github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

feature: build: add --disable-sandbox-check configure flag

Browse source 
This flag disables the code which checks whether the current instance of
firejail is running within a sandbox like LXC, chroot or firejail itself.
If we want to develop firejail inside of a sandbox, to keep the "host system"
clean of unnecessary installed dependencies and changes to the system,
we might want to force firejail to run normally, so that we can test different
profiles inside of the sandbox. This is only meant for people who are working
on the firejail code, not someone attempting to run firejail inside of a
sandbox as a user, because it needs to run as root and it can escape the
sandbox easily.
This commit is contained in:
powerjungle 2024-12-27 15:40:02 +00:00
parent 102d760fa7
commit 108327c5a0
No known key found for this signature in database
GPG key ID: 3E956E7890C5FE34
5 changed files with 41 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
configure.ac
View file

@ -69,6 +69,14 @@ AS_IF([test "x$enable_sanitizer" != "xno" ], [
], [AC_MSG_ERROR([sanitizer not supported: $enable_sanitizer])])
])
HAVE_SANDBOX_CHECK=""
AC_SUBST([HAVE_SANDBOX_CHECK])
AC_ARG_ENABLE([sandbox-check],
[AS_HELP_STRING([--disable-sandbox-check], [checking if current instance of firejail is running within a sandbox is disabled, only use this when developing firejail inside of a sandbox])])
AS_IF([test "x$enable_sandbox_check" != "xno"], [
HAVE_SANDBOX_CHECK="-DHAVE_SANDBOX_CHECK"
])
HAVE_IDS=""
AC_SUBST([HAVE_IDS])
AC_ARG_ENABLE([ids],
@ -324,6 +332,7 @@ Features:
overlayfs support: $HAVE_OVERLAYFS
private home support: $HAVE_PRIVATE_HOME
private lib support: $HAVE_PRIVATE_LIB
sandbox check: $HAVE_SANDBOX_CHECK
SELinux labeling support: $HAVE_SELINUX
user namespace: $HAVE_USERNS
X11 sandboxing support: $HAVE_X11