1 |
commit: 7f01cbdf444491306d2b8557973f16b48d93ff69 |
2 |
Author: Amadeusz Żołnowski <aidecoe <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Jun 4 18:14:12 2016 +0000 |
4 |
Commit: Amadeusz Piotr Żołnowski <aidecoe <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Jun 4 18:14:26 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f01cbdf |
7 |
|
8 |
sys-apps/firejail: Allow compile time configuration |
9 |
|
10 |
Networking features and most Linux kernel security features require root |
11 |
privileges during configuration. Firejail (as a SUID binary) opens the |
12 |
access to these features therefore it may be desired to turn off some |
13 |
of the features on compile time. |
14 |
|
15 |
Bump EAPI to 6. Depend on x11-wm/xpra for X11 sandboxing feature. |
16 |
|
17 |
Package-Manager: portage-2.3.0_rc1 |
18 |
|
19 |
sys-apps/firejail/firejail-0.9.40-r1.ebuild | 42 +++++++++++++++++++++++++++++ |
20 |
sys-apps/firejail/metadata.xml | 14 ++++++++++ |
21 |
2 files changed, 56 insertions(+) |
22 |
|
23 |
diff --git a/sys-apps/firejail/firejail-0.9.40-r1.ebuild b/sys-apps/firejail/firejail-0.9.40-r1.ebuild |
24 |
new file mode 100644 |
25 |
index 0000000..778ced4 |
26 |
--- /dev/null |
27 |
+++ b/sys-apps/firejail/firejail-0.9.40-r1.ebuild |
28 |
@@ -0,0 +1,42 @@ |
29 |
+# Copyright 1999-2016 Gentoo Foundation |
30 |
+# Distributed under the terms of the GNU General Public License v2 |
31 |
+# $Id$ |
32 |
+ |
33 |
+EAPI=6 |
34 |
+ |
35 |
+inherit eutils |
36 |
+ |
37 |
+DESCRIPTION="Security sandbox for any type of processes" |
38 |
+HOMEPAGE="https://firejail.wordpress.com/" |
39 |
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" |
40 |
+ |
41 |
+LICENSE="GPL-2" |
42 |
+SLOT="0" |
43 |
+KEYWORDS="~amd64" |
44 |
+IUSE="+bind +chroot +file-transfer +network network-restricted +seccomp |
45 |
+ +userns x11" |
46 |
+ |
47 |
+RDEPEND="x11? ( x11-wm/xpra )" |
48 |
+ |
49 |
+PATCHES=( "${FILESDIR}"/${P}-sysmacros.patch ) |
50 |
+ |
51 |
+src_prepare() { |
52 |
+ default |
53 |
+ find -name Makefile.in -exec sed -i -r \ |
54 |
+ -e '/CFLAGS/s: (-O2|-ggdb) : :g' \ |
55 |
+ -e '1iCC=@CC@' {} + || die |
56 |
+} |
57 |
+ |
58 |
+src_configure() { |
59 |
+ local myeconfargs=( |
60 |
+ $(use_enable bind) |
61 |
+ $(use_enable chroot) |
62 |
+ $(use_enable file-transfer) |
63 |
+ $(use_enable network) |
64 |
+ $(use_enable seccomp) |
65 |
+ $(use_enable userns) |
66 |
+ $(use_enable x11) |
67 |
+ ) |
68 |
+ use network-restricted && myeconfargs+=( --enable-network=restricted ) |
69 |
+ econf "${myeconfargs[@]}" |
70 |
+} |
71 |
|
72 |
diff --git a/sys-apps/firejail/metadata.xml b/sys-apps/firejail/metadata.xml |
73 |
index 0b1ef01..004a53cb 100644 |
74 |
--- a/sys-apps/firejail/metadata.xml |
75 |
+++ b/sys-apps/firejail/metadata.xml |
76 |
@@ -16,4 +16,18 @@ |
77 |
<upstream> |
78 |
<remote-id type="sourceforge">firejail</remote-id> |
79 |
</upstream> |
80 |
+ <use> |
81 |
+ <flag name="bind">Enable custom bind mounts</flag> |
82 |
+ <flag name="chroot">Enable chrooting to custom directory</flag> |
83 |
+ <flag name="file-transfer">Enable file transfers between sandboxes and |
84 |
+ the host system</flag> |
85 |
+ <flag name="network">Enable networking features</flag> |
86 |
+ <flag name="network-restricted">Grant access to --interface, |
87 |
+ --net=ethXXX and --netfilter only to root user; regular users are |
88 |
+ only allowed --net=none</flag> |
89 |
+ <flag name="seccomp">Enable system call filtering</flag> |
90 |
+ <flag name="userns">Enable attaching a new user namespace to a |
91 |
+ sandbox (--noroot option)</flag> |
92 |
+ <flag name="x11">Enable X11 sandboxing</flag> |
93 |
+ </use> |
94 |
</pkgmetadata> |