NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f87bffabc8
kumquat-buildroot/package/firejail/Config.in

22 lines
828 B
Plaintext
Raw Normal View History

firejail: new package Firejail Security Sandbox https://firejail.wordpress.com/ Lightweight application sandboxing system using seccomp and kernel namespaces. Signed-off-by: Chris Frederick <cdf123@cdf123.net> [Thomas: - Fix DEVELOPERS entry: use <> around the e-mail address instead of () - firejail builds fine with musl, so only exclude uclibc, which fails to build with EM_ARM undeclared - Update to upstream version 0.9.44.8. - Remove FIREJAIL_MAKE_OPTS, as suggested by Romain Naour. - Pass --enable-busybox-workaround only if Busybox is enabled, as suggested by Romain Naour.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-10-26 19:22:32 +02:00
config BR2_PACKAGE_FIREJAIL
bool "firejail"
package/firejail: mark as broken The firejail package does not cross-compile at all, because it is not using automake, but a hand-written Makefile.in. So it does not use the cross-compiler found by ./configure. But when we fix it by passing: FIREJAIL_MAKE_ENV = $(TARGET_CONFIGURE_OPTS) it then fails to build with symbols redefinitions: /home/ymorin/dev/buildroot/O/host/usr/bin/arm-linux-gnueabihf-gcc -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -ggdb -O2 -DVERSION='"0.9.44.8"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security -c libtrace.c -o libtrace.o /tmpfs/cckgOLVz.s: Assembler messages: /tmpfs/cckgOLVz.s:1115: Error: symbol `stat64' is already defined /tmpfs/cckgOLVz.s:1282: Error: symbol `lstat64' is already defined /tmpfs/cckgOLVz.s:2296: Error: symbol `fopen64' is already defined /tmpfs/cckgOLVz.s:2631: Error: symbol `freopen64' is already defined Makefile:16: recipe for target 'libtrace.o' failed (ditto for libtracelog) Fixing this is not trivial, so we just mark the package as broken. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Chris Frederick <chrisf@cdf123.net> [Thomas: also mark the Config.in comment as BROKEN.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-12 14:32:50 +01:00
depends on BROKEN # does not cross-compile at all
firejail: new package Firejail Security Sandbox https://firejail.wordpress.com/ Lightweight application sandboxing system using seccomp and kernel namespaces. Signed-off-by: Chris Frederick <cdf123@cdf123.net> [Thomas: - Fix DEVELOPERS entry: use <> around the e-mail address instead of () - firejail builds fine with musl, so only exclude uclibc, which fails to build with EM_ARM undeclared - Update to upstream version 0.9.44.8. - Remove FIREJAIL_MAKE_OPTS, as suggested by Romain Naour. - Pass --enable-busybox-workaround only if Busybox is enabled, as suggested by Romain Naour.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-10-26 19:22:32 +02:00
depends on BR2_USE_MMU # fork()
depends on BR2_TOOLCHAIN_HAS_THREADS
# uClibc: error: EM_ARM undeclared
depends on !BR2_TOOLCHAIN_USES_UCLIBC
help
Firejail is a SUID program that reduces the risk of security
breaches by restricting the running environment of untrusted
applications using Linux namespaces and seccomp-bpf. It
allows a process and all its descendants to have their own
private view of the globally shared kernel resources, such
as the network stack, process table, mount table.
https://firejail.wordpress.com/
comment "firejail needs a glibc or musl toolchain w/ threads"
depends on BR2_USE_MMU
package/firejail: mark as broken The firejail package does not cross-compile at all, because it is not using automake, but a hand-written Makefile.in. So it does not use the cross-compiler found by ./configure. But when we fix it by passing: FIREJAIL_MAKE_ENV = $(TARGET_CONFIGURE_OPTS) it then fails to build with symbols redefinitions: /home/ymorin/dev/buildroot/O/host/usr/bin/arm-linux-gnueabihf-gcc -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -ggdb -O2 -DVERSION='"0.9.44.8"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security -c libtrace.c -o libtrace.o /tmpfs/cckgOLVz.s: Assembler messages: /tmpfs/cckgOLVz.s:1115: Error: symbol `stat64' is already defined /tmpfs/cckgOLVz.s:1282: Error: symbol `lstat64' is already defined /tmpfs/cckgOLVz.s:2296: Error: symbol `fopen64' is already defined /tmpfs/cckgOLVz.s:2631: Error: symbol `freopen64' is already defined Makefile:16: recipe for target 'libtrace.o' failed (ditto for libtracelog) Fixing this is not trivial, so we just mark the package as broken. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Chris Frederick <chrisf@cdf123.net> [Thomas: also mark the Config.in comment as BROKEN.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-12 14:32:50 +01:00
depends on BROKEN
firejail: fix logic for comment firejail depends on !uClibc, so the "firejail needs !uClibc" comment should be displayed when we do have uClibc. Right now the logic is just the other way around, so flip it. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-09 12:25:29 +01:00
depends on BR2_TOOLCHAIN_USES_UCLIBC || !BR2_TOOLCHAIN_HAS_THREADS
Reference in New Issue Copy Permalink