prefix=@prefix@ exec_prefix=@exec_prefix@ bindir=@bindir@ libdir=@libdir@ datarootdir=@datarootdir@ mandir=@mandir@ sysconfdir=@sysconfdir@ VERSION=@PACKAGE_VERSION@ NAME=@PACKAGE_NAME@ PACKAGE_TARNAME=@PACKAGE_TARNAME@ DOCDIR=@docdir@ HAVE_APPARMOR=@HAVE_APPARMOR@ HAVE_CONTRIB_INSTALL=@HAVE_CONTRIB_INSTALL@ BUSYBOX_WORKAROUND=@BUSYBOX_WORKAROUND@ HAVE_SUID=@HAVE_SUID@ HAVE_MAN=@HAVE_MAN@ ifneq ($(HAVE_MAN),no) MAN_TARGET = man MAN_SRC = src/man endif all: all_items mydirs $(MAN_TARGET) filters APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats SBOX_APPS = src/faudit/faudit src/fbuilder/fbuilder src/ftee/ftee SBOX_APPS_NON_DUMPABLE = src/fcopy/fcopy src/fldd/fldd src/fnet/fnet src/fnetfilter/fnetfilter MYDIRS = src/lib $(MAN_SRC) MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 SBOX_APPS_NON_DUMPABLE += src/fsec-optimize/fsec-optimize src/fsec-print/fsec-print src/fseccomp/fseccomp SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32 ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS) .PHONY: all_items $(ALL_ITEMS) all_items: $(ALL_ITEMS) $(ALL_ITEMS): $(MYDIRS) $(MAKE) -C $(dir $@) .PHONY: mydirs $(MYDIRS) mydirs: $(MYDIRS) $(MYDIRS): $(MAKE) -C $@ $(MANPAGES): src/man ./mkman.sh $(VERSION) src/man/$(basename $@).man $@ man: $(MANPAGES) filters: $(SECCOMP_FILTERS) $(SBOX_APPS_NON_DUMPABLE) seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize src/fseccomp/fseccomp default seccomp src/fsec-optimize/fsec-optimize seccomp seccomp.debug: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize src/fseccomp/fseccomp default seccomp.debug allow-debuggers src/fsec-optimize/fsec-optimize seccomp.debug seccomp.32: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize src/fseccomp/fseccomp secondary 32 seccomp.32 src/fsec-optimize/fsec-optimize seccomp.32 seccomp.block_secondary: src/fseccomp/fseccomp src/fseccomp/fseccomp secondary block seccomp.block_secondary seccomp.mdwx: src/fseccomp/fseccomp src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx seccomp.mdwx.32: src/fseccomp/fseccomp src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32 clean: for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \ $(MAKE) -C $$dir clean; \ done $(MAKE) -C test clean rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm rm -f $(SECCOMP_FILTERS) rm -f test/utils/index.html* rm -f test/utils/wget-log rm -f test/utils/lstesting rm -f test/environment/index.html* rm -f test/environment/wget-log* rm -fr test/environment/-testdir rm -f test/environment/logfile* rm -f test/environment/index.html rm -f test/environment/wget-log rm -f test/sysutils/firejail_t* cd test/compile; ./compile.sh --clean; cd ../.. distclean: clean for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \ $(MAKE) -C $$dir distclean; \ done $(MAKE) -C test distclean rm -fr Makefile autom4te.cache config.log config.status config.h src/common.mk mkdeb.sh realinstall: # firejail executable install -m 0755 -d $(DESTDIR)$(bindir) install -m 0755 src/firejail/firejail $(DESTDIR)$(bindir) ifeq ($(HAVE_SUID),yes) chmod u+s $(DESTDIR)$(bindir)/firejail endif # firemon executable install -m 0755 src/firemon/firemon $(DESTDIR)$(bindir) # firecfg executable install -m 0755 src/firecfg/firecfg $(DESTDIR)$(bindir) # libraries and plugins install -m 0755 -d $(DESTDIR)$(libdir)/firejail install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS) src/firecfg/firecfg.config install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS) # plugins w/o read permission (non-dumpable) install -m 0711 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS_NON_DUMPABLE) install -m 0711 -t $(DESTDIR)$(libdir)/firejail src/fshaper/fshaper.sh ifeq ($(HAVE_CONTRIB_INSTALL),yes) # contrib scripts install -m 0755 -t $(DESTDIR)$(libdir)/firejail contrib/*.py contrib/*.sh # vim syntax install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax install -m 0644 contrib/vim/ftdetect/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect install -m 0644 contrib/vim/syntax/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax endif # documents install -m 0755 -d $(DESTDIR)$(DOCDIR) install -m 0644 -t $(DESTDIR)$(DOCDIR) COPYING README RELNOTES etc/templates/* # profiles and settings install -m 0755 -d $(DESTDIR)$(sysconfdir)/firejail install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail etc/profile-a-l/*.profile etc/profile-m-z/*.profile etc/inc/*.inc etc/net/*.net etc/firejail.config sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" ifeq ($(BUSYBOX_WORKAROUND),yes) ./mketc.sh $(DESTDIR)$(sysconfdir)/firejail/disable-common.inc endif ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR) # install apparmor profile sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d; fi;" install -m 0644 etc/apparmor/firejail-default $(DESTDIR)$(sysconfdir)/apparmor.d sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d/local ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d/local; fi;" # install apparmor profile customization file sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/apparmor.d/local/firejail-default ]; then install -c -m 0644 etc/apparmor/firejail-local $(DESTDIR)/$(sysconfdir)/apparmor.d/local/firejail-default; fi;" endif ifneq ($(HAVE_MAN),no) # man pages install -m 0755 -d $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(mandir)/man5 for man in $(MANPAGES); do \ rm -f $$man.gz; \ gzip -9n $$man; \ case "$$man" in \ *.1) install -m 0644 $$man.gz $(DESTDIR)$(mandir)/man1/; ;; \ *.5) install -m 0644 $$man.gz $(DESTDIR)$(mandir)/man5/; ;; \ esac; \ done rm -f $(MANPAGES) $(MANPAGES:%=%.gz) endif # bash completion install -m 0755 -d $(DESTDIR)$(datarootdir)/bash-completion/completions install -m 0644 src/bash_completion/firejail.bash_completion $(DESTDIR)$(datarootdir)/bash-completion/completions/firejail install -m 0644 src/bash_completion/firemon.bash_completion $(DESTDIR)$(datarootdir)/bash-completion/completions/firemon install -m 0644 src/bash_completion/firecfg.bash_completion $(DESTDIR)$(datarootdir)/bash-completion/completions/firecfg install: all $(MAKE) realinstall install-strip: all strip $(ALL_ITEMS) $(MAKE) realinstall uninstall: rm -f $(DESTDIR)$(bindir)/firejail rm -f $(DESTDIR)$(bindir)/firemon rm -f $(DESTDIR)$(bindir)/firecfg rm -fr $(DESTDIR)$(libdir)/firejail rm -fr $(DESTDIR)$(datarootdir)/doc/firejail for man in $(MANPAGES); do \ rm -f $(DESTDIR)$(mandir)/man5/$$man*; \ rm -f $(DESTDIR)$(mandir)/man1/$$man*; \ done rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firejail rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firemon rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firecfg @echo "If you want to install a different version of firejail, you might also need to run 'rm -fr $(DESTDIR)$(sysconfdir)/firejail', see #2038." DISTFILES = "src etc m4 platform contrib configure configure.ac Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh.in COPYING README RELNOTES" DISTFILES_TEST = "test/Makefile.in test/apps test/apps-x11 test/apps-x11-xorg test/root test/private-lib test/fnetfilter test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils test/chroot" dist: mv config.status config.status.old mv mkdeb.sh mkdeb.sh.old make distclean mv mkdeb.sh.old mkdeb.sh mv config.status.old config.status rm -fr $(NAME)-$(VERSION) $(NAME)-$(VERSION).tar.xz mkdir -p $(NAME)-$(VERSION)/test cp -a "$(DISTFILES)" $(NAME)-$(VERSION) cp -a "$(DISTFILES_TEST)" $(NAME)-$(VERSION)/test rm -rf $(NAME)-$(VERSION)/src/tools find $(NAME)-$(VERSION) -name .svn -delete tar -cJvf $(NAME)-$(VERSION).tar.xz $(NAME)-$(VERSION) rm -fr $(NAME)-$(VERSION) asc:; ./mkasc.sh $(VERSION) deb: dist ./mkdeb.sh deb-apparmor: dist ./mkdeb.sh -apparmor test-compile: dist cd test/compile; ./compile.sh $(NAME)-$(VERSION) .PHONY: rpms rpms: src/man ./platform/rpm/mkrpm.sh $(NAME) $(VERSION) extras: all $(MAKE) -C extras/firetools cppcheck: clean cppcheck --force --error-exitcode=1 --enable=warning,performance . scan-build: clean NO_EXTRA_CFLAGS="yes" scan-build make # # make test # TESTS=profiles private-lib apps apps-x11 apps-x11-xorg sysutils utils environment filters arguments fs fcopy fnetfilter TEST_TARGETS=$(patsubst %,test-%,$(TESTS)) $(TEST_TARGETS): $(MAKE) -C test $(subst test-,,$@) test: test-profiles test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments echo "TEST COMPLETE" test-noprofiles: test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments echo "TEST COMPLETE" test-github: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-arguments echo "TEST COMPLETE" ########################################## # Individual tests, some of them require root access # The tests are very intrusive, by the time you are done # with them you will need to restart your computer. ########################################## # a firejail-test account is required, public/private key setup test-ssh: $(MAKE) -C test $(subst test-,,$@) # requires root access test-chroot: $(MAKE) -C test $(subst test-,,$@) # Huge appimage files, not included in "make dist" archive test-appimage: $(MAKE) -C test $(subst test-,,$@) # Root access, network devices are created before the test # restart your computer to get rid of these devices test-network: $(MAKE) -C test $(subst test-,,$@) # requires the same setup as test-network test-stress: $(MAKE) -C test $(subst test-,,$@) # Tests running a root user test-root: $(MAKE) -C test $(subst test-,,$@) # OverlayFS is not available on all platforms test-overlay: $(MAKE) -C test $(subst test-,,$@) # For testing hidepid system, the command to set it up is "mount -o remount,rw,hidepid=2 /proc" test-all: test-root test-chroot test-network test-appimage test-overlay echo "TEST COMPLETE"