Your message dated Thu, 06 Aug 2015 03:34:41 +0000
with message-id <[email protected]>
and subject line Bug#789317: fixed in firejail 0.9.28-1
has caused the Debian Bug report #789317,
regarding firejail: add arm64?
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
789317: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789317
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: firejail
Version: 0.9.26-1
Severity: wishlist
Tags: patch
Bug #789163 claims that firejail "fails to build on several
architectures since seccomp isn't universally available on Linux":
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789163
I note, however, that libseccomp is available on arm64:
https://buildd.debian.org/status/package.php?p=libseccomp&suite=sid
I also note that firejail can be built on arm64 with this trivial
patch, attached.
So, should firejail be enabled on arm64? Or is something else
required?
diff -ru firejail-0.9.26.orig/src/firejail/seccomp.c firejail-0.9.26/src/firejail/seccomp.c
--- firejail-0.9.26.orig/src/firejail/seccomp.c
+++ firejail-0.9.26/src/firejail/seccomp.c
@@ -403,18 +403,31 @@
filter_add_blacklist(SYS_finit_module);
#endif
filter_add_blacklist(SYS_delete_module);
+#ifdef SYS_iopl
filter_add_blacklist(SYS_iopl);
+#endif
+#ifdef SYS_ioperm
filter_add_blacklist(SYS_ioperm);
+#endif
filter_add_blacklist(SYS_swapon);
filter_add_blacklist(SYS_swapoff);
filter_add_blacklist(SYS_syslog);
filter_add_blacklist(SYS_process_vm_readv);
filter_add_blacklist(SYS_process_vm_writev);
+#ifdef SYS_mknod
filter_add_blacklist(SYS_mknod);
+#endif
+#ifdef SYS_mknodat
+ filter_add_blacklist(SYS_mknodat);
+#endif
// new syscalls in 0.9,23
+#ifdef SYS_sysfs
filter_add_blacklist(SYS_sysfs);
+#endif
+#ifdef SYS__sysctl
filter_add_blacklist(SYS__sysctl);
+#endif
filter_add_blacklist(SYS_adjtimex);
filter_add_blacklist(SYS_clock_adjtime);
filter_add_blacklist(SYS_lookup_dcookie);
--- End Message ---
--- Begin Message ---
Source: firejail
Source-Version: 0.9.28-1
We believe that the bug you reported is fixed in the latest version of
firejail, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Reiner Herrmann <[email protected]> (supplier of updated firejail package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 05 Aug 2015 23:13:40 +0200
Source: firejail
Binary: firejail
Architecture: source amd64
Version: 0.9.28-1
Distribution: unstable
Urgency: low
Maintainer: Reiner Herrmann <[email protected]>
Changed-By: Reiner Herrmann <[email protected]>
Description:
firejail - sandbox to restrict the application environment
Closes: 789164 789317
Changes:
firejail (0.9.28-1) unstable; urgency=low
.
* New upstream release.
- Common include for blacklisted directories (Closes: #789164)
- Improved support for other architectures (Closes: #789317)
* Enabled all Linux architectures again.
* Removed unneeded debian/firejail.bash-completion file.
Checksums-Sha1:
057b27030d6328be228220de51d1ccce0da6589c 1730 firejail_0.9.28-1.dsc
b1b98375b8be005f96ae25b27131ae7015ab844a 137390 firejail_0.9.28.orig.tar.bz2
cdf80390cabeaa27edab1306d7f9181171034c3a 2528 firejail_0.9.28-1.debian.tar.xz
d5fced4ee0f9f794b50bc4c122dad2648130242a 105750 firejail_0.9.28-1_amd64.deb
Checksums-Sha256:
1f001fa0c128496590f717c82206c71130efc0dfb991862ce3783cdf61b30d32 1730
firejail_0.9.28-1.dsc
bd91888aff9abbfce0d2963c7d28bedf4362fd29976ca8ede80c6f59a3ac4cad 137390
firejail_0.9.28.orig.tar.bz2
7c13cfbcea25b08e1ce4e9afb27b90915d4f5b6e4d0ce4a00cfdef5fc25cf7a1 2528
firejail_0.9.28-1.debian.tar.xz
923875008a952554ac1c96a8fe5827afa923a757cc1835f5aa187fa01591c2e0 105750
firejail_0.9.28-1_amd64.deb
Files:
d07a5eb7d125d08d573d5a7c660d1329 1730 utils optional firejail_0.9.28-1.dsc
883bed618ddfa1a2b62dbc32af9ae08d 137390 utils optional
firejail_0.9.28.orig.tar.bz2
18483d950288547b8c73c80aa1a5a0ad 2528 utils optional
firejail_0.9.28-1.debian.tar.xz
7405cd28e3ef206713bd2bf6c0207cf3 105750 utils optional
firejail_0.9.28-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVwsv0AAoJENzjEOeGTMi/PdkP/RvGeebawDaojiYa3JbQ8dBO
jfq+ujQfToNNedkRdzQkgSC5QU988k7ZElk6RYTlHlp+PzB3ry4z44MhmB7/6v8v
uDbQTJU4VwG/rkegDz8xVvk+nq20/Tu+xN6/U001HNPvloY1qp/dkdUe4POSVLak
jeJG8kEBhbiwQoLBwMz2Mr5cgpxKk7xQH2g+JaJVxyqCz0l41JguNp9MaUIx22QJ
6fTXbr/5G7fAmpW0pazAq9MBD6Yn2Nmf55nCwtbV+oyItGcXO8rIGPMcjkcLb8f/
dPzLMSH8cZ4kTHmJebFDOfpY7NezwNoA6sXbBSy70Irhq81KWeRJ2EzCpcGuEwdB
WkGkKH16UdYNhipctfd6C1zYsyqOtD+n+wjaIFd0f2JbRDSqaLaOo5AyqLqm6q22
TVyhzXeK1TCjjDCGLGNOYA/zlMEDfkma8FuAVsYB5tIZvX8eg5EvaZphzvru+Z9I
DmWk9cNtceD912ycAM8iRFMqqmmdwNSOsxUmoQVDldoxTD3y8/1KBrsTOtD2IbjU
O9Cje7BWlF4vPH6l1N8NBUWkedhOQs7yFpsv/9yHvKo6G3VThkU0tRmtOmLPyij4
niunv0cNRVGuHEBn+ZqWJZ27/bI+ImAQVo2PF6yVm8UveIJ5H8otSla4WpyoRXoR
kZGjcoEVxfp7g89IcKgF
=4ndm
-----END PGP SIGNATURE-----
--- End Message ---
