This reverts commit 5c6fa6ab58.
The commit in question causes `HAVE_SANDBOX_CHECK` to always be unset
(instead of only when `--disable-sandbox-check` is used), as its value
was being passed to the compiler through `MANFLAGS`. Move the macro
back into `MANFLAGS` for simplicity.
Also, using `--disable-sandbox-check` breaks the tests and thus also
breaks CI (see #6619).
Relates to #6592.
Build log[1]:
$ make
[...]
make -C src/libtrace/
make[1]: Entering directory '/builds/Firejail/firejail_ci/src/libtrace'
gcc -ggdb -O2 -DVERSION='"0.9.73"' [...] -c ../../src/libtrace/libtrace.c -o ../../src/libtrace/libtrace.o
../../src/libtrace/libtrace.c:451:59: warning: 'struct stat64' declared inside parameter list will not be visible outside of this definition or declaration
451 | typedef int (*orig_stat64_t)(const char *pathname, struct stat64 *statbuf);
| ^~~~~~
../../src/libtrace/libtrace.c:453:41: warning: 'struct stat64' declared inside parameter list will not be visible outside of this definition or declaration
453 | int stat64(const char *pathname, struct stat64 *statbuf) {
| ^~~~~~
../../src/libtrace/libtrace.c: In function 'stat64':
../../src/libtrace/libtrace.c:457:40: error: passing argument 2 of 'orig_stat64' from incompatible pointer type [-Wincompatible-pointer-types]
457 | int rv = orig_stat64(pathname, statbuf);
| ^~~~~~~
| |
| struct stat64 *
../../src/libtrace/libtrace.c:457:40: note: expected 'struct stat64 *' but argument is of type 'struct stat64 *'
../../src/libtrace/libtrace.c: At top level:
../../src/libtrace/libtrace.c:476:60: warning: 'struct stat64' declared inside parameter list will not be visible outside of this definition or declaration
476 | typedef int (*orig_lstat64_t)(const char *pathname, struct stat64 *statbuf);
| ^~~~~~
../../src/libtrace/libtrace.c:478:42: warning: 'struct stat64' declared inside parameter list will not be visible outside of this definition or declaration
478 | int lstat64(const char *pathname, struct stat64 *statbuf) {
| ^~~~~~
../../src/libtrace/libtrace.c: In function 'lstat64':
../../src/libtrace/libtrace.c:482:41: error: passing argument 2 of 'orig_lstat64' from incompatible pointer type [-Wincompatible-pointer-types]
482 | int rv = orig_lstat64(pathname, statbuf);
| ^~~~~~~
| |
| struct stat64 *
../../src/libtrace/libtrace.c:482:41: note: expected 'struct stat64 *' but argument is of type 'struct stat64 *'
make[1]: Leaving directory '/builds/Firejail/firejail_ci/src/libtrace'
Environment: gcc (14.2.0-r4), musl-dev (1.2.5-r8) on Alpine Linux v3.21.
Relates to #6610.
[1] https://gitlab.com/Firejail/firejail_ci/-/jobs/8853165146
Make it match the other `AC_ARG_ENABLE` code.
This amends commit a53de4926 ("build: improve --disable-sandbox-check
help string", 2025-01-13).
Relates to #6592.
Commands used to check for issues:
git grep 'Copyright .*Firejail' | grep -v 2014-2025
Misc: This was noticed on commit 212ac3cb1 ("update copyright",
2025-01-12).
Reuse the definition from src/include/rundefs.h.
Related commits:
* 07c05e8a5 ("moved sandbox name to /run/firejail/name/<PID>",
2016-02-19)
* 57ffc35a8 ("added sandbox name support in firemon", 2018-03-21)
This flag disables the code which checks whether the current instance of
firejail is running within a sandbox like LXC, chroot or firejail itself.
If we want to develop firejail inside of a sandbox, to keep the "host system"
clean of unnecessary installed dependencies and changes to the system,
we might want to force firejail to run normally, so that we can test different
profiles inside of the sandbox. This is only meant for people who are working
on the firejail code, not someone attempting to run firejail inside of a
sandbox as a user, because it needs to run as root and it can escape the
sandbox easily.
Changes:
* Strip whitespace at the beginning
* Strip whitespace at the end
* Ensure exactly one newline at the end
* Strip extraneous newlines
Also, for clarity print the git diff in the sort.py ci job, since the
specific lines changed are not printed by the sort.py script in this
case (as whitespace is fixed in the entire profile at once).
Command used to search and replace:
./contrib/sort.py etc/inc/*.inc etc/profile*/*.profile
This is a follow-up to #6556.
Update contrib/sort.py
electron-common.profile and blink-common.profile already apply
whitelisting in the user home, so ensure that the allowed paths are
available as well.
Relates to #6314.
