Commit 0524f90a authored by Chris Frederick's avatar Chris Frederick Committed by Thomas Petazzoni
Browse files

firejail: new package

Firejail Security Sandbox
https://firejail.wordpress.com/



Lightweight application sandboxing system using seccomp and kernel
namespaces.
Signed-off-by: default avatarChris Frederick <cdf123@cdf123.net>
[Thomas:
 - Fix DEVELOPERS entry: use <> around the e-mail address instead of ()
 - firejail builds fine with musl, so only exclude uclibc, which fails
   to build with EM_ARM undeclared
 - Update to upstream version 0.9.44.8.
 - Remove FIREJAIL_MAKE_OPTS, as suggested by Romain Naour.
 - Pass --enable-busybox-workaround only if Busybox is enabled, as
   suggested by Romain Naour.]
Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
parent 09357818
......@@ -299,6 +299,9 @@ F: package/libdvbsi/
F: package/libsvg/
F: package/libsvg-cairo/
N: Chris Frederick <chrisf@cdf123.net>
F: package/firejail/
N: Chris Packham <judge.packham@gmail.com>
F: package/eventlog/
F: package/micropython/
......
......@@ -1774,6 +1774,7 @@ menu "System tools"
source "package/efibootmgr/Config.in"
source "package/efivar/Config.in"
source "package/emlog/Config.in"
source "package/firejail/Config.in"
source "package/ftop/Config.in"
source "package/getent/Config.in"
source "package/htop/Config.in"
......
config BR2_PACKAGE_FIREJAIL
bool "firejail"
depends on BR2_USE_MMU # fork()
depends on BR2_TOOLCHAIN_HAS_THREADS
# uClibc: error: ‘EM_ARM’ undeclared
depends on !BR2_TOOLCHAIN_USES_UCLIBC
help
Firejail is a SUID program that reduces the risk of security
breaches by restricting the running environment of untrusted
applications using Linux namespaces and seccomp-bpf. It
allows a process and all its descendants to have their own
private view of the globally shared kernel resources, such
as the network stack, process table, mount table.
https://firejail.wordpress.com/
comment "firejail needs a glibc or musl toolchain w/ threads"
depends on BR2_USE_MMU
depends on !BR2_TOOLCHAIN_USES_UCLIBC || !BR2_TOOLCHAIN_HAS_THREADS
# From https://sourceforge.net/projects/firejail/files/firejail/
md5 7e6dca7202b1d70105b39646755cc620 firejail-0.9.44.8.tar.xz
sha1 019423df0aee84d474f9fcd1f6a871a2fe8aa9a5 firejail-0.9.44.8.tar.xz
################################################################################
#
# firejail
#
################################################################################
FIREJAIL_VERSION = 0.9.44.8
FIREJAIL_SITE = http://download.sourceforge.net/firejail
FIREJAIL_SOURCE = firejail-$(FIREJAIL_VERSION).tar.xz
FIREJAIL_LICENSE = GPLv2+
FIREJAIL_LICENSE_FILES = COPYING
FIREJAIL_CONF_OPTS = \
--enable-bind \
--enable-file-transfer \
--enable-network \
--enable-seccomp \
--enable-userns
ifeq ($(BR2_PACKAGE_BUSYBOX),y)
FIREJAIL_CONF_OPTS += --enable-busybox-workaround
endif
define FIREJAIL_PERMISSIONS
/usr/bin/firejail f 4755 0 0 - - - - -
endef
$(eval $(autotools-package))
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment