From: "Amadeusz Piotr Żołnowski" <aidecoe@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/firejail/
Date: Sat, 4 Jun 2016 18:24:40 +0000 (UTC) [thread overview]
Message-ID: <1465064066.7f01cbdf444491306d2b8557973f16b48d93ff69.aidecoe@gentoo> (raw)
commit: 7f01cbdf444491306d2b8557973f16b48d93ff69
Author: Amadeusz Żołnowski <aidecoe <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 4 18:14:12 2016 +0000
Commit: Amadeusz Piotr Żołnowski <aidecoe <AT> gentoo <DOT> org>
CommitDate: Sat Jun 4 18:14:26 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f01cbdf
sys-apps/firejail: Allow compile time configuration
Networking features and most Linux kernel security features require root
privileges during configuration. Firejail (as a SUID binary) opens the
access to these features therefore it may be desired to turn off some
of the features on compile time.
Bump EAPI to 6. Depend on x11-wm/xpra for X11 sandboxing feature.
Package-Manager: portage-2.3.0_rc1
sys-apps/firejail/firejail-0.9.40-r1.ebuild | 42 +++++++++++++++++++++++++++++
sys-apps/firejail/metadata.xml | 14 ++++++++++
2 files changed, 56 insertions(+)
diff --git a/sys-apps/firejail/firejail-0.9.40-r1.ebuild b/sys-apps/firejail/firejail-0.9.40-r1.ebuild
new file mode 100644
index 0000000..778ced4
--- /dev/null
+++ b/sys-apps/firejail/firejail-0.9.40-r1.ebuild
@@ -0,0 +1,42 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit eutils
+
+DESCRIPTION="Security sandbox for any type of processes"
+HOMEPAGE="https://firejail.wordpress.com/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="+bind +chroot +file-transfer +network network-restricted +seccomp
+ +userns x11"
+
+RDEPEND="x11? ( x11-wm/xpra )"
+
+PATCHES=( "${FILESDIR}"/${P}-sysmacros.patch )
+
+src_prepare() {
+ default
+ find -name Makefile.in -exec sed -i -r \
+ -e '/CFLAGS/s: (-O2|-ggdb) : :g' \
+ -e '1iCC=@CC@' {} + || die
+}
+
+src_configure() {
+ local myeconfargs=(
+ $(use_enable bind)
+ $(use_enable chroot)
+ $(use_enable file-transfer)
+ $(use_enable network)
+ $(use_enable seccomp)
+ $(use_enable userns)
+ $(use_enable x11)
+ )
+ use network-restricted && myeconfargs+=( --enable-network=restricted )
+ econf "${myeconfargs[@]}"
+}
diff --git a/sys-apps/firejail/metadata.xml b/sys-apps/firejail/metadata.xml
index 0b1ef01..004a53cb 100644
--- a/sys-apps/firejail/metadata.xml
+++ b/sys-apps/firejail/metadata.xml
@@ -16,4 +16,18 @@
<upstream>
<remote-id type="sourceforge">firejail</remote-id>
</upstream>
+ <use>
+ <flag name="bind">Enable custom bind mounts</flag>
+ <flag name="chroot">Enable chrooting to custom directory</flag>
+ <flag name="file-transfer">Enable file transfers between sandboxes and
+ the host system</flag>
+ <flag name="network">Enable networking features</flag>
+ <flag name="network-restricted">Grant access to --interface,
+ --net=ethXXX and --netfilter only to root user; regular users are
+ only allowed --net=none</flag>
+ <flag name="seccomp">Enable system call filtering</flag>
+ <flag name="userns">Enable attaching a new user namespace to a
+ sandbox (--noroot option)</flag>
+ <flag name="x11">Enable X11 sandboxing</flag>
+ </use>
</pkgmetadata>
next reply other threads:[~2016-06-04 18:24 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-04 18:24 Amadeusz Piotr Żołnowski [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-07-04 19:01 [gentoo-commits] repo/gentoo:master commit in: sys-apps/firejail/ Sam James
2025-05-23 4:57 Sam James
2025-05-01 21:52 Sam James
2025-05-01 21:51 Sam James
2024-12-13 6:53 Arthur Zamarin
2024-06-04 0:51 Sam James
2024-06-02 4:57 Sam James
2023-04-19 9:45 Sam James
2022-08-27 11:38 Sam James
2022-07-15 10:28 Joonas Niilola
2022-03-29 7:20 Joonas Niilola
2022-02-21 1:51 Sam James
2021-07-16 0:38 Sam James
2021-07-16 0:36 Sam James
2021-07-16 0:36 Sam James
2021-02-21 5:19 Sam James
2021-02-18 23:12 Conrad Kostecki
2021-02-18 0:59 Sam James
2021-02-18 0:54 Sam James
2021-02-09 7:34 Sam James
2020-12-02 23:21 Sam James
2020-11-21 7:21 Joonas Niilola
2020-11-20 11:45 Joonas Niilola
2020-11-20 11:45 Joonas Niilola
2020-11-20 10:42 Joonas Niilola
2020-11-20 10:42 Joonas Niilola
2020-11-14 23:39 Sam James
2020-11-13 20:57 Aaron Bauman
2020-11-11 7:50 Joonas Niilola
2020-11-11 7:50 Joonas Niilola
2020-11-11 7:50 Joonas Niilola
2020-10-11 19:42 Dennis Lamm
2020-08-22 10:18 Dennis Lamm
2020-08-22 10:18 Dennis Lamm
2020-07-05 13:36 Agostino Sarubbo
2020-01-02 16:45 Dennis Lamm
2019-11-09 11:52 Dennis Lamm
2019-11-09 11:18 Dennis Lamm
2019-10-28 7:41 Agostino Sarubbo
2019-08-11 20:06 Dennis Lamm
2019-08-04 18:27 Dennis Lamm
2019-07-29 18:36 Mikle Kolyada
2019-07-29 12:16 Mikle Kolyada
2019-07-29 4:21 Dennis Lamm
2019-07-07 21:13 Amadeusz Piotr Żołnowski
2018-12-04 22:16 Amadeusz Piotr Żołnowski
2017-12-16 17:24 Tobias Klausmann
2017-11-30 20:40 Thomas Deutschmann
2017-09-10 21:49 Amadeusz Piotr Żołnowski
2017-05-16 21:41 Amadeusz Piotr Żołnowski
2017-01-30 13:09 Agostino Sarubbo
2017-01-27 22:21 Amadeusz Piotr Żołnowski
2017-01-27 22:21 Amadeusz Piotr Żołnowski
2017-01-13 17:06 Agostino Sarubbo
2016-12-18 13:27 Amadeusz Piotr Żołnowski
2016-12-13 11:05 Agostino Sarubbo
2016-10-30 10:37 Amadeusz Piotr Żołnowski
2016-09-27 8:57 Agostino Sarubbo
2016-09-26 20:35 Amadeusz Piotr Żołnowski
2016-09-26 20:35 Amadeusz Piotr Żołnowski
2016-09-26 12:36 Agostino Sarubbo
2016-09-14 9:19 Amadeusz Piotr Żołnowski
2016-06-06 13:33 Agostino Sarubbo
2016-06-04 20:56 Amadeusz Piotr Żołnowski
2016-04-20 4:29 Mike Frysinger
2016-02-12 20:09 Amadeusz Piotr Żołnowski
2016-02-12 20:06 Amadeusz Piotr Żołnowski
2016-01-05 21:20 Amadeusz Piotr Żołnowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1465064066.7f01cbdf444491306d2b8557973f16b48d93ff69.aidecoe@gentoo \
--to=aidecoe@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox