Takashi Iwai
a872b3d7c4
- Update to version 0.9.48:
* modifs: whitelisted Transmission, Deluge, qBitTorrent,
KTorrent;
please use ~/Downloads directory for saving files
* modifs: AppArmor made optional; a warning is printed on the
screen if the sandbox fails to load the AppArmor profile
* feature: --novideo
* feature: drop discretionary access control capabilities for
root sandboxes
* feature: added /etc/firejail/globals.local for global
customizations
* feature: profile support in overlayfs mode
* new profiles: vym, darktable, Waterfox, digiKam, Catfish,
HandBrake
* bugfixes
OBS-URL: https://build.opensuse.org/request/show/517016
OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=7
76 lines
2.1 KiB
RPMSpec
76 lines
2.1 KiB
RPMSpec
#
|
|
# spec file for package firejail
|
|
#
|
|
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
Name: firejail
|
|
Version: 0.9.48
|
|
Release: 0
|
|
Summary: Linux namepaces sandbox program
|
|
License: GPL-2.0
|
|
Group: Productivity/Security
|
|
Url: https://firejail.wordpress.com/
|
|
Source0: %{name}-%{version}.tar.xz
|
|
Source1: %{name}.rpmlintrc
|
|
BuildRequires: libapparmor-devel
|
|
BuildRequires: gcc-c++
|
|
Requires(pre): permissions
|
|
|
|
%description
|
|
Firejail is a SUID sandbox program that reduces the risk of security
|
|
breaches by restricting the running environment of untrusted applications
|
|
using Linux namespaces and seccomp-bpf. It includes sandbox profiles for
|
|
many existing applications like Iceweasel/Mozilla Firefox and Chromium.
|
|
|
|
Firejail also expands the restricted shell facility found in bash by adding
|
|
Linux namespace support. It supports sandboxing specific users upon login.
|
|
|
|
%prep
|
|
%setup -q
|
|
|
|
%build
|
|
%configure --docdir=%{_docdir}/%{name} \
|
|
--enable-apparmor
|
|
make %{?_smp_mflags} VERBOSE=1
|
|
|
|
%install
|
|
make %{?_smp_mflags} DESTDIR=%{buildroot} install
|
|
|
|
%post
|
|
/sbin/ldconfig
|
|
%set_permissions %{_bindir}/firejail
|
|
|
|
%verifyscript
|
|
%verify_permissions -e %{_bindir}/firejail
|
|
|
|
%postun -p /sbin/ldconfig
|
|
|
|
%files
|
|
%defattr(-,root,root)
|
|
%verify(not user group mode) %{_bindir}/firejail
|
|
%{_bindir}/firecfg
|
|
%{_bindir}/firemon
|
|
%{_datadir}/bash-completion
|
|
%{_libdir}/%{name}
|
|
%doc %{_docdir}/%{name}
|
|
%{_mandir}/man1/*
|
|
%{_mandir}/man5/*
|
|
%dir %{_sysconfdir}/%{name}
|
|
%config %{_sysconfdir}/%{name}/*
|
|
/etc/apparmor.d
|
|
|
|
%changelog
|