all: apps man filters MYLIBS = src/lib APPS = src/firejail src/firemon src/fsec-print src/fsec-optimize src/firecfg src/fnetfilter src/libtrace src/libtracelog src/ftee src/faudit src/fnet src/fseccomp src/fbuilder src/fcopy src/fldd src/libpostexecseccomp MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx prefix=@prefix@ exec_prefix=@exec_prefix@ bindir=@bindir@ libdir=@libdir@ datarootdir=@datarootdir@ mandir=@mandir@ sysconfdir=@sysconfdir@ VERSION=@PACKAGE_VERSION@ NAME=@PACKAGE_NAME@ PACKAGE_TARNAME=@PACKAGE_TARNAME@ DOCDIR=@docdir@ HAVE_SECCOMP=@HAVE_SECCOMP@ HAVE_APPARMOR=@HAVE_APPARMOR@ HAVE_CONTRIB_INSTALL=@HAVE_CONTRIB_INSTALL@ BUSYBOX_WORKAROUND=@BUSYBOX_WORKAROUND@ HAVE_SUID=@HAVE_SUID@ .PHONY: mylibs $(MYLIBS) mylibs: $(MYLIBS) $(MYLIBS): $(MAKE) -C $@ .PHONY: apps $(APPS) apps: $(APPS) $(APPS): $(MYLIBS) $(MAKE) -C $@ $(MANPAGES): $(wildcard src/man/*.txt) ./mkman.sh $(VERSION) src/man/$(basename $@).txt $@ man: $(MANPAGES) filters: src/fseccomp ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP) src/fseccomp/fseccomp default seccomp src/fsec-optimize/fsec-optimize seccomp src/fseccomp/fseccomp default seccomp.debug allow-debuggers src/fsec-optimize/fsec-optimize seccomp.debug src/fseccomp/fseccomp secondary 32 seccomp.32 src/fsec-optimize/fsec-optimize seccomp.32 src/fseccomp/fseccomp secondary block seccomp.block_secondary src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx endif clean: for dir in $(APPS) $(MYLIBS); do \ $(MAKE) -C $$dir clean; \ done rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm rm -f $(SECCOMP_FILTERS) rm -f test/utils/index.html* rm -f test/utils/wget-log rm -f test/utils/lstesting rm -f test/environment/index.html* rm -f test/environment/wget-log* rm -fr test/environment/-testdir rm -f test/environment/logfile* rm -f test/environment/index.html rm -f test/environment/wget-log rm -f test/sysutils/firejail_t* cd test/compile; ./compile.sh --clean; cd ../.. distclean: clean for dir in $(APPS) $(MYLIBS); do \ $(MAKE) -C $$dir distclean; \ done rm -fr Makefile autom4te.cache config.log config.status config.h dummy.o src/common.mk realinstall: # firejail executable install -m 0755 -d $(DESTDIR)/$(bindir) install -c -m 0755 src/firejail/firejail $(DESTDIR)/$(bindir)/. ifeq ($(HAVE_SUID),yes) chmod u+s $(DESTDIR)/$(bindir)/firejail endif # firemon executable install -c -m 0755 src/firemon/firemon $(DESTDIR)/$(bindir)/. # firecfg executable install -c -m 0755 src/firecfg/firecfg $(DESTDIR)/$(bindir)/. # libraries and plugins install -m 0755 -d $(DESTDIR)/$(libdir)/firejail install -c -m 0644 src/libtrace/libtrace.so $(DESTDIR)/$(libdir)/firejail/. install -c -m 0644 src/libtracelog/libtracelog.so $(DESTDIR)/$(libdir)/firejail/. install -c -m 0644 src/libpostexecseccomp/libpostexecseccomp.so $(DESTDIR)/$(libdir)/firejail/. install -c -m 0755 src/ftee/ftee $(DESTDIR)/$(libdir)/firejail/. install -c -m 0755 src/fshaper/fshaper.sh $(DESTDIR)/$(libdir)/firejail/. install -c -m 0644 src/firecfg/firecfg.config $(DESTDIR)/$(libdir)/firejail/. install -c -m 0755 src/faudit/faudit $(DESTDIR)/$(libdir)/firejail/. install -c -m 0755 src/fnet/fnet $(DESTDIR)/$(libdir)/firejail/. install -c -m 0755 src/fnetfilter/fnetfilter $(DESTDIR)/$(libdir)/firejail/. install -c -m 0755 src/fcopy/fcopy $(DESTDIR)/$(libdir)/firejail/. install -c -m 0755 src/fldd/fldd $(DESTDIR)/$(libdir)/firejail/. install -c -m 0755 src/fbuilder/fbuilder $(DESTDIR)/$(libdir)/firejail/. ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP) install -c -m 0755 src/fsec-print/fsec-print $(DESTDIR)/$(libdir)/firejail/. install -c -m 0755 src/fsec-optimize/fsec-optimize $(DESTDIR)/$(libdir)/firejail/. install -c -m 0755 src/fseccomp/fseccomp $(DESTDIR)/$(libdir)/firejail/. install -c -m 0644 seccomp $(DESTDIR)/$(libdir)/firejail/. install -c -m 0644 seccomp.debug $(DESTDIR)/$(libdir)/firejail/. install -c -m 0644 seccomp.32 $(DESTDIR)/$(libdir)/firejail/. install -c -m 0644 seccomp.block_secondary $(DESTDIR)/$(libdir)/firejail/. install -c -m 0644 seccomp.mdwx $(DESTDIR)/$(libdir)/firejail/. endif ifeq ($(HAVE_CONTRIB_INSTALL),yes) install -c -m 0755 contrib/fix_private-bin.py $(DESTDIR)/$(libdir)/firejail/. install -c -m 0755 contrib/fjclip.py $(DESTDIR)/$(libdir)/firejail/. install -c -m 0755 contrib/fjdisplay.py $(DESTDIR)/$(libdir)/firejail/. install -c -m 0755 contrib/fjresize.py $(DESTDIR)/$(libdir)/firejail/. install -c -m 0755 contrib/fj-mkdeb.py $(DESTDIR)/$(libdir)/firejail/. install -c -m 0755 contrib/sort.py $(DESTDIR)/$(libdir)/firejail/. install -c -m 0755 contrib/syscalls.sh $(DESTDIR)/$(libdir)/firejail/. endif # documents install -m 0755 -d $(DESTDIR)/$(DOCDIR) install -c -m 0644 COPYING $(DESTDIR)/$(DOCDIR)/. install -c -m 0644 README $(DESTDIR)/$(DOCDIR)/. install -c -m 0644 RELNOTES $(DESTDIR)/$(DOCDIR)/. install -c -m 0644 etc/templates/* $(DESTDIR)/$(DOCDIR)/. # etc files ./mketc.sh $(sysconfdir) $(BUSYBOX_WORKAROUND) install -m 0755 -d $(DESTDIR)/$(sysconfdir)/firejail for file in .etc/* etc/firejail.config; do \ install -c -m 0644 $$file $(DESTDIR)/$(sysconfdir)/firejail; \ done sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" rm -fr .etc ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR) # install apparmor profile sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d; fi;" install -c -m 0644 etc/firejail-default $(DESTDIR)/$(sysconfdir)/apparmor.d/. sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d/local ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d/local; fi;" install -c -m 0644 etc/firejail-local $(DESTDIR)/$(sysconfdir)/apparmor.d/local/firejail-default endif # man pages install -m 0755 -d $(DESTDIR)/$(mandir)/man1 install -m 0755 -d $(DESTDIR)/$(mandir)/man5 for man in $(MANPAGES); do \ rm -f $$man.gz; \ gzip -9n $$man; \ case "$$man" in \ *.1) install -c -m 0644 $$man.gz $(DESTDIR)/$(mandir)/man1/; ;; \ *.5) install -c -m 0644 $$man.gz $(DESTDIR)/$(mandir)/man5/; ;; \ esac; \ done rm -f $(MANPAGES) $(MANPAGES:%=%.gz) # bash completion install -m 0755 -d $(DESTDIR)/$(datarootdir)/bash-completion/completions install -c -m 0644 src/bash_completion/firejail.bash_completion $(DESTDIR)/$(datarootdir)/bash-completion/completions/firejail install -c -m 0644 src/bash_completion/firemon.bash_completion $(DESTDIR)/$(datarootdir)/bash-completion/completions/firemon install -c -m 0644 src/bash_completion/firecfg.bash_completion $(DESTDIR)/$(datarootdir)/bash-completion/completions/firecfg install: all $(MAKE) realinstall install-strip: all strip src/firejail/firejail strip src/firemon/firemon strip src/firecfg/firecfg strip src/libtrace/libtrace.so strip src/libtracelog/libtracelog.so strip src/libpostexecseccomp/libpostexecseccomp.so strip src/ftee/ftee strip src/faudit/faudit strip src/fnet/fnet strip src/fnetfilter/fnetfilter strip src/fseccomp/fseccomp strip src/fsec-print/fsec-print strip src/fsec-optimize/fsec-optimize strip src/fcopy/fcopy strip src/fldd/fldd strip src/fbuilder/fbuilder $(MAKE) realinstall uninstall: rm -f $(DESTDIR)/$(bindir)/firejail rm -f $(DESTDIR)/$(bindir)/firemon rm -f $(DESTDIR)/$(bindir)/firecfg rm -fr $(DESTDIR)/$(libdir)/firejail rm -fr $(DESTDIR)/$(datarootdir)/doc/firejail for man in $(MANPAGES); do \ rm -f $(DESTDIR)/$(mandir)/man5/$$man*; \ rm -f $(DESTDIR)/$(mandir)/man1/$$man*; \ done rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firejail rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firemon rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firecfg @echo "If you want to install a different version of firejail, you might also need to run 'rm -fr $(DESTDIR)/$(sysconfdir)/firejail', see #2038." DISTFILES = "src etc platform contrib configure configure.ac Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh mkdeb-apparmor.sh COPYING README RELNOTES" DISTFILES_TEST = "test/apps test/apps-x11 test/apps-x11-xorg test/root test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils test/chroot" dist: mv config.status config.status.old make distclean mv config.status.old config.status rm -fr $(NAME)-$(VERSION) $(NAME)-$(VERSION).tar.xz mkdir -p $(NAME)-$(VERSION)/test cp -a "$(DISTFILES)" $(NAME)-$(VERSION) cp -a "$(DISTFILES_TEST)" $(NAME)-$(VERSION)/test rm -rf $(NAME)-$(VERSION)/src/tools find $(NAME)-$(VERSION) -name .svn -delete tar -cJvf $(NAME)-$(VERSION).tar.xz $(NAME)-$(VERSION) rm -fr $(NAME)-$(VERSION) asc:; ./mkasc.sh $(VERSION) deb: dist ./mkdeb.sh $(NAME) $(VERSION) deb-apparmor: dist ./mkdeb-apparmor.sh $(NAME) $(VERSION) test-compile: dist cd test/compile; ./compile.sh $(NAME)-$(VERSION) .PHONY: rpms rpms: ./platform/rpm/mkrpm.sh $(NAME) $(VERSION) extras: all $(MAKE) -C extras/firetools cppcheck: clean cppcheck --force --error-exitcode=1 --enable=warning,performance . scan-build: clean NO_EXTRA_CFLAGS="yes" scan-build make # # make test # test-profiles: cd test/profiles; ./profiles.sh | grep TESTING test-private-lib: cd test/private-lib; ./private-lib.sh | grep TESTING test-apps: cd test/apps; ./apps.sh | grep TESTING test-apps-x11: cd test/apps-x11; ./apps-x11.sh | grep TESTING test-apps-x11-xorg: cd test/apps-x11-xorg; ./apps-x11-xorg.sh | grep TESTING test-sysutils: cd test/sysutils; ./sysutils.sh | grep TESTING test-utils: cd test/utils; ./utils.sh | grep TESTING test-environment: cd test/environment; ./environment.sh | grep TESTING test-filters: ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP) cd test/filters; ./filters.sh | grep TESTING endif test-arguments: cd test/arguments; ./arguments.sh | grep TESTING test-fs: cd test/fs; ./fs.sh | grep TESTING test-fcopy: cd test/fcopy; ./fcopy.sh | grep TESTING test-fnetfilter: cd test/fnetfilter; ./fnetfilter.sh | grep TESTING test: test-profiles test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments echo "TEST COMPLETE" test-noprofiles: test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters test-arguments echo "TEST COMPLETE" test-travis: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-filters test-arguments echo "TEST COMPLETE" ########################################## # Individual tests, some of them require root access # The tests are very intrussive, by the time you are done # with them you will need to restart your computer. ########################################## # a firejail-test account is required, public/private key setup test-ssh: cd test/ssh; ./ssh.sh | grep TESTING # requires root access test-chroot: cd test/chroot; ./chroot.sh | grep testing # Huge appimage files, not included in "make dist" archive test-appimage: cd test/appimage; ./appimage.sh | grep TESTING # Root access, network devices are created before the test # restart your computer to get rid of these devices test-network: cd test/network; ./network.sh | grep TESTING # requires the same setup as test-network test-stress: cd test/stress; ./stress.sh | grep TESTING # Tesets running a root user test-root: cd test/root; su -c ./root.sh | grep TESTING # OverlayFS is not available on all platforms test-overlay: cd test/overlay; ./overlay.sh | grep TESTING # For testing hidepid system, the command to set it up is "mount -o remount,rw,hidepid=2 /proc" test-all: test-root test-chroot test-network test-appimage test-overlay echo "TEST COMPLETE"