github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

build: restore seccomp filter targets

Browse source 
This partially reverts commit 2b34747db ("generate seccomp filters at
install time", 2023-07-07).  See also commit 6fa19aab9 ("feature: use
seccomp filters build at install time for --restrict-namespaces",
2023-07-12).

The seccomp filters were always being built because
src/fseccomp/fseccomp (and other programs) are in `$(ALL_ITEMS)`, which
is incorrectly marked as phony.  This commit fixes that and restores the
previous target logic, for consistency with the other targets and so
that the seccomp filters are made at build time rather than at install
time.
This commit is contained in:
Kelvin M. Klann 2023-07-13 00:27:09 -03:00
parent d8d450158c
commit 80eb28483f
1 changed files with 19 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

26
Makefile
View file

@ -37,13 +37,13 @@ SYNTAX_FILES := $(SYNTAX_FILES_IN:.in=)
ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS)
.PHONY: all
all: all_items mydirs $(CONTRIB_TARGET)
all: all_items mydirs filters $(CONTRIB_TARGET)
config.mk config.sh:
@printf 'error: run ./configure to generate %s\n' "$@" >&2
@false
.PHONY: all_items $(ALL_ITEMS)
.PHONY: all_items
all_items: $(ALL_ITEMS)
$(ALL_ITEMS): $(MYDIRS)
$(MAKE) -C $(dir $@)
@ -53,21 +53,34 @@ mydirs: $(MYDIRS)
$(MYDIRS):
$(MAKE) -C $@
define build_filters
.PHONY: filters
filters: $(SECCOMP_FILTERS)
seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize
src/fseccomp/fseccomp default seccomp
src/fsec-optimize/fsec-optimize seccomp
seccomp.debug: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize
src/fseccomp/fseccomp default seccomp.debug allow-debuggers
src/fsec-optimize/fsec-optimize seccomp.debug
seccomp.32: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize
src/fseccomp/fseccomp secondary 32 seccomp.32
src/fsec-optimize/fsec-optimize seccomp.32
seccomp.block_secondary: src/fseccomp/fseccomp
src/fseccomp/fseccomp secondary block seccomp.block_secondary
seccomp.mdwx: src/fseccomp/fseccomp
src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx
seccomp.mdwx.32: src/fseccomp/fseccomp
src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32
seccomp.namespaces: src/fseccomp/fseccomp
src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts
seccomp.namespaces.32: src/fseccomp/fseccomp
src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts
endef
# Makes all targets in contrib/
.PHONY: contrib
@ -180,7 +193,6 @@ endif
# libraries and plugins
install -m 0755 -d $(DESTDIR)$(libdir)/firejail
install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/firecfg/firejail-welcome.sh
$(call build_filters)
install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS)
install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS)
install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/profstats/profstats