Accepting request 798884 from home:jubalh:branches:Virtualization

- Add firejail-0.9.62-fix-usr-etc.patch: Check /usr/etc not just /etc - Replace python interpreter line in sort.py OBS-URL: https://build.opensuse.org/request/show/798884 OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=23
2020-05-03 13:21:47 +00:00 · 2020-05-03 13:21:47 +00:00 · 3bb61c9bf6
commit 3bb61c9bf6
parent 84b9c6c073
3 changed files with 89 additions and 1 deletions
--- a/firejail-0.9.62-fix-usr-etc.patch
+++ b/firejail-0.9.62-fix-usr-etc.patch
@ -0,0 +1,78 @@
 From 609be4fda2dda5557de864eba814c42fe2f40dca Mon Sep 17 00:00:00 2001
 From: smitsohu <smitsohu@gmail.com>
 Date: Sun, 9 Feb 2020 11:30:31 +0100
 Subject: [PATCH] openSUSE fix: mount private-etc on /usr/etc as well
 see issue #3145
 ---
 src/firejail/fs_etc.c  | 3 ++-
 src/firejail/sandbox.c | 1 +
 src/include/rundefs.h  | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)
 diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
 index 7b7813926..76bcb751e 100644
 --- a/src/firejail/fs_etc.c
 +++ b/src/firejail/fs_etc.c
@@ -145,7 +145,8 @@ void fs_private_dir_list(const char *private_dir, const char *private_run_dir, c
 	// nothing to do if directory does not exist
 	struct stat s;
 	if (stat(private_dir, &s) == -1) {
 -		fmessage("Cannot find %s\n", private_dir);
 +		if (arg_debug)
 +			printf("Cannot find %s\n", private_dir);
 		return;
 	}
 diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
 index 96ad30bed..4f53cafcc 100644
 --- a/src/firejail/sandbox.c
 +++ b/src/firejail/sandbox.c
@@ -855,6 +855,7 @@ int sandbox(void* sandbox_arg) {
 			fwarning("private-etc feature is disabled in overlay\n");
 		else {
 			fs_private_dir_list("/etc", RUN_ETC_DIR, cfg.etc_private_keep);
 +			fs_private_dir_list("/usr/etc", RUN_USR_ETC_DIR, cfg.etc_private_keep); // openSUSE
 			// create /etc/ld.so.preload file again
 			if (need_preload)
 				fs_trace_preload();
 diff --git a/src/include/rundefs.h b/src/include/rundefs.h
 index 7f9c68be2..1cfeee28d 100644
 --- a/src/include/rundefs.h
 +++ b/src/include/rundefs.h
@@ -42,6 +42,7 @@
 #define RUN_NONEWPRIVS_CFG		RUN_MNT_DIR "/nonewprivs"
 #define RUN_HOME_DIR			RUN_MNT_DIR "/home"
 #define RUN_ETC_DIR			RUN_MNT_DIR "/etc"
 +#define RUN_USR_ETC_DIR		RUN_MNT_DIR "/usretc"
 #define RUN_OPT_DIR			RUN_MNT_DIR "/opt"
 #define RUN_SRV_DIR			RUN_MNT_DIR "/srv"
 #define RUN_BIN_DIR			RUN_MNT_DIR "/bin"
 From cd184e9919bb67fb88ee6208c395682f5f0ba764 Mon Sep 17 00:00:00 2001
 From: smitsohu <smitsohu@gmail.com>
 Date: Sun, 9 Feb 2020 11:33:57 +0100
 Subject: [PATCH] openSUSE fix: search login.defs in /usr/etc, too
 see issue #3145
 ---
 src/lib/firejail_user.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
 diff --git a/src/lib/firejail_user.c b/src/lib/firejail_user.c
 index dbf2ca94b..2e03ce0e0 100644
 --- a/src/lib/firejail_user.c
 +++ b/src/lib/firejail_user.c
@@ -43,8 +43,11 @@ static void init_uid_gid_min(void) {
 	// read the real values from login.def
 	FILE *fp = fopen("/etc/login.defs", "r");
 -	if (!fp)
 -		goto errexit;
 +	if (!fp) {
 +		fp = fopen("/usr/etc/login.defs", "r"); // openSUSE
 +		if (!fp)
 +			goto errexit;
 +	}
 	char buf[MAXBUF];
 	while (fgets(buf, MAXBUF, fp)) {
--- a/firejail.changes
+++ b/firejail.changes
@ -1,3 +1,10 @@
 -------------------------------------------------------------------
 Wed Apr 29 11:30:38 UTC 2020 - Michael Vetter <mvetter@suse.com>
 - Add firejail-0.9.62-fix-usr-etc.patch:
  Check /usr/etc not just /etc
 - Replace python interpreter line in sort.py
 -------------------------------------------------------------------
 Tue Feb 11 22:32:46 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
--- a/firejail.spec
+++ b/firejail.spec
@ -25,6 +25,8 @@ Group:          Productivity/Security
 URL:            https://firejail.wordpress.com/
 Source0:        http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz
 Source1:        http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz.asc
 # https://github.com/netblue30/firejail/issues/3145
 Patch0:         firejail-0.9.62-fix-usr-etc.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  libapparmor-devel
@ -42,7 +44,8 @@ Linux namespace support. It supports sandboxing specific users upon login.
 %prep
 %setup -q
-sed -i '1s/^#!\/usr\/bin\/env /#!\/usr\/bin\//' contrib/fj-mkdeb.py contrib/fjclip.py contrib/fjdisplay.py contrib/fjresize.py
+%patch0 -p1
 sed -i '1s/^#!\/usr\/bin\/env /#!\/usr\/bin\//' contrib/fj-mkdeb.py contrib/fjclip.py contrib/fjdisplay.py contrib/fjresize.py contrib/sort.py
 %build
 %configure --docdir=%{_docdir}/%{name} \