[PATCH] gnu: Add firejail.

  • Done
  • quality assurance status badge
Details
2 participants
  • kiasoc5
  • Ludovic Courtès
Owner
unassigned
Submitted by
kiasoc5
Severity
normal

Debbugs page

kiasoc5 wrote 2 years ago
(address . guix-patches@gnu.org)(name . kiasoc5)(address . kiasoc5@disroot.org)
9d5b11ec067f815f252235b8d67050a865b98727.1687308888.git.kiasoc5@disroot.org
Firejail compiles ok, but I'm currently unable to test this on Guix system, so I don't know if any other patching is required to make it work as expected.

* gnu/packages/linux.scm (firejail): New variable.
---
gnu/packages/linux.scm | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)

Toggle diff (44 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 52fb883467..fe22412fbc 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -10135,6 +10135,35 @@ (define-public kconfig-hardened-check
This tool supports checking Kconfig options and kernel cmdline parameters.")
(license license:gpl3)))
+(define-public firejail
+ (package
+ (name "firejail")
+ (version "0.9.72")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/netblue30/firejail/releases/download/" version
+ "/firejail-" version
+ ".tar.xz" ))
+ (sha256
+ (base32
+ "1x77xy1mwfgjrcsymdda82bjnqgl7z2yymcb10mzd1zwik27gqc2"))))
+ (arguments
+ (list #:phases
+ #~(modify-phases %standard-phases
+ (replace 'check
+ (lambda* (#:key tests? #:allow-other-keys)
+ (when tests?
+ (with-directory-excursion "test"
+ (invoke "make"))))))))
+ (build-system gnu-build-system)
+ (inputs
+ (list apparmor xdg-dbus-proxy))
+ (synopsis "Linux namespaces sandbox program")
+ (description
+ "Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities. The software includes sandbox profiles for a number of common Linux programs. Firejail should be added to the list of setuid programs in the system configuration to work properly.")
+ (home-page "https://github.com/netblue30/firejail")
+ (license license:gpl2)))
+
(define-public edac-utils
(package
(name "edac-utils")

base-commit: 1a0ff5cd83d3257efcab64740a1322de51fbc4a1
--
2.41.0
kiasoc5 wrote 2 years ago
[PATCH v2] gnu: Add firejail.
(address . 64199@debbugs.gnu.org)(name . kiasoc5)(address . kiasoc5@disroot.org)
a7ce136908a578cee31a9add7bf99cfcd548d836.1687309254.git.kiasoc5@disroot.org
Forgot to add apparmor use-module.

* gnu/packages/linux.scm (firejail): New variable.
---
gnu/packages/linux.scm | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)

Toggle diff (52 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 52fb883467..e7576475bc 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -95,6 +95,7 @@ (define-module (gnu packages linux)
#:use-module (gnu packages acl)
#:use-module (gnu packages admin)
#:use-module (gnu packages algebra)
+ #:use-module (gnu packages apparmor)
#:use-module (gnu packages audio)
#:use-module (gnu packages autotools)
#:use-module (gnu packages avahi)
@@ -10135,6 +10136,35 @@ (define-public kconfig-hardened-check
This tool supports checking Kconfig options and kernel cmdline parameters.")
(license license:gpl3)))
+(define-public firejail
+ (package
+ (name "firejail")
+ (version "0.9.72")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/netblue30/firejail/releases/download/" version
+ "/firejail-" version
+ ".tar.xz" ))
+ (sha256
+ (base32
+ "1x77xy1mwfgjrcsymdda82bjnqgl7z2yymcb10mzd1zwik27gqc2"))))
+ (arguments
+ (list #:phases
+ #~(modify-phases %standard-phases
+ (replace 'check
+ (lambda* (#:key tests? #:allow-other-keys)
+ (when tests?
+ (with-directory-excursion "test"
+ (invoke "make"))))))))
+ (build-system gnu-build-system)
+ (inputs
+ (list apparmor xdg-dbus-proxy))
+ (synopsis "Linux namespaces sandbox program")
+ (description
+ "Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities. The software includes sandbox profiles for a number of common Linux programs. Firejail should be added to the list of setuid programs in the system configuration to work properly.")
+ (home-page "https://github.com/netblue30/firejail")
+ (license license:gpl2)))
+
(define-public edac-utils
(package
(name "edac-utils")

base-commit: 1a0ff5cd83d3257efcab64740a1322de51fbc4a1
--
2.41.0
Ludovic Courtès wrote 2 years ago
Re: bug#64199: [PATCH] gnu: Add firejail.
(name . kiasoc5)(address . kiasoc5@disroot.org)
87wmyxjug6.fsf_-_@gnu.org
kiasoc5 <kiasoc5@disroot.org> skribis:

Toggle quote (4 lines)
> Forgot to add apparmor use-module.
>
> * gnu/packages/linux.scm (firejail): New variable.

Hi! Applied with the changes below (‘gpl2+’ because source code headers
carry the “or any later version” wording).

Thanks,
Ludo’.
Toggle diff (36 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 18c69d8a61..39503de6ff 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -10172,9 +10172,9 @@ (define-public firejail
(version "0.9.72")
(source (origin
(method url-fetch)
- (uri (string-append "https://github.com/netblue30/firejail/releases/download/" version
- "/firejail-" version
- ".tar.xz" ))
+ (uri (string-append
+ "https://github.com/netblue30/firejail/releases/download/" version
+ "/firejail-" version ".tar.xz" ))
(sha256
(base32
"1x77xy1mwfgjrcsymdda82bjnqgl7z2yymcb10mzd1zwik27gqc2"))))
@@ -10191,9 +10191,16 @@ (define-public firejail
(list apparmor xdg-dbus-proxy))
(synopsis "Linux namespaces sandbox program")
(description
- "Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities. The software includes sandbox profiles for a number of common Linux programs. Firejail should be added to the list of setuid programs in the system configuration to work properly.")
+ "Firejail is a SUID sandbox program that reduces the risk of security
+breaches by restricting the running environment of untrusted applications
+using Linux namespaces, seccomp-bpf and Linux capabilities. The software
+includes sandbox profiles for a number of common Linux programs. Firejail
+should be added to the list of setuid programs in the system configuration to
+work properly.")
(home-page "https://github.com/netblue30/firejail")
- (license license:gpl2)))
+ (supported-systems
+ (filter (cut string-suffix? "-linux" <>) %supported-systems))
+ (license license:gpl2+)))
(define-public edac-utils
(package
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 64199@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 64199
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help