Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Amadeusz Piotr Żołnowski" <aidecoe@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/firejail/
Date: Sat, 04 Jun 2016 18:24:44
Message-Id: 1465064066.7f01cbdf444491306d2b8557973f16b48d93ff69.aidecoe@gentoo
1 commit: 7f01cbdf444491306d2b8557973f16b48d93ff69
2 Author: Amadeusz Żołnowski <aidecoe <AT> gentoo <DOT> org>
3 AuthorDate: Sat Jun 4 18:14:12 2016 +0000
4 Commit: Amadeusz Piotr Żołnowski <aidecoe <AT> gentoo <DOT> org>
5 CommitDate: Sat Jun 4 18:14:26 2016 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f01cbdf
7
8 sys-apps/firejail: Allow compile time configuration
9
10 Networking features and most Linux kernel security features require root
11 privileges during configuration. Firejail (as a SUID binary) opens the
12 access to these features therefore it may be desired to turn off some
13 of the features on compile time.
14
15 Bump EAPI to 6. Depend on x11-wm/xpra for X11 sandboxing feature.
16
17 Package-Manager: portage-2.3.0_rc1
18
19 sys-apps/firejail/firejail-0.9.40-r1.ebuild | 42 +++++++++++++++++++++++++++++
20 sys-apps/firejail/metadata.xml | 14 ++++++++++
21 2 files changed, 56 insertions(+)
22
23 diff --git a/sys-apps/firejail/firejail-0.9.40-r1.ebuild b/sys-apps/firejail/firejail-0.9.40-r1.ebuild
24 new file mode 100644
25 index 0000000..778ced4
26 --- /dev/null
27 +++ b/sys-apps/firejail/firejail-0.9.40-r1.ebuild
28 @@ -0,0 +1,42 @@
29 +# Copyright 1999-2016 Gentoo Foundation
30 +# Distributed under the terms of the GNU General Public License v2
31 +# $Id$
32 +
33 +EAPI=6
34 +
35 +inherit eutils
36 +
37 +DESCRIPTION="Security sandbox for any type of processes"
38 +HOMEPAGE="https://firejail.wordpress.com/"
39 +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
40 +
41 +LICENSE="GPL-2"
42 +SLOT="0"
43 +KEYWORDS="~amd64"
44 +IUSE="+bind +chroot +file-transfer +network network-restricted +seccomp
45 + +userns x11"
46 +
47 +RDEPEND="x11? ( x11-wm/xpra )"
48 +
49 +PATCHES=( "${FILESDIR}"/${P}-sysmacros.patch )
50 +
51 +src_prepare() {
52 + default
53 + find -name Makefile.in -exec sed -i -r \
54 + -e '/CFLAGS/s: (-O2|-ggdb) : :g' \
55 + -e '1iCC=@CC@' {} + || die
56 +}
57 +
58 +src_configure() {
59 + local myeconfargs=(
60 + $(use_enable bind)
61 + $(use_enable chroot)
62 + $(use_enable file-transfer)
63 + $(use_enable network)
64 + $(use_enable seccomp)
65 + $(use_enable userns)
66 + $(use_enable x11)
67 + )
68 + use network-restricted && myeconfargs+=( --enable-network=restricted )
69 + econf "${myeconfargs[@]}"
70 +}
71
72 diff --git a/sys-apps/firejail/metadata.xml b/sys-apps/firejail/metadata.xml
73 index 0b1ef01..004a53cb 100644
74 --- a/sys-apps/firejail/metadata.xml
75 +++ b/sys-apps/firejail/metadata.xml
76 @@ -16,4 +16,18 @@
77 <upstream>
78 <remote-id type="sourceforge">firejail</remote-id>
79 </upstream>
80 + <use>
81 + <flag name="bind">Enable custom bind mounts</flag>
82 + <flag name="chroot">Enable chrooting to custom directory</flag>
83 + <flag name="file-transfer">Enable file transfers between sandboxes and
84 + the host system</flag>
85 + <flag name="network">Enable networking features</flag>
86 + <flag name="network-restricted">Grant access to --interface,
87 + --net=ethXXX and --netfilter only to root user; regular users are
88 + only allowed --net=none</flag>
89 + <flag name="seccomp">Enable system call filtering</flag>
90 + <flag name="userns">Enable attaching a new user namespace to a
91 + sandbox (--noroot option)</flag>
92 + <flag name="x11">Enable X11 sandboxing</flag>
93 + </use>
94 </pkgmetadata>
Report Message
Find on MARC Find on Google Groups