commit 755e067884c9d9e37a897f604279946c3a8f3a912e4e9de8728267b59d465ade Author: Dirk Mueller Date: Tue May 24 05:12:25 2016 +0000 Accepting request 397032 from home:tiwai:firejail This is a request for a new package "firejail". It's a lightweight sandbox using namespace and seccomp. Let me know if Virtualization doesn't fit as the devel project for such a program. OBS-URL: https://build.opensuse.org/request/show/397032 OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/firejail-0.9.38.tar.bz2 b/firejail-0.9.38.tar.bz2 new file mode 100644 index 0000000..15a749d --- /dev/null +++ b/firejail-0.9.38.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b61b15c03a30b92f5ffddc458b6488eedd1cf87ffe22d77d423e5a254efd16bb +size 157543 diff --git a/firejail.changes b/firejail.changes new file mode 100644 index 0000000..87b938a --- /dev/null +++ b/firejail.changes @@ -0,0 +1,5 @@ +------------------------------------------------------------------- +Tue May 17 17:13:03 CEST 2016 - tiwai@suse.de + +- initial package: 0.9.38 + diff --git a/firejail.rpmlintrc b/firejail.rpmlintrc new file mode 100644 index 0000000..0edf9fb --- /dev/null +++ b/firejail.rpmlintrc @@ -0,0 +1,2 @@ +addFilter("permissions-file-setuid-bit.*.*") +setBadness('permissions-file-setuid-bit', 900) diff --git a/firejail.spec b/firejail.spec new file mode 100644 index 0000000..b02c782 --- /dev/null +++ b/firejail.spec @@ -0,0 +1,71 @@ +# +# spec file for package firejail +# +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + + +Name: firejail +Version: 0.9.38 +Release: 0 +Summary: Linux namepaces sandbox program +License: GPL-2.0 +Group: Productivity/Security +Url: http://firejail.sourceforge.net +Source0: http://firejail.sourceforge.net/%{name}-%{version}.tar.bz2 +Source1: %{name}.rpmlintrc +BuildRequires: gcc-c++ +Requires(pre): permissions + +%description +Firejail is a SUID sandbox program that reduces the risk of security +breaches by restricting the running environment of untrusted applications +using Linux namespaces and seccomp-bpf. It includes sandbox profiles for +many existing applications like Iceweasel/Mozilla Firefox and Chromium. + +Firejail also expands the restricted shell facility found in bash by adding +Linux namespace support. It supports sandboxing specific users upon login. + +%prep +%setup -q + +%build +%configure --docdir=%{_docdir}/%{name} +make %{?_smp_mflags} VERBOSE=1 + +%install +make %{?_smp_mflags} DESTDIR=%{buildroot} install + +%post +/sbin/ldconfig +%set_permissions %{_bindir}/firejail + +%verifyscript +%verify_permissions -e %{_bindir}/firejail + +%postun -p /sbin/ldconfig + +%files +%defattr(-,root,root) +%verify(not user group mode) %{_bindir}/firejail +%{_bindir}/firemon +%{_datadir}/bash-completion +%{_libdir}/%{name} +%doc %{_docdir}/%{name} +%{_mandir}/man1/* +%{_mandir}/man5/* +%dir %{_sysconfdir}/%{name} +%config %{_sysconfdir}/%{name}/* + +%changelog