diff options
Diffstat (limited to 'sys-apps/firejail')
-rw-r--r-- | sys-apps/firejail/Manifest | 3 | ||||
-rw-r--r-- | sys-apps/firejail/files/0.9.50-contrib-fix.patch | 36 | ||||
-rw-r--r-- | sys-apps/firejail/files/firejail-0.9.70-envlimits.patch | 12 | ||||
-rw-r--r-- | sys-apps/firejail/files/firejail-0.9.70-firecfg.config.patch | 82 | ||||
-rw-r--r-- | sys-apps/firejail/files/firejail-compressed-manpages.patch | 17 | ||||
-rw-r--r-- | sys-apps/firejail/files/profile_display.local | 2 | ||||
-rw-r--r-- | sys-apps/firejail/files/profile_patch.local | 8 | ||||
-rw-r--r-- | sys-apps/firejail/files/profile_pdftotext.local | 2 | ||||
-rw-r--r-- | sys-apps/firejail/files/profile_wget.local | 5 | ||||
-rw-r--r-- | sys-apps/firejail/firejail-0.9.50.ebuild | 49 | ||||
-rw-r--r-- | sys-apps/firejail/firejail-0.9.60-r1.ebuild | 65 | ||||
-rw-r--r-- | sys-apps/firejail/firejail-0.9.72.ebuild | 138 | ||||
-rw-r--r-- | sys-apps/firejail/firejail-9999.ebuild | 75 | ||||
-rw-r--r-- | sys-apps/firejail/metadata.xml | 24 |
14 files changed, 261 insertions, 257 deletions
diff --git a/sys-apps/firejail/Manifest b/sys-apps/firejail/Manifest index 69947b7d043b..93387adafa9d 100644 --- a/sys-apps/firejail/Manifest +++ b/sys-apps/firejail/Manifest @@ -1,2 +1 @@ -DIST firejail-0.9.50.tar.xz 279488 BLAKE2B 96d8e9161f0631ebfa400fd79c1d8d139d014da46cc2bf7fd3683f75ef7dced6a435e09e1733b675bc549662d50fddca9bd8811872a5ed186d731bb3c16903ea SHA512 766fe8a0c65ddc717759f0ea54a4fe72213f43ecf241c385e484eb7e47bebd5896976998c76e6a5ef9c153d4007c2a01e9d942cc9f352c4b085fb02fe708a87d -DIST firejail-0.9.60.tar.gz 1067102 BLAKE2B c5fd9a9c60fe17fc7ae24946ae5ea2f666d1dd20d982c540783dd2e56d30859a24258c4f3426e2bafaff3530557f5865bc73af9573e399039e8d5b097e5cddee SHA512 cb3eeff2f77801b4593a719a6b63da09cdc6c7f96f8ea8ea1aaa7e8538b080421a284441c6e43ce036fdf8510e08a73816c58d22f0af048344b8752f4a02759a +DIST firejail-0.9.72.tar.xz 503192 BLAKE2B 3d57b345476cb62399859622c88f5d6c22842da5894045c09bc7d84229ec2a01c494e4e9393b6fba6c668f73c6b7046f9a014a315baa5bc56d1479b9cad178a7 SHA512 846fa5caf6e68c669f76a07d6321ed365bf3c45f7992e8be3784ed99ef508ea8dffc5d6cc5da75eeb37964ad358d61b7959e8590051950951de8ca904d8a49de diff --git a/sys-apps/firejail/files/0.9.50-contrib-fix.patch b/sys-apps/firejail/files/0.9.50-contrib-fix.patch deleted file mode 100644 index 7192bba34807..000000000000 --- a/sys-apps/firejail/files/0.9.50-contrib-fix.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -Naur firejail-0.9.48/contrib/fix_private-bin.py firejail-0.9.48.new/contrib/fix_private-bin.py ---- firejail-0.9.48/contrib/fix_private-bin.py 2017-05-24 23:01:32.000000000 +0100 -+++ firejail-0.9.48.new/contrib/fix_private-bin.py 2017-08-27 23:19:52.868481040 +0100 -@@ -1,4 +1,4 @@ --#!/usr/bin/python3 -+#!/usr/bin/env python3 - - __author__ = "KOLANICH" - __copyright__ = """This is free and unencumbered software released into the public domain. -diff -Naur firejail-0.9.48/contrib/fjclip.py firejail-0.9.48.new/contrib/fjclip.py ---- firejail-0.9.48/contrib/fjclip.py 2017-05-24 23:01:32.000000000 +0100 -+++ firejail-0.9.48.new/contrib/fjclip.py 2017-08-27 23:19:58.476562539 +0100 -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python2 - - import re - import sys -diff -Naur firejail-0.9.48/contrib/fjdisplay.py firejail-0.9.48.new/contrib/fjdisplay.py ---- firejail-0.9.48/contrib/fjdisplay.py 2017-05-24 23:01:32.000000000 +0100 -+++ firejail-0.9.48.new/contrib/fjdisplay.py 2017-08-27 23:20:01.932612762 +0100 -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python2 - - import re - import sys -diff -Naur firejail-0.9.48/contrib/fjresize.py firejail-0.9.48.new/contrib/fjresize.py ---- firejail-0.9.48/contrib/fjresize.py 2017-05-24 23:01:32.000000000 +0100 -+++ firejail-0.9.48.new/contrib/fjresize.py 2017-08-27 23:20:06.932685422 +0100 -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/env python2 - - import sys - import fjdisplay diff --git a/sys-apps/firejail/files/firejail-0.9.70-envlimits.patch b/sys-apps/firejail/files/firejail-0.9.70-envlimits.patch new file mode 100644 index 000000000000..d99db424c052 --- /dev/null +++ b/sys-apps/firejail/files/firejail-0.9.70-envlimits.patch @@ -0,0 +1,12 @@ +diff -urP firejail-0.9.70.orig/src/firejail/firejail.h firejail-0.9.70/src/firejail/firejail.h +--- firejail-0.9.70.orig/src/firejail/firejail.h 2022-06-08 07:42:50.000000000 -0600 ++++ firejail-0.9.70/src/firejail/firejail.h 2022-06-09 13:06:04.094034022 -0600 +@@ -706,7 +706,7 @@ + int check_kernel_procs(void); + void run_no_sandbox(int argc, char **argv) __attribute__((noreturn)); + +-#define MAX_ENVS 256 // some sane maximum number of environment variables ++#define MAX_ENVS 2048 // some sane maximum number of environment variables + #define MAX_ENV_LEN (PATH_MAX + 32) // FOOBAR=SOME_PATH, only applied to Firejail's own sandboxed apps + // env.c + typedef enum { diff --git a/sys-apps/firejail/files/firejail-0.9.70-firecfg.config.patch b/sys-apps/firejail/files/firejail-0.9.70-firecfg.config.patch new file mode 100644 index 000000000000..ff751b9dc684 --- /dev/null +++ b/sys-apps/firejail/files/firejail-0.9.70-firecfg.config.patch @@ -0,0 +1,82 @@ +diff -urP firejail-0.9.70.orig/src/firecfg/firecfg.config firejail-0.9.70/src/firecfg/firecfg.config +--- firejail-0.9.70.orig/src/firecfg/firecfg.config 2022-06-08 07:42:50.000000000 -0600 ++++ firejail-0.9.70/src/firecfg/firecfg.config 2022-06-09 13:06:38.646038407 -0600 +@@ -213,7 +213,8 @@ + electron-mail + electrum + element-desktop +-elinks ++# Breaks emerge/portage on Gentoo: 'too many environment variables' ++#elinks + empathy + enchant + enchant-2 +@@ -259,7 +260,8 @@ + flameshot + flashpeak-slimjet + flowblade +-fontforge ++# Breaks emerge/portage on Gentoo ++#fontforge + font-manager + fossamail + four-in-a-row +@@ -490,11 +492,16 @@ + luminance-hdr + lximage-qt + lxmusic +-lynx ++# Breaks emerge/portage on Gentoo: 'too many environment variables' ++#lynx + lyx + macrofusion + magicor +-man ++# Breaks: $ man chromium-browser ++# WARNING: terminal is not fully functional ++# Press RETURN to continue ++# Manual page chromium-browser(1) byte 0/0 (END) (press h for help or q to quit) ++#man + manaplus + marker + masterpdfeditor +@@ -571,7 +578,8 @@ + musictube + musixmatch + mutool +-mutt ++# Breaks when configs are under ~/.mutt/ ++#mutt + mypaint + mypaint-ora-thumbnailer + natron +@@ -635,7 +643,8 @@ + palemoon + #pandoc + parole +-patch ++# Breaks emerge/portage on Gentoo: 'too many environment variables', path issues ++#patch + pavucontrol + pavucontrol-qt + pcsxr +@@ -761,7 +770,8 @@ + stellarium + strawberry + straw-viewer +-strings ++# Breaks emerge/portage on Gentoo ++#strings + studio.sh + subdownloader + supertux2 +@@ -880,7 +890,8 @@ + weechat + weechat-curses + wesnoth +-wget ++# Breaks emerge/portage on Gentoo: 'too many environment variables', path issues ++#wget + wget2 + whalebird + whois diff --git a/sys-apps/firejail/files/firejail-compressed-manpages.patch b/sys-apps/firejail/files/firejail-compressed-manpages.patch deleted file mode 100644 index 8a43bcac2618..000000000000 --- a/sys-apps/firejail/files/firejail-compressed-manpages.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/Makefile b/Makefile -index 9c9b93d..2eb8ab2 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -141,10 +141,9 @@ endif - install -m 0755 -d $(DESTDIR)/$(mandir)/man5 - for man in $(MANPAGES); do \ - rm -f $$man.gz; \ -- gzip -9n $$man; \ - case "$$man" in \ -- *.1) install -c -m 0644 $$man.gz $(DESTDIR)/$(mandir)/man1/; ;; \ -- *.5) install -c -m 0644 $$man.gz $(DESTDIR)/$(mandir)/man5/; ;; \ -+ *.1) install -c -m 0644 $$man $(DESTDIR)/$(mandir)/man1/; ;; \ -+ *.5) install -c -m 0644 $$man $(DESTDIR)/$(mandir)/man5/; ;; \ - esac; \ - done - rm -f $(MANPAGES) $(MANPAGES:%=%.gz) diff --git a/sys-apps/firejail/files/profile_display.local b/sys-apps/firejail/files/profile_display.local new file mode 100644 index 000000000000..edf025c4720d --- /dev/null +++ b/sys-apps/firejail/files/profile_display.local @@ -0,0 +1,2 @@ +private-lib gcc/*/*/libgcc_s.so.*,gcc/*/*/libgomp.so.*,libMagickWand-*.so.*,libfreetype.so.*,libXext.so.*,libltdl.so.*,ImageMagick* +private-etc ImageMagick-7 diff --git a/sys-apps/firejail/files/profile_patch.local b/sys-apps/firejail/files/profile_patch.local new file mode 100644 index 000000000000..24fe0c43b516 --- /dev/null +++ b/sys-apps/firejail/files/profile_patch.local @@ -0,0 +1,8 @@ +private-bin /usr/bin/patch,red +ignore private-bin +# Needed so patch can write under /var/tmp/portage/ +writable-var +read-write /var/tmp/portage +whitelist /var/tmp/portage + +private-lib libsandbox.so* diff --git a/sys-apps/firejail/files/profile_pdftotext.local b/sys-apps/firejail/files/profile_pdftotext.local new file mode 100644 index 000000000000..449e4787d5a8 --- /dev/null +++ b/sys-apps/firejail/files/profile_pdftotext.local @@ -0,0 +1,2 @@ +private-etc alternatives,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload +private-lib gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.* diff --git a/sys-apps/firejail/files/profile_wget.local b/sys-apps/firejail/files/profile_wget.local new file mode 100644 index 000000000000..4b1d5b50a2b7 --- /dev/null +++ b/sys-apps/firejail/files/profile_wget.local @@ -0,0 +1,5 @@ +# Needed so that portage can wget into the distfile dir. +writable-var +whitelist /var/cache/distfiles + +private-bin /usr/bin/wget diff --git a/sys-apps/firejail/firejail-0.9.50.ebuild b/sys-apps/firejail/firejail-0.9.50.ebuild deleted file mode 100644 index 85b81b1bd4d5..000000000000 --- a/sys-apps/firejail/firejail-0.9.50.ebuild +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit eutils - -DESCRIPTION="Security sandbox for any type of processes" -HOMEPAGE="https://firejail.wordpress.com/" -SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 ~x86" -IUSE="apparmor +bind +chroot contrib +file-transfer +network - network-restricted +seccomp +userns x11" - -DEPEND="!sys-apps/firejail-lts - apparmor? ( sys-libs/libapparmor )" -RDEPEND="${DEPEND} - x11? ( x11-wm/xpra[client,server] )" - -PATCHES=( "${FILESDIR}/${PV}-contrib-fix.patch" ) - -RESTRICT=test - -src_prepare() { - default - find -name Makefile.in -exec sed -i -r \ - -e '/^\tinstall .*COPYING /d' \ - -e '/CFLAGS/s: (-O2|-ggdb) : :g' \ - -e '1iCC=@CC@' {} + || die -} - -src_configure() { - local myeconfargs=( - $(use_enable apparmor) - $(use_enable bind) - $(use_enable chroot) - $(use_enable contrib contrib-install) - $(use_enable file-transfer) - $(use_enable network) - $(use_enable seccomp) - $(use_enable userns) - $(use_enable x11) - ) - use network-restricted && myeconfargs+=( --enable-network=restricted ) - econf "${myeconfargs[@]}" -} diff --git a/sys-apps/firejail/firejail-0.9.60-r1.ebuild b/sys-apps/firejail/firejail-0.9.60-r1.ebuild deleted file mode 100644 index c8262c74d0d9..000000000000 --- a/sys-apps/firejail/firejail-0.9.60-r1.ebuild +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -DESCRIPTION="Security sandbox for any type of processes" -HOMEPAGE="https://firejail.wordpress.com/" - -SRC_URI="https://github.com/netblue30/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="apparmor +chroot contrib debug +file-transfer +globalcfg +network +overlayfs +private-home +seccomp +suid test +userns vim-syntax +whitelist x11" - -DEPEND="!sys-apps/firejail-lts - apparmor? ( sys-libs/libapparmor ) - test? ( dev-tcltk/expect )" - -RDEPEND="apparmor? ( sys-libs/libapparmor )" - -RESTRICT="test" - -PATCHES=( "${FILESDIR}/${PN}-compressed-manpages.patch" ) - -src_prepare() { - default - - find ./contrib -type f -name '*.py' | xargs sed --in-place 's-#!/usr/bin/python3-#!/usr/bin/env python3-g' || die - - find -type f -name Makefile.in | xargs sed --in-place --regexp-extended \ - --expression='/^\tinstall .*COPYING /d' \ - --expression='/CFLAGS/s: (-O2|-ggdb) : :g' || die - - sed --in-place --regexp-extended '/CFLAGS/s: (-O2|-ggdb) : :g' ./src/common.mk.in || die -} - -src_configure() { - econf \ - $(use_enable apparmor) \ - $(use_enable chroot) \ - $(use_enable contrib contrib-install) \ - $(use_enable file-transfer) \ - $(use_enable globalcfg) \ - $(use_enable network) \ - $(use_enable overlayfs) \ - $(use_enable private-home) \ - $(use_enable seccomp) \ - $(use_enable suid) \ - $(use_enable userns) \ - $(use_enable whitelist) \ - $(use_enable x11) -} - -src_install() { - default - - if use vim-syntax; then - insinto /usr/share/vim/vimfiles/ftdetect - doins contrib/vim/ftdetect/firejail.vim - - insinto /usr/share/vim/vimfiles/syntax - doins contrib/vim/syntax/firejail.vim - fi -} diff --git a/sys-apps/firejail/firejail-0.9.72.ebuild b/sys-apps/firejail/firejail-0.9.72.ebuild new file mode 100644 index 000000000000..a778a5a44e7c --- /dev/null +++ b/sys-apps/firejail/firejail-0.9.72.ebuild @@ -0,0 +1,138 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) + +inherit toolchain-funcs python-single-r1 linux-info + +DESCRIPTION="Security sandbox for any type of processes" +HOMEPAGE="https://firejail.wordpress.com/" + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/netblue30/firejail.git" + EGIT_BRANCH="master" + inherit git-r3 +else + SRC_URI="https://github.com/netblue30/${PN}/releases/download/${PV}/${P}.tar.xz" + KEYWORDS="amd64 ~arm ~arm64 ~x86" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home selinux test +userns X" +REQUIRED_USE="contrib? ( ${PYTHON_REQUIRED_USE} )" +# Needs a lot of work to function within sandbox/portage. Can look at the alternative +# test targets in Makefile too, bug #769731 +RESTRICT="test" + +RDEPEND=" + !sys-apps/firejail-lts + apparmor? ( sys-libs/libapparmor ) + contrib? ( ${PYTHON_DEPS} ) + dbusproxy? ( sys-apps/xdg-dbus-proxy ) + selinux? ( sys-libs/libselinux ) +" +DEPEND=" + ${RDEPEND} + sys-libs/libseccomp + test? ( dev-tcltk/expect ) +" + +PATCHES=( + "${FILESDIR}/${PN}-0.9.70-envlimits.patch" + "${FILESDIR}/${PN}-0.9.70-firecfg.config.patch" +) + +pkg_setup() { + CONFIG_CHECK="~SQUASHFS" + local ERROR_SQUASHFS="CONFIG_SQUASHFS: required for firejail --appimage mode" + check_extra_config + + use contrib && python-single-r1_pkg_setup +} + +src_prepare() { + default + + # Our toolchain already sets SSP by default but forcing it causes problems + # on arches which don't support it. As for F_S, we again set it by defualt + # in our toolchain, but forcing F_S=2 is actually a downgrade if 3 is set. + sed -i \ + -e 's:-fstack-protector-all::' \ + -e 's:-D_FORTIFY_SOURCE=2::' \ + src/so.mk src/prog.mk || die + + find -type f -name Makefile -exec sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' {} + || die + + # Fix up hardcoded paths to templates and docs + local files=$(grep -E -l -r '/usr/share/doc/firejail([^-]|$)' ./RELNOTES ./src/man/ ./etc/profile*/ ./test/ || die) + for file in ${files[@]} ; do + sed -i -r -e "s:/usr/share/doc/firejail([^-]|\$):/usr/share/doc/${PF}\1:" "${file}" || die + done + + # remove compression of man pages + sed -i -r -e '/rm -f \$\$man.gz; \\/d; /gzip -9n \$\$man; \\/d; s|\*\.([[:digit:]])\) install -m 0644 \$\$man\.gz|\*\.\1\) install -m 0644 \$\$man|g' Makefile || die + + if use contrib; then + python_fix_shebang -f contrib/*.py + fi +} + +src_configure() { + local myeconfargs=( + --disable-fatal-warnings + --disable-firetunnel + --disable-lts + --enable-suid + $(use_enable apparmor) + $(use_enable chroot) + $(use_enable dbusproxy) + $(use_enable file-transfer) + $(use_enable globalcfg) + $(use_enable network) + $(use_enable private-home) + $(use_enable selinux) + $(use_enable userns) + $(use_enable X x11) + ) + + econf "${myeconfargs[@]}" + + cat > 99firejail <<-EOF || die + SANDBOX_WRITE="/run/firejail" + EOF +} + +src_compile() { + emake CC="$(tc-getCC)" +} + +src_test() { + emake test-utils test-sysutils +} + +src_install() { + default + + # Gentoo-specific profile customizations + insinto /etc/${PN} + local profile_local + for profile_local in "${FILESDIR}"/profile_*local ; do + newins "${profile_local}" "${profile_local/\/*profile_/}" + done + + # Prevent sandbox violations when toolchain is firejailed + insinto /etc/sandbox.d + doins 99firejail + + rm "${ED}"/usr/share/doc/${PF}/COPYING || die + + if use contrib; then + python_scriptinto /usr/$(get_libdir)/firejail + python_doscript contrib/*.py + insinto /usr/$(get_libdir)/firejail + dobin contrib/*.sh + fi +} diff --git a/sys-apps/firejail/firejail-9999.ebuild b/sys-apps/firejail/firejail-9999.ebuild deleted file mode 100644 index f47575ac444f..000000000000 --- a/sys-apps/firejail/firejail-9999.ebuild +++ /dev/null @@ -1,75 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -if [[ ${PV} != 9999 ]]; then - KEYWORDS="~amd64 ~x86" - SRC_URI="https://github.com/netblue30/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" -else - inherit git-r3 - EGIT_REPO_URI="https://github.com/netblue30/firejail.git" - EGIT_BRANCH="master" -fi - -DESCRIPTION="Security sandbox for any type of processes" -HOMEPAGE="https://firejail.wordpress.com/" - -LICENSE="GPL-2" -SLOT="0" -IUSE="apparmor +chroot contrib debug +file-transfer +globalcfg +network +overlayfs +private-home +seccomp +suid test +userns vim-syntax +whitelist x11" - -DEPEND="!sys-apps/firejail-lts - apparmor? ( sys-libs/libapparmor ) - test? ( dev-tcltk/expect )" - -RDEPEND="apparmor? ( sys-libs/libapparmor )" - -# TODO: enable tests -RESTRICT="test" - -src_prepare() { - default - - find ./contrib -type f -name '*.py' | xargs sed --in-place 's-#!/usr/bin/python3-#!/usr/bin/env python3-g' || die - - find -type f -name Makefile.in | xargs sed --in-place --regexp-extended \ - --expression='/^\tinstall .*COPYING /d' \ - --expression='/CFLAGS/s: (-O2|-ggdb) : :g' || die - - sed --in-place --regexp-extended '/CFLAGS/s: (-O2|-ggdb) : :g' ./src/common.mk.in || die - - # remove compression of man pages - sed --in-place '/gzip -9n $$man; \\/d' Makefile.in || die - sed --in-place '/rm -f $$man.gz; \\/d' Makefile.in || die - sed --in-place --regexp-extended 's|\*\.([[:digit:]])\) install -c -m 0644 \$\$man\.gz|\*\.\1\) install -c -m 0644 \$\$man|g' Makefile.in || die -} - -src_configure() { - econf \ - $(use_enable apparmor) \ - $(use_enable chroot) \ - $(use_enable contrib contrib-install) \ - $(use_enable file-transfer) \ - $(use_enable globalcfg) \ - $(use_enable network) \ - $(use_enable overlayfs) \ - $(use_enable private-home) \ - $(use_enable seccomp) \ - $(use_enable suid) \ - $(use_enable userns) \ - $(use_enable whitelist) \ - $(use_enable x11) -} - -src_install() { - default - - if use vim-syntax; then - insinto /usr/share/vim/vimfiles/ftdetect - doins contrib/vim/ftdetect/firejail.vim - - insinto /usr/share/vim/vimfiles/syntax - doins contrib/vim/syntax/firejail.vim - fi -} diff --git a/sys-apps/firejail/metadata.xml b/sys-apps/firejail/metadata.xml index 3af2a06d7a1d..ee1cc2f6e7bb 100644 --- a/sys-apps/firejail/metadata.xml +++ b/sys-apps/firejail/metadata.xml @@ -1,36 +1,34 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> - <maintainer type="person"> - <email>expeditioneer@gentoo.org</email> - <name>Dennis Lamm</name> + <maintainer type="person" proxied="yes"> + <email>hlein@korelogic.com</email> + <name>Hank Leininger</name> + </maintainer> + <maintainer type="project" proxied="proxy"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> </maintainer> <longdescription lang="en"> Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table. - - This is the regular version. For a long term support version see sys-apps/firejail-lts. </longdescription> <upstream> + <remote-id type="cpe">cpe:/a:firejail_project:firejail</remote-id> <remote-id type="github">netblue30/firejail</remote-id> </upstream> <use> <flag name="apparmor">Enable support for custom AppArmor profiles</flag> - <flag name="bind">Enable custom bind mounts</flag> <flag name="chroot">Enable chrooting to custom directory</flag> <flag name="contrib">Install contrib scripts</flag> + <flag name="dbusproxy">Enable DBus proxying to filter access in supporting profiles</flag> <flag name="file-transfer">Enable file transfers between sandboxes and the host system</flag> <flag name="globalcfg">Enable global config file</flag> <flag name="network">Enable networking features</flag> - <flag name="network-restricted">Grant access to --interface, --net=ethXXX and --netfilter only to root user; - regular users are only allowed --net=none</flag> - <flag name="overlayfs">Enable overlayfs</flag> <flag name="private-home">Enable private home feature</flag> - <flag name="seccomp">Enable system call filtering</flag> <flag name="userns">Enable attaching a new user namespace to a sandbox (--noroot option)</flag> - <flag name="whitelist">Enable whitelist</flag> - <flag name="x11">Enable X11 sandboxing</flag> + <flag name="X">Enable X11 sandboxing</flag> </use> </pkgmetadata> |