rpm/firejail
SHA256
1
0
Fork 0
forked from pool/firejail
Code Pull Requests Activity

Accepting request 844222 from Virtualization

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/844222
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/firejail?expand=0&rev=9
This commit is contained in:
Dominique Leuenberger 2020-10-27 18:00:22 +00:00 committed by Git OBS Bridge
commit 22bea5c481
3 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
firejail-apparmor-3.0.diff Normal file
View File

@ -0,0 +1,37 @@
Note: this patch is backported/modified - upstream moved the AppArmor profile
to etc/apparmor/firejail-default in the meantime
-- cboltz, 2020-10-26
commit bba750c73469ea315d859464ddd19e495d830a72
Author: Kristóf Marussy <kristof@marussy.com>
Date: Sat Oct 10 13:27:42 2020 +0200
Fix AppArmor 3.0 support (closes #3659)
AppArmor introduces the @{run} variable, which is used in
<abstractions/dbus-strict> and <abstractions/dbus-session-strict> among
other places. Thus, we follow suit of the built-in profiles and #include
<tunables/global>, which includes <tunables/run> in AppArmor 3.0,
defining the variable.
As <tunables/global> exists in previous versions of AppArmor, too, this
patch does not introduce a backward-compatibility issue with Apparmor
2.x.
diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default
index 68e20d9b..e396ae7d 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -2,6 +2,10 @@
# Generic Firejail AppArmor profile
#########################################
+# AppArmor 3.0 uses the @{run} variable in <abstractions/dbus-strict>
+# and <abstractions/dbus-session-strict>.
+#include <tunables/global>
+
##########
# A simple PID declaration based on Ubuntu's @{pid}
# Ubuntu keeps it under tunables/kernelvars and include it via tunables/global.

6
firejail.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Oct 26 22:34:02 UTC 2020 - Christian Boltz <suse-beta@cboltz.de>
- Add firejail-apparmor-3.0.diff to make the AppArmor profile compatible with
AppArmor 3.0 (add missing include <tunables/global>)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Aug 19 06:15:16 UTC 2020 - Paolo Stivanin <info@paolostivanin.com> Wed Aug 19 06:15:16 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>

3
firejail.spec
View File

@ -27,6 +27,8 @@ Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.
Source1: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz.asc Source1: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz.asc
# PATCH-FIX-OPENSUSE firejail-0.9.62-fix-usr-etc.patch -- https://github.com/netblue30/firejail/issues/3145 two patches combined, source see file # PATCH-FIX-OPENSUSE firejail-0.9.62-fix-usr-etc.patch -- https://github.com/netblue30/firejail/issues/3145 two patches combined, source see file
Patch0: firejail-0.9.62-fix-usr-etc.patch Patch0: firejail-0.9.62-fix-usr-etc.patch
# PATCH-FIX-UPSTREAM firejail-apparmor-3.0.diff -- https://github.com/netblue30/firejail/issues/3659
Patch1: firejail-apparmor-3.0.diff
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: libapparmor-devel BuildRequires: libapparmor-devel
@ -45,6 +47,7 @@ Linux namespace support. It supports sandboxing specific users upon login.
%prep %prep
%setup -q %setup -q
%patch0 -p1 %patch0 -p1
%patch1 -p1
sed -i '1s/^#!\/usr\/bin\/env /#!\/usr\/bin\//' contrib/fj-mkdeb.py contrib/fjclip.py contrib/fjdisplay.py contrib/fjresize.py contrib/sort.py sed -i '1s/^#!\/usr\/bin\/env /#!\/usr\/bin\//' contrib/fj-mkdeb.py contrib/fjclip.py contrib/fjdisplay.py contrib/fjresize.py contrib/sort.py
%build %build