pool/firejail
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c5bd94cd19
firejail/firejail.spec
Ismail Dönmez c5bd94cd19 Accepting request 437560 from home:tiwai:branches:Virtualization 
- Update to version 0.9.44:
  * CVE-2016-7545 submitted by Aleksey Manevich
  Modifications:
  * removed man firejail-config
  * –private-tmp whitelists /tmp/.X11-unix directory
  * Nvidia drivers added to –private-dev
  * /srv supported by –whitelist
  New features:
  * allow user access to /sys/fs (–noblacklist=/sys/fs)
  * support starting/joining sandbox is a single command (–join-or-start)
  * X11 detection support for –audit
  * assign a name to the interface connected to the bridge (–veth-name)
  * all user home directories are visible (–allusers)
  * add files to sandbox container (–put)
  * blocking x11 (–x11=block)
  * X11 security extension (–x11=xorg)
  * disable 3D hardware acceleration (–no3d)
  * x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands
  * move files in sandbox (–put)
  * accept wildcard patterns in user name field of restricted shell login feature
  New profiles:
  * qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape
  * feh, ranger, zathura, 7z, keepass, keepassx,
  * claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot
  * Flowblade, Eye of GNOME (eog), Evolution

OBS-URL: https://build.opensuse.org/request/show/437560
OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=4
2016-11-03 08:20:46 +00:00

76 lines
2.1 KiB
RPMSpec
Raw Blame History

#
# spec file for package firejail
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: firejail
Version: 0.9.44
Release: 0
Summary: Linux namepaces sandbox program
License: GPL-2.0
Group: Productivity/Security
Url: https://firejail.wordpress.com/
Source0: %{name}-%{version}.tar.xz
Source1: %{name}.rpmlintrc
BuildRequires: libapparmor-devel
BuildRequires: gcc-c++
Requires(pre): permissions
%description
Firejail is a SUID sandbox program that reduces the risk of security
breaches by restricting the running environment of untrusted applications
using Linux namespaces and seccomp-bpf. It includes sandbox profiles for
many existing applications like Iceweasel/Mozilla Firefox and Chromium.
Firejail also expands the restricted shell facility found in bash by adding
Linux namespace support. It supports sandboxing specific users upon login.
%prep
%setup -q
%build
%configure --docdir=%{_docdir}/%{name} \
--enable-apparmor
make %{?_smp_mflags} VERBOSE=1
%install
make %{?_smp_mflags} DESTDIR=%{buildroot} install
%post
/sbin/ldconfig
%set_permissions %{_bindir}/firejail
%verifyscript
%verify_permissions -e %{_bindir}/firejail
%postun -p /sbin/ldconfig
%files
%defattr(-,root,root)
%verify(not user group mode) %{_bindir}/firejail
%{_bindir}/firecfg
%{_bindir}/firemon
%{_datadir}/bash-completion
%{_libdir}/%{name}
%doc %{_docdir}/%{name}
%{_mandir}/man1/*
%{_mandir}/man5/*
%dir %{_sysconfdir}/%{name}
%config %{_sysconfdir}/%{name}/*
/etc/apparmor.d
%changelog
Reference in New Issue View Git Blame Copy Permalink