From e3f64f751ec2caaf4c209f95eefab5bc9166db0e Mon Sep 17 00:00:00 2001 From: netblue30 Date: Fri, 23 Mar 2018 19:28:05 -0400 Subject: support Spectre mitigation patch for gcc compiler --- src/fbuilder/Makefile.in | 4 ++-- src/fcopy/Makefile.in | 3 ++- src/firecfg/Makefile.in | 3 ++- src/firejail/Makefile.in | 3 ++- src/firemon/Makefile.in | 3 ++- src/fldd/Makefile.in | 4 ++-- src/fnet/Makefile.in | 4 ++-- src/fnetfilter/Makefile.in | 4 ++-- src/fsec-optimize/Makefile.in | 4 ++-- src/fsec-print/Makefile.in | 3 ++- src/fseccomp/Makefile.in | 4 ++-- src/ftee/Makefile.in | 3 ++- src/lib/Makefile.in | 3 ++- 13 files changed, 26 insertions(+), 19 deletions(-) (limited to 'src') diff --git a/src/fbuilder/Makefile.in b/src/fbuilder/Makefile.in index dd8e2ce6e..5bf78f92a 100644 --- a/src/fbuilder/Makefile.in +++ b/src/fbuilder/Makefile.in @@ -22,9 +22,9 @@ HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ HAVE_APPARMOR=@HAVE_APPARMOR@ HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ -EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ HAVE_GCOV=@HAVE_GCOV@ EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ +EXTRA_CFLAGS +=@EXTRA_CFLAGS@ H_FILE_LIST = $(sort $(wildcard *.[h])) C_FILE_LIST = $(sort $(wildcard *.c)) @@ -34,7 +34,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h - $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ fbuilder: $(OBJS) $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) diff --git a/src/fcopy/Makefile.in b/src/fcopy/Makefile.in index ad08f543e..519240c3d 100644 --- a/src/fcopy/Makefile.in +++ b/src/fcopy/Makefile.in @@ -25,6 +25,7 @@ HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ HAVE_GCOV=@HAVE_GCOV@ EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ +EXTRA_CFLAGS +=@EXTRA_CFLAGS@ H_FILE_LIST = $(sort $(wildcard *.[h])) C_FILE_LIST = $(sort $(wildcard *.c)) @@ -34,7 +35,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h - $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ fcopy: $(OBJS) $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) diff --git a/src/firecfg/Makefile.in b/src/firecfg/Makefile.in index 0b2b03275..f0d389e36 100644 --- a/src/firecfg/Makefile.in +++ b/src/firecfg/Makefile.in @@ -19,6 +19,7 @@ HAVE_X11=@HAVE_X11@ HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ HAVE_GCOV=@HAVE_GCOV@ EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ +EXTRA_CFLAGS +=@EXTRA_CFLAGS@ H_FILE_LIST = $(sort $(wildcard *.[h])) @@ -29,7 +30,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h - $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ firecfg: $(OBJS) ../lib/common.o $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o $(LIBS) $(EXTRA_LDFLAGS) diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in index 01cb929e2..543924103 100644 --- a/src/firejail/Makefile.in +++ b/src/firejail/Makefile.in @@ -25,6 +25,7 @@ HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ HAVE_GCOV=@HAVE_GCOV@ HAVE_GIT_INSTALL=@HAVE_GIT_INSTALL@ EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ +EXTRA_CFLAGS +=@EXTRA_CFLAGS@ H_FILE_LIST = $(sort $(wildcard *.[h])) C_FILE_LIST = $(sort $(wildcard *.c)) @@ -34,7 +35,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h - $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/ldd_utils.o $(LIBS) $(EXTRA_LDFLAGS) diff --git a/src/firemon/Makefile.in b/src/firemon/Makefile.in index 326c305d9..ede25f6b5 100644 --- a/src/firemon/Makefile.in +++ b/src/firemon/Makefile.in @@ -17,10 +17,11 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$ LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now HAVE_GCOV=@HAVE_GCOV@ EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ +EXTRA_CFLAGS +=@EXTRA_CFLAGS@ %.o : %.c $(H_FILE_LIST) - $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ firemon: $(OBJS) ../lib/common.o ../lib/pid.o $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/pid.o $(LIBS) $(EXTRA_LDFLAGS) diff --git a/src/fldd/Makefile.in b/src/fldd/Makefile.in index e2bf4b787..e199d517d 100644 --- a/src/fldd/Makefile.in +++ b/src/fldd/Makefile.in @@ -24,7 +24,7 @@ HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ HAVE_GCOV=@HAVE_GCOV@ -EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ +EXTRA_CFLAGS +=@EXTRA_CFLAGS@ H_FILE_LIST = $(sort $(wildcard *.[h])) C_FILE_LIST = $(sort $(wildcard *.c)) @@ -34,7 +34,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h ../include/ldd_utils.h - $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ fldd: $(OBJS) ../lib/ldd_utils.o $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/ldd_utils.o $(LIBS) $(EXTRA_LDFLAGS) diff --git a/src/fnet/Makefile.in b/src/fnet/Makefile.in index 3288e6354..06b8bbee7 100644 --- a/src/fnet/Makefile.in +++ b/src/fnet/Makefile.in @@ -22,9 +22,9 @@ HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ HAVE_APPARMOR=@HAVE_APPARMOR@ HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ -EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ HAVE_GCOV=@HAVE_GCOV@ EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ +EXTRA_CFLAGS +=@EXTRA_CFLAGS@ H_FILE_LIST = $(sort $(wildcard *.[h])) C_FILE_LIST = $(sort $(wildcard *.c)) @@ -34,7 +34,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/libnetlink.h - $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ fnet: $(OBJS) ../lib/libnetlink.o $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/libnetlink.o $(LIBS) $(EXTRA_LDFLAGS) diff --git a/src/fnetfilter/Makefile.in b/src/fnetfilter/Makefile.in index 1063737e1..0a0a8acc0 100644 --- a/src/fnetfilter/Makefile.in +++ b/src/fnetfilter/Makefile.in @@ -24,7 +24,7 @@ HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ HAVE_GCOV=@HAVE_GCOV@ -EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ +EXTRA_CFLAGS +=@EXTRA_CFLAGS@ H_FILE_LIST = $(sort $(wildcard *.[h])) C_FILE_LIST = $(sort $(wildcard *.c)) @@ -34,7 +34,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h - $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ fnetfilter: $(OBJS) $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) diff --git a/src/fsec-optimize/Makefile.in b/src/fsec-optimize/Makefile.in index 6ddbfc075..faa1aa476 100644 --- a/src/fsec-optimize/Makefile.in +++ b/src/fsec-optimize/Makefile.in @@ -22,9 +22,9 @@ HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ HAVE_APPARMOR=@HAVE_APPARMOR@ HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ -EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ HAVE_GCOV=@HAVE_GCOV@ EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ +EXTRA_CFLAGS +=@EXTRA_CFLAGS@ H_FILE_LIST = $(sort $(wildcard *.[h])) C_FILE_LIST = $(sort $(wildcard *.c)) @@ -34,7 +34,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/seccomp.h ../include/syscall.h - $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ fsec-optimize: $(OBJS) ../lib/libnetlink.o $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) diff --git a/src/fsec-print/Makefile.in b/src/fsec-print/Makefile.in index 5d23382f7..177b23f06 100644 --- a/src/fsec-print/Makefile.in +++ b/src/fsec-print/Makefile.in @@ -25,6 +25,7 @@ HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ HAVE_GCOV=@HAVE_GCOV@ EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ +EXTRA_CFLAGS +=@EXTRA_CFLAGS@ H_FILE_LIST = $(sort $(wildcard *.[h])) C_FILE_LIST = $(sort $(wildcard *.c)) @@ -34,7 +35,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/seccomp.h ../include/syscall.h - $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ fsec-print: $(OBJS) ../lib/libnetlink.o $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) diff --git a/src/fseccomp/Makefile.in b/src/fseccomp/Makefile.in index df4343d36..3fd73bc5c 100644 --- a/src/fseccomp/Makefile.in +++ b/src/fseccomp/Makefile.in @@ -22,9 +22,9 @@ HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ HAVE_APPARMOR=@HAVE_APPARMOR@ HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ -EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ HAVE_GCOV=@HAVE_GCOV@ EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ +EXTRA_CFLAGS +=@EXTRA_CFLAGS@ H_FILE_LIST = $(sort $(wildcard *.[h])) C_FILE_LIST = $(sort $(wildcard *.c)) @@ -34,7 +34,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h - $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ fseccomp: $(OBJS) $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) diff --git a/src/ftee/Makefile.in b/src/ftee/Makefile.in index fd39f0cb7..8846126f8 100644 --- a/src/ftee/Makefile.in +++ b/src/ftee/Makefile.in @@ -7,6 +7,7 @@ NAME=@PACKAGE_NAME@ HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ HAVE_GCOV=@HAVE_GCOV@ EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ +EXTRA_CFLAGS +=@EXTRA_CFLAGS@ H_FILE_LIST = $(sort $(wildcard *.[h])) C_FILE_LIST = $(sort $(wildcard *.c)) @@ -16,7 +17,7 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread %.o : %.c $(H_FILE_LIST) - $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ ftee: $(OBJS) $(CC) $(LDFLAGS) -o $@ $(OBJS) $(EXTRA_LDFLAGS) diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index a49e56ad2..a25014c74 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -5,6 +5,7 @@ NAME=@PACKAGE_NAME@ HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ HAVE_GCOV=@HAVE_GCOV@ EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ +EXTRA_CFLAGS +=@EXTRA_CFLAGS@ H_FILE_LIST = $(sort $(wildcard *.[h])) C_FILE_LIST = $(sort $(wildcard *.c)) @@ -16,7 +17,7 @@ LDFLAGS:=-pic -Wl,-z,relro -Wl,-z,now all: $(OBJS) %.o : %.c $(H_FILE_LIST) - $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ clean:; rm -f $(OBJS) *.gcov *.gcda *.gcno -- cgit v1.2.3-70-g09d2 From 7b808e6d3f2bee32e86a42c7bb46154d7c8e1a08 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Fri, 23 Mar 2018 20:33:53 -0400 Subject: fixes --- configure | 10 +++------- configure.ac | 10 +++------- src/fsec-print/print.c | 2 +- 3 files changed, 7 insertions(+), 15 deletions(-) (limited to 'src') diff --git a/configure b/configure index 80f66f8b3..0ccaad051 100755 --- a/configure +++ b/configure @@ -2100,7 +2100,6 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu #AC_CONFIG_HEADERS([config.h]) - ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -3106,7 +3105,6 @@ else fi - HAVE_SPECTRE="no" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Spectre mitigation support in gcc compiler" >&5 $as_echo_n "checking for Spectre mitigation support in gcc compiler... " >&6; } @@ -3121,7 +3119,7 @@ if test "$HAVE_SPECTRE" = "yes"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - EXTRA_CFLAGS+="-mindirect-branch=thunk" + EXTRA_CFLAGS+=" -mindirect-branch=thunk " fi if test "$HAVE_SPECTRE" = "no"; then : @@ -3132,7 +3130,6 @@ $as_echo "... not available" >&6; } fi - HAVE_APPARMOR="" # Check whether --enable-apparmor was given. if test "${enable_apparmor+set}" = set; then : @@ -3147,7 +3144,6 @@ if test "x$enable_apparmor" = "xyes"; then : fi - ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -3559,7 +3555,7 @@ fi fi if test "x$enable_apparmor" = "xyes"; then : - EXTRA_LDFLAGS+="-lapparmor " + EXTRA_LDFLAGS+=" -lapparmor " fi @@ -3753,7 +3749,7 @@ fi if test "x$enable_gcov" = "xyes"; then : HAVE_GCOV="--coverage -DHAVE_GCOV " - EXTRA_LDFLAGS+="-lgcov --coverage " + EXTRA_LDFLAGS+=" -lgcov --coverage " fi diff --git a/configure.ac b/configure.ac index d6d4eb874..9a7a9d65e 100644 --- a/configure.ac +++ b/configure.ac @@ -3,13 +3,11 @@ AC_INIT(firejail, 0.9.53, netblue30@yahoo.com, , http://firejail.wordpress.com) AC_CONFIG_SRCDIR([src/firejail/main.c]) #AC_CONFIG_HEADERS([config.h]) - AC_PROG_CC #AC_PROG_CXX AC_PROG_INSTALL AC_PROG_RANLIB - HAVE_SPECTRE="no" AC_MSG_CHECKING(for Spectre mitigation support in gcc compiler) AS_IF([test "$CC" = "gcc"], [ @@ -19,14 +17,13 @@ AS_IF([test "$CC" = "gcc"], [ ]) AS_IF([test "$HAVE_SPECTRE" = "yes"], [ AC_MSG_RESULT(yes) - EXTRA_CFLAGS+="-mindirect-branch=thunk" + EXTRA_CFLAGS+=" -mindirect-branch=thunk " ]) AS_IF([test "$HAVE_SPECTRE" = "no"], [ AC_MSG_RESULT(... not available) ]) AC_SUBST([EXTRA_CFLAGS]) - HAVE_APPARMOR="" AC_ARG_ENABLE([apparmor], AS_HELP_STRING([--enable-apparmor], [enable apparmor])) @@ -35,13 +32,12 @@ AS_IF([test "x$enable_apparmor" = "xyes"], [ AC_SUBST(HAVE_APPARMOR) ]) - AS_IF([test "x$enable_apparmor" = "xyes"], [ AC_CHECK_HEADER(sys/apparmor.h, , [AC_MSG_ERROR( [Couldn't find sys/apparmor.h... please install apparmor user space library and development files] )]) ]) AS_IF([test "x$enable_apparmor" = "xyes"], [ - EXTRA_LDFLAGS+="-lapparmor " + EXTRA_LDFLAGS+=" -lapparmor " ]) AC_SUBST([EXTRA_LDFLAGS]) @@ -160,7 +156,7 @@ AC_ARG_ENABLE([gcov], AS_HELP_STRING([--enable-gcov], [Gcov instrumentation])) AS_IF([test "x$enable_gcov" = "xyes"], [ HAVE_GCOV="--coverage -DHAVE_GCOV " - EXTRA_LDFLAGS+="-lgcov --coverage " + EXTRA_LDFLAGS+=" -lgcov --coverage " AC_SUBST(HAVE_GCOV) ]) diff --git a/src/fsec-print/print.c b/src/fsec-print/print.c index e3b53c44c..faf59aa35 100644 --- a/src/fsec-print/print.c +++ b/src/fsec-print/print.c @@ -269,7 +269,7 @@ static void bpf_decode_args(const struct sock_filter *bpf, unsigned int line) { native_arch = (ARCH_NR == ARCH_64)? 1: 0; } else if (bpf->k == X32_SYSCALL_BIT) - printf("X32_ABI true:%.4x (false %.4x)", + printf("X32_ABI %.4x (false %.4x)", (line + 1) + bpf->jt, (line + 1) + bpf->jf); else if (name) -- cgit v1.2.3-70-g09d2 From 155c5c54b2a59e547480c77962d2cbd32fdfa547 Mon Sep 17 00:00:00 2001 From: Tad Date: Sat, 24 Mar 2018 09:17:16 -0400 Subject: Fixup gnome-recipes and add it to firecfg --- README.md | 3 ++- RELNOTES | 2 +- etc/gnome-recipes.profile | 6 ++++-- src/firecfg/firecfg.config | 1 + 4 files changed, 8 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/README.md b/README.md index 90e3f7fcc..5d2c88bbf 100644 --- a/README.md +++ b/README.md @@ -246,4 +246,5 @@ firefox-common-addons.inc in firefox-common.profile. Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary, pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain, -tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder +tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder, +gnome-recipes diff --git a/RELNOTES b/RELNOTES index a031e697e..be196b1e3 100644 --- a/RELNOTES +++ b/RELNOTES @@ -27,7 +27,7 @@ firejail (0.9.53) baseline; urgency=low * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, * new profiles: discord-canary, pycharm-community, pycharm-professional, * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, - * new profiles: falkon, gnome-builder, asunder, VS Code, + * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes -- netblue30 Thu, 1 Mar 2018 08:00:00 -0500 firejail (0.9.52) baseline; urgency=low diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile index a546a60d2..2392440a6 100644 --- a/etc/gnome-recipes.profile +++ b/etc/gnome-recipes.profile @@ -5,8 +5,6 @@ include /etc/firejail/gnome-recipes.local # Persistent global definitions include /etc/firejail/globals.local -mkdir ${HOME}/.cache/gnome-recipes -whitelist ${HOME}/.cache/gnome-recipes noblacklist ${HOME}/.local/share/gnome-recipes @@ -14,7 +12,11 @@ include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc + +mkdir ${HOME}/.cache/gnome-recipes +whitelist ${HOME}/.cache/gnome-recipes include /etc/firejail/whitelist-common.inc +include /etc/firejail/whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index e29f95886..2f9f4fb44 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -154,6 +154,7 @@ gnome-maps gnome-mplayer gnome-music gnome-photos +gnome-recipes gnome-twitch gnome-weather goobox -- cgit v1.2.3-70-g09d2