT(); - EUID_ROOT(); - - // install a mount namespace with a tmpfs on top of /tmp - sbox_ns(); - - // run command - const char *cmd = LIBDIR "/firejail/fgit-uninstall.sh"; - int rv = system(cmd); - (void) rv; - exit(0); -} - -#endif // HAVE_GIT_INSTALL diff --git a/src/firejail/main.c b/src/firejail/main.c index 0d53a24a8..f34d2eb79 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -890,15 +890,6 @@ int main(int argc, char **argv) { profile_add(cmd); } - -#ifdef HAVE_GIT_INSTALL - // process git-install and git-uninstall - if (check_arg(argc, argv, "--git-install", 1)) - git_install(); // this function will not return - if (check_arg(argc, argv, "--git-uninstall", 1)) - git_uninstall(); // this function will not return -#endif - // profile builder if (check_arg(argc, argv, "--build", 0)) // supports both --build and --build=filename run_builder(argc, argv); // this function will not return diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 542747efc..effbf3751 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c @@ -78,11 +78,6 @@ static char *usage_str = " --env=name=value - set environment variable.\n" " --fs.print=name|pid - print the filesystem log.\n" " --get=name|pid filename - get a file from sandbox container.\n" -#ifdef HAVE_GIT_INSTALL - " --git-install - download, compile and install mainline git version\n" - "\tof Firejail.\n" - " --git-uninstall - uninstall mainline git version of Firejail\n" -#endif " --help, -? - this help screen.\n" " --hostname=name - set sandbox hostname.\n" " --hosts-file=file - use file as /etc/hosts.\n" diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 85550e576..d89a763a9 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -493,39 +493,6 @@ $ firejail \-\-fs.print=3272 \fB\-\-get=name|pid filename Get a file from sandbox container, see \fBFILE TRANSFER\fR section for more details. - -.TP -\fB\-\-git-install -Download, compile and install mainline git version of Firejail from the official repository on GitHub. -The software is installed in /usr/local/bin, and takes precedence over the (old) version -installed in /usr/bin. If for any reason the new version doesn't work, the user can uninstall it -using \-\-git-uninstall command and revert to the old version. -.br - -.br -Prerequisites: git and compile support are required for this command to work. On Debian/Ubuntu -systems this support is installed using "sudo apt-get install build-essential git". -.br - -.br -Example: -.br - -.br -$ firejail \-\-git-install - -.TP -\fB\-\-git-uninstall -Remove the Firejail version previously installed in /usr/local/bin using \-\-git-install command. -.br - -.br -Example: -.br - -.br -$ firejail \-\-git-uninstall - .TP \fB\-?\fR, \fB\-\-help\fR Print options end exit. -- cgit v1.2.3-70-g09d2