From d1acb31c9714fe503082a890f1754f2026e71ee5 Mon Sep 17 00:00:00 2001 From: startx2017 Date: Sun, 28 Feb 2021 10:26:08 -0500 Subject: compile time: enable LTS --- src/common.mk.in | 3 ++- src/man/firejail.txt | 9 +++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/common.mk.in b/src/common.mk.in index 77d8539ef..eae4138c0 100644 --- a/src/common.mk.in +++ b/src/common.mk.in @@ -26,6 +26,7 @@ HAVE_SELINUX=@HAVE_SELINUX@ HAVE_DBUSPROXY=@HAVE_DBUSPROXY@ HAVE_USERTMPFS=@HAVE_USERTMPFS@ HAVE_OUTPUT=@HAVE_OUTPUT@ +HAVE_LTS=@HAVE_LTS@ H_FILE_LIST = $(sort $(wildcard *.[h])) C_FILE_LIST = $(sort $(wildcard *.c)) @@ -35,7 +36,7 @@ BINOBJS = $(foreach file, $(OBJS), $file) CFLAGS = @CFLAGS@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' -MANFLAGS = $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) +MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) CFLAGS += $(MANFLAGS) CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread diff --git a/src/man/firejail.txt b/src/man/firejail.txt index b251f8191..639b171cd 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -42,6 +42,15 @@ Miscellaneous: firejail {\-? | \-\-debug-caps | \-\-debug-errnos | \-\-debug-syscalls | \-\-debug-syscalls32 | \-\-debug-protocols | \-\-help | \-\-version} .RE .SH DESCRIPTION +#ifdef HAVE_LTS +This is Firejail long-term support (LTS), an enterprise focused version of the software, +LTS is usually supported for two or three years. +During this time only bugs and the occasional documentation problems are fixed. +The attack surface of the SUID executable was greatly reduced by removing some of the features. +.br + +.br +#endif Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities. -- cgit v1.2.3-70-g09d2