public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Amadeusz Piotr Żołnowski" <aidecoe@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/firejail/
Date: Sat,  4 Jun 2016 18:24:40 +0000 (UTC)	[thread overview]
Message-ID: <1465064066.7f01cbdf444491306d2b8557973f16b48d93ff69.aidecoe@gentoo> (raw)

commit:     7f01cbdf444491306d2b8557973f16b48d93ff69
Author:     Amadeusz Żołnowski <aidecoe <AT> gentoo <DOT> org>
AuthorDate: Sat Jun  4 18:14:12 2016 +0000
Commit:     Amadeusz Piotr Żołnowski <aidecoe <AT> gentoo <DOT> org>
CommitDate: Sat Jun  4 18:14:26 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f01cbdf

sys-apps/firejail: Allow compile time configuration

Networking features and most Linux kernel security features require root
privileges during configuration. Firejail (as a SUID binary) opens the
access to these features therefore it may be desired to turn off some
of the features on compile time.

Bump EAPI to 6.  Depend on x11-wm/xpra for X11 sandboxing feature.

Package-Manager: portage-2.3.0_rc1

 sys-apps/firejail/firejail-0.9.40-r1.ebuild | 42 +++++++++++++++++++++++++++++
 sys-apps/firejail/metadata.xml              | 14 ++++++++++
 2 files changed, 56 insertions(+)

diff --git a/sys-apps/firejail/firejail-0.9.40-r1.ebuild b/sys-apps/firejail/firejail-0.9.40-r1.ebuild
new file mode 100644
index 0000000..778ced4
--- /dev/null
+++ b/sys-apps/firejail/firejail-0.9.40-r1.ebuild
@@ -0,0 +1,42 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit eutils
+
+DESCRIPTION="Security sandbox for any type of processes"
+HOMEPAGE="https://firejail.wordpress.com/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="+bind +chroot +file-transfer +network network-restricted +seccomp
+	+userns x11"
+
+RDEPEND="x11? ( x11-wm/xpra )"
+
+PATCHES=( "${FILESDIR}"/${P}-sysmacros.patch )
+
+src_prepare() {
+	default
+	find -name Makefile.in -exec sed -i -r \
+			-e '/CFLAGS/s: (-O2|-ggdb) : :g' \
+			-e '1iCC=@CC@' {} + || die
+}
+
+src_configure() {
+	local myeconfargs=(
+		$(use_enable bind)
+		$(use_enable chroot)
+		$(use_enable file-transfer)
+		$(use_enable network)
+		$(use_enable seccomp)
+		$(use_enable userns)
+		$(use_enable x11)
+	)
+	use network-restricted && myeconfargs+=( --enable-network=restricted )
+	econf "${myeconfargs[@]}"
+}

diff --git a/sys-apps/firejail/metadata.xml b/sys-apps/firejail/metadata.xml
index 0b1ef01..004a53cb 100644
--- a/sys-apps/firejail/metadata.xml
+++ b/sys-apps/firejail/metadata.xml
@@ -16,4 +16,18 @@
 	<upstream>
 		<remote-id type="sourceforge">firejail</remote-id>
 	</upstream>
+	<use>
+		<flag name="bind">Enable custom bind mounts</flag>
+		<flag name="chroot">Enable chrooting to custom directory</flag>
+		<flag name="file-transfer">Enable file transfers between sandboxes and
+			the host system</flag>
+		<flag name="network">Enable networking features</flag>
+		<flag name="network-restricted">Grant access to --interface,
+			--net=ethXXX and --netfilter only to root user; regular users are
+			only allowed --net=none</flag>
+		<flag name="seccomp">Enable system call filtering</flag>
+		<flag name="userns">Enable attaching a new user namespace to a
+			sandbox (--noroot option)</flag>
+		<flag name="x11">Enable X11 sandboxing</flag>
+	</use>
 </pkgmetadata>


             reply	other threads:[~2016-06-04 18:24 UTC|newest]

Thread overview: 69+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-04 18:24 Amadeusz Piotr Żołnowski [this message]
  -- strict thread matches above, loose matches on Subject: below --
2025-07-04 19:01 [gentoo-commits] repo/gentoo:master commit in: sys-apps/firejail/ Sam James
2025-05-23  4:57 Sam James
2025-05-01 21:52 Sam James
2025-05-01 21:51 Sam James
2024-12-13  6:53 Arthur Zamarin
2024-06-04  0:51 Sam James
2024-06-02  4:57 Sam James
2023-04-19  9:45 Sam James
2022-08-27 11:38 Sam James
2022-07-15 10:28 Joonas Niilola
2022-03-29  7:20 Joonas Niilola
2022-02-21  1:51 Sam James
2021-07-16  0:38 Sam James
2021-07-16  0:36 Sam James
2021-07-16  0:36 Sam James
2021-02-21  5:19 Sam James
2021-02-18 23:12 Conrad Kostecki
2021-02-18  0:59 Sam James
2021-02-18  0:54 Sam James
2021-02-09  7:34 Sam James
2020-12-02 23:21 Sam James
2020-11-21  7:21 Joonas Niilola
2020-11-20 11:45 Joonas Niilola
2020-11-20 11:45 Joonas Niilola
2020-11-20 10:42 Joonas Niilola
2020-11-20 10:42 Joonas Niilola
2020-11-14 23:39 Sam James
2020-11-13 20:57 Aaron Bauman
2020-11-11  7:50 Joonas Niilola
2020-11-11  7:50 Joonas Niilola
2020-11-11  7:50 Joonas Niilola
2020-10-11 19:42 Dennis Lamm
2020-08-22 10:18 Dennis Lamm
2020-08-22 10:18 Dennis Lamm
2020-07-05 13:36 Agostino Sarubbo
2020-01-02 16:45 Dennis Lamm
2019-11-09 11:52 Dennis Lamm
2019-11-09 11:18 Dennis Lamm
2019-10-28  7:41 Agostino Sarubbo
2019-08-11 20:06 Dennis Lamm
2019-08-04 18:27 Dennis Lamm
2019-07-29 18:36 Mikle Kolyada
2019-07-29 12:16 Mikle Kolyada
2019-07-29  4:21 Dennis Lamm
2019-07-07 21:13 Amadeusz Piotr Żołnowski
2018-12-04 22:16 Amadeusz Piotr Żołnowski
2017-12-16 17:24 Tobias Klausmann
2017-11-30 20:40 Thomas Deutschmann
2017-09-10 21:49 Amadeusz Piotr Żołnowski
2017-05-16 21:41 Amadeusz Piotr Żołnowski
2017-01-30 13:09 Agostino Sarubbo
2017-01-27 22:21 Amadeusz Piotr Żołnowski
2017-01-27 22:21 Amadeusz Piotr Żołnowski
2017-01-13 17:06 Agostino Sarubbo
2016-12-18 13:27 Amadeusz Piotr Żołnowski
2016-12-13 11:05 Agostino Sarubbo
2016-10-30 10:37 Amadeusz Piotr Żołnowski
2016-09-27  8:57 Agostino Sarubbo
2016-09-26 20:35 Amadeusz Piotr Żołnowski
2016-09-26 20:35 Amadeusz Piotr Żołnowski
2016-09-26 12:36 Agostino Sarubbo
2016-09-14  9:19 Amadeusz Piotr Żołnowski
2016-06-06 13:33 Agostino Sarubbo
2016-06-04 20:56 Amadeusz Piotr Żołnowski
2016-04-20  4:29 Mike Frysinger
2016-02-12 20:09 Amadeusz Piotr Żołnowski
2016-02-12 20:06 Amadeusz Piotr Żołnowski
2016-01-05 21:20 Amadeusz Piotr Żołnowski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1465064066.7f01cbdf444491306d2b8557973f16b48d93ff69.aidecoe@gentoo \
    --to=aidecoe@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox