Takashi Iwai
68d6fd1be5
Note for reviewer: 0.9.51 was skipped.
- Update to version 0.9.52:
* New features
+ systemd-resolved integration
+ whitelisted /var in most profiles
+ GTK2, GTK3 and Qt4 private-lib support
+ --debug-private-lib
+ test deployment of private-lib for the some apps: evince,
galculator, gnome-calculator, leafpad, mousepad,
transmission-gtk, xcalc, xmr-stak-cpu, atril,
mate-color-select, tar, file, strings, gpicview, eom, eog,
gedit, pluma
+ netfilter template support
+ various new arguments
* --writable-run-user
* --rlimit-as
* --rlimit-cpu
* --timeout
* --build (profile build tool)
* --netfilter.print
* --netfilter6.print
* deprecations in modif
+ --allow-private-blacklists (blacklisting, read-only,
read-write, tmpfs and noexec are allowed in private home
directories
+ remount-proc-sys (firejail.config)
+ follow-symlink-private-bin (firejail.config)
+ --profile-path
* enhancements
+ support Firejail user config directory in firecfg
+ disable DBus activation in firecfg
+ enumerate root directories in apparmor profile
+ /etc and /usr/share whitelisting support
+ globbing support for --private-bin
* new profiles: upstreamed profiles from 3 sources:
+ https://github.com/chiraag-nataraj/firejail-profiles
+ https://github.com/nyancat18/fe
+ https://aur.archlinux.org/packages/firejail-profiles
* new profiles: terasology, surf, rocketchat, clamscan, clamdscan,
clamdtop, freshclam, xmr-stak-cpu, amule, ardour4, ardour5,
brackets, calligra, calligraauthor, calligraconverter,
calligraflow, calligraplan, calligraplanwork, calligrasheets,
calligrastage, calligrawords, cin, dooble, dooble-qt4,
fetchmail, freecad, freecadcmd, google-earth,imagej, karbon,
1kdenlive, krita, linphone, lmms, macrofusion, mpd, natron,
Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en,
Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg,
bluefish, cinelerra, openshot-qt, pinta, uefitool, aosp,
pdfmod, gnome-ring, xcalc, zaproxy, kopete, cliqz,
signal-desktop, kget, nheko, Enpass, kwin_x11, krunner, ping,
bsdtar, makepkg (Arch), archaudit-report cower (Arch), kdeinit4
- Add full link to source tarball from sourceforge
- Add asc file
OBS-URL: https://build.opensuse.org/request/show/556579
OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=9
76 lines
2.2 KiB
RPMSpec
76 lines
2.2 KiB
RPMSpec
#
|
|
# spec file for package firejail
|
|
#
|
|
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
Name: firejail
|
|
Version: 0.9.52
|
|
Release: 0
|
|
Summary: Linux namepaces sandbox program
|
|
License: GPL-2.0
|
|
Group: Productivity/Security
|
|
Url: https://firejail.wordpress.com/
|
|
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz
|
|
Source1: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz.asc
|
|
Source2: %{name}.rpmlintrc
|
|
BuildRequires: gcc-c++
|
|
BuildRequires: libapparmor-devel
|
|
Requires(pre): permissions
|
|
|
|
%description
|
|
Firejail is a SUID sandbox program that reduces the risk of security
|
|
breaches by restricting the running environment of untrusted applications
|
|
using Linux namespaces and seccomp-bpf. It includes sandbox profiles for
|
|
many existing applications like Iceweasel/Mozilla Firefox and Chromium.
|
|
|
|
Firejail also expands the restricted shell facility found in bash by adding
|
|
Linux namespace support. It supports sandboxing specific users upon login.
|
|
|
|
%prep
|
|
%setup -q
|
|
|
|
%build
|
|
%configure --docdir=%{_docdir}/%{name} \
|
|
--enable-apparmor
|
|
make %{?_smp_mflags} VERBOSE=1
|
|
|
|
%install
|
|
%make_install
|
|
|
|
%post
|
|
/sbin/ldconfig
|
|
%set_permissions %{_bindir}/firejail
|
|
|
|
%verifyscript
|
|
%verify_permissions -e %{_bindir}/firejail
|
|
|
|
%postun -p /sbin/ldconfig
|
|
|
|
%files
|
|
%verify(not user group mode) %{_bindir}/firejail
|
|
%{_bindir}/firecfg
|
|
%{_bindir}/firemon
|
|
%{_datadir}/bash-completion
|
|
%{_libdir}/%{name}
|
|
%doc %{_docdir}/%{name}
|
|
%{_mandir}/man1/*
|
|
%{_mandir}/man5/*
|
|
%dir %{_sysconfdir}/%{name}
|
|
%config %{_sysconfdir}/%{name}/*
|
|
%{_sysconfdir}/apparmor.d
|
|
|
|
%changelog
|