firejail: new package

Firejail Security Sandbox https://firejail.wordpress.com/ Lightweight application sandboxing system using seccomp and kernel namespaces. Signed-off-by: Chris Frederick <cdf123@cdf123.net> [Thomas: - Fix DEVELOPERS entry: use <> around the e-mail address instead of () - firejail builds fine with musl, so only exclude uclibc, which fails to build with EM_ARM undeclared - Update to upstream version 0.9.44.8. - Remove FIREJAIL_MAKE_OPTS, as suggested by Romain Naour. - Pass --enable-busybox-workaround only if Busybox is enabled, as suggested by Romain Naour.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2024-11-23 13:33:28 +08:00 · 2016-10-26 12:22:32 -05:00 · 2016-10-26 12:22:32 -05:00 · 0524f90a2f
commit 0524f90a2f
parent 0935781891
5 changed files with 54 additions and 0 deletions
--- a/3
+++ b/3
@ -299,6 +299,9 @@ F:	package/libdvbsi/
 F:	package/libsvg/
 F:	package/libsvg-cairo/

+N:	Chris Frederick <chrisf@cdf123.net>
+F:	package/firejail/
+
 N:	Chris Packham <judge.packham@gmail.com>
 F:	package/eventlog/
 F:	package/micropython/
--- a/package/Config.in
+++ b/package/Config.in
@ -1774,6 +1774,7 @@ menu "System tools"
 	source "package/efibootmgr/Config.in"
 	source "package/efivar/Config.in"
 	source "package/emlog/Config.in"
+	source "package/firejail/Config.in"
 	source "package/ftop/Config.in"
 	source "package/getent/Config.in"
 	source "package/htop/Config.in"
--- a/package/firejail/Config.in
+++ b/package/firejail/Config.in
@ -0,0 +1,19 @@
+config BR2_PACKAGE_FIREJAIL
+	bool "firejail"
+	depends on BR2_USE_MMU # fork()
+	depends on BR2_TOOLCHAIN_HAS_THREADS
+	# uClibc: error: ‘EM_ARM’ undeclared
+	depends on !BR2_TOOLCHAIN_USES_UCLIBC
+	help
+	  Firejail is a SUID program that reduces the risk of security
+	  breaches by restricting the running environment of untrusted
+	  applications using Linux namespaces and seccomp-bpf. It
+	  allows a process and all its descendants to have their own
+	  private view of the globally shared kernel resources, such
+	  as the network stack, process table, mount table.
+
+	  https://firejail.wordpress.com/
+
+comment "firejail needs a glibc or musl toolchain w/ threads"
+	depends on BR2_USE_MMU
+	depends on !BR2_TOOLCHAIN_USES_UCLIBC || !BR2_TOOLCHAIN_HAS_THREADS
--- a/package/firejail/firejail.hash
+++ b/package/firejail/firejail.hash
@ -0,0 +1,3 @@
+# From https://sourceforge.net/projects/firejail/files/firejail/
+md5 7e6dca7202b1d70105b39646755cc620 firejail-0.9.44.8.tar.xz
+sha1 019423df0aee84d474f9fcd1f6a871a2fe8aa9a5 firejail-0.9.44.8.tar.xz
--- a/package/firejail/firejail.mk
+++ b/package/firejail/firejail.mk
@ -0,0 +1,28 @@
+################################################################################
+#
+# firejail
+#
+################################################################################
+
+FIREJAIL_VERSION = 0.9.44.8
+FIREJAIL_SITE = http://download.sourceforge.net/firejail
+FIREJAIL_SOURCE = firejail-$(FIREJAIL_VERSION).tar.xz
+FIREJAIL_LICENSE = GPLv2+
+FIREJAIL_LICENSE_FILES = COPYING
+
+FIREJAIL_CONF_OPTS = \
+	--enable-bind \
+	--enable-file-transfer \
+	--enable-network \
+	--enable-seccomp \
+	--enable-userns
+
+ifeq ($(BR2_PACKAGE_BUSYBOX),y)
+FIREJAIL_CONF_OPTS += --enable-busybox-workaround
+endif
+
+define FIREJAIL_PERMISSIONS
+	/usr/bin/firejail f 4755 0 0 - - - - -
+endef
+
+$(eval $(autotools-package))