firejail: new package

Firejail Security Sandbox
https://firejail.wordpress.com/

Lightweight application sandboxing system using seccomp and kernel
namespaces.

Signed-off-by: Chris Frederick <cdf123@cdf123.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

package/Config.in

@@ -1710,6 +1710,7 @@ menu "System tools"
 	source "package/efibootmgr/Config.in"
 	source "package/efivar/Config.in"
 	source "package/emlog/Config.in"
+	source "package/firejail/Config.in"
 	source "package/ftop/Config.in"
 	source "package/getent/Config.in"
 	source "package/htop/Config.in"

package/firejail/Config.in

@@ -0,0 +1,12 @@
+config BR2_PACKAGE_FIREJAIL
+	bool "firejail"
+	help
+	  Firejail is a SUID program that reduces the risk of security
+	  breaches by restricting the running environment of untrusted
+	  applications using Linux namespaces and seccomp-bpf. It
+	  allows a process and all its descendants to have their own
+	  private view of the globally shared kernel resources, such
+	  as the network stack, process table, mount table.
+
+	  https://firejail.wordpress.com/
+

package/firejail/firejail.hash

@@ -0,0 +1,2 @@
+# From http://download.sourceforge.net/firejail/firejail-0.9.42.asc
+sha256 4f3bceee973b84fdf13a5d5ab0060d140ecc8e42c19c945e7fb93f0fd8499b47  firejail-0.9.42.tar.xz

package/firejail/firejail.mk

@@ -0,0 +1,24 @@
+################################################################################
+#
+# firejail
+#
+################################################################################
+
+FIREJAIL_VERSION = 0.9.42
+FIREJAIL_SITE = http://download.sourceforge.net/firejail
+FIREJAIL_SOURCE = firejail-$(FIREJAIL_VERSION).tar.xz
+FIREJAIL_LICENSE = GPLv2
+FIREJAIL_LICENSE_FILES = COPYING
+FIREJAIL_CONF_OPTS = \
+	--enable-bind \
+	--enable-busybox-workaround \
+	--enable-file-transfer \
+	--enable-network \
+	--enable-seccomp \
+	--enable-userns
+
+define FIREJAIL_PERMISSIONS
+	/usr/bin/firejail f 4755 0 0 - - - - -
+endef
+
+$(eval $(autotools-package))