commit firejail for openSUSE:Leap:15.2

Sun, 03 May 2020 23:23:10 -0700 

Hello community,

here is the log from the commit of package firejail for openSUSE:Leap:15.2 
checked in at 2020-05-04 08:22:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/firejail (Old)
 and      /work/SRC/openSUSE:Leap:15.2/.firejail.new.2738 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "firejail"

Mon May  4 08:22:54 2020 rev:3 rq:799906 version:0.9.62

Changes:
--------
--- /work/SRC/openSUSE:Leap:15.2/firejail/firejail.changes      2020-02-16 
18:31:06.274805455 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.firejail.new.2738/firejail.changes    
2020-05-04 08:22:58.268404849 +0200
@@ -1,0 +2,7 @@
+Wed Apr 29 11:30:38 UTC 2020 - Michael Vetter <[email protected]>
+
+- Add firejail-0.9.62-fix-usr-etc.patch:
+  Check /usr/etc not just /etc
+- Replace python interpreter line in sort.py
+
+-------------------------------------------------------------------

New:
----
  firejail-0.9.62-fix-usr-etc.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ firejail.spec ++++++
--- /var/tmp/diff_new_pack.NLY7q0/_old  2020-05-04 08:22:58.580405518 +0200
+++ /var/tmp/diff_new_pack.NLY7q0/_new  2020-05-04 08:22:58.584405527 +0200
@@ -25,6 +25,8 @@
 URL:            https://firejail.wordpress.com/
 Source0:        
http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz
 Source1:        
http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.xz.asc
+# PATCH-FIX-OPENSUSE firejail-0.9.62-fix-usr-etc.patch -- 
https://github.com/netblue30/firejail/issues/3145 two patches combined, source 
see file
+Patch0:         firejail-0.9.62-fix-usr-etc.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  libapparmor-devel
@@ -42,7 +44,8 @@
 
 %prep
 %setup -q
-sed -i '1s/^#!\/usr\/bin\/env /#!\/usr\/bin\//' contrib/fj-mkdeb.py 
contrib/fjclip.py contrib/fjdisplay.py contrib/fjresize.py
+%patch0 -p1
+sed -i '1s/^#!\/usr\/bin\/env /#!\/usr\/bin\//' contrib/fj-mkdeb.py 
contrib/fjclip.py contrib/fjdisplay.py contrib/fjresize.py contrib/sort.py
 
 %build
 %configure --docdir=%{_docdir}/%{name} \

++++++ firejail-0.9.62-fix-usr-etc.patch ++++++
>From 609be4fda2dda5557de864eba814c42fe2f40dca Mon Sep 17 00:00:00 2001
From: smitsohu <[email protected]>
Date: Sun, 9 Feb 2020 11:30:31 +0100
Subject: [PATCH] openSUSE fix: mount private-etc on /usr/etc as well

see issue #3145
---
 src/firejail/fs_etc.c  | 3 ++-
 src/firejail/sandbox.c | 1 +
 src/include/rundefs.h  | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index 7b7813926..76bcb751e 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -145,7 +145,8 @@ void fs_private_dir_list(const char *private_dir, const 
char *private_run_dir, c
        // nothing to do if directory does not exist
        struct stat s;
        if (stat(private_dir, &s) == -1) {
-               fmessage("Cannot find %s\n", private_dir);
+               if (arg_debug)
+                       printf("Cannot find %s\n", private_dir);
                return;
        }
 
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 96ad30bed..4f53cafcc 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -855,6 +855,7 @@ int sandbox(void* sandbox_arg) {
                        fwarning("private-etc feature is disabled in 
overlay\n");
                else {
                        fs_private_dir_list("/etc", RUN_ETC_DIR, 
cfg.etc_private_keep);
+                       fs_private_dir_list("/usr/etc", RUN_USR_ETC_DIR, 
cfg.etc_private_keep); // openSUSE
                        // create /etc/ld.so.preload file again
                        if (need_preload)
                                fs_trace_preload();
diff --git a/src/include/rundefs.h b/src/include/rundefs.h
index 7f9c68be2..1cfeee28d 100644
--- a/src/include/rundefs.h
+++ b/src/include/rundefs.h
@@ -42,6 +42,7 @@
 #define RUN_NONEWPRIVS_CFG             RUN_MNT_DIR "/nonewprivs"
 #define RUN_HOME_DIR                   RUN_MNT_DIR "/home"
 #define RUN_ETC_DIR                    RUN_MNT_DIR "/etc"
+#define RUN_USR_ETC_DIR                RUN_MNT_DIR "/usretc"
 #define RUN_OPT_DIR                    RUN_MNT_DIR "/opt"
 #define RUN_SRV_DIR                    RUN_MNT_DIR "/srv"
 #define RUN_BIN_DIR                    RUN_MNT_DIR "/bin"
>From cd184e9919bb67fb88ee6208c395682f5f0ba764 Mon Sep 17 00:00:00 2001
From: smitsohu <[email protected]>
Date: Sun, 9 Feb 2020 11:33:57 +0100
Subject: [PATCH] openSUSE fix: search login.defs in /usr/etc, too

see issue #3145
---
 src/lib/firejail_user.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/lib/firejail_user.c b/src/lib/firejail_user.c
index dbf2ca94b..2e03ce0e0 100644
--- a/src/lib/firejail_user.c
+++ b/src/lib/firejail_user.c
@@ -43,8 +43,11 @@ static void init_uid_gid_min(void) {
 
        // read the real values from login.def
        FILE *fp = fopen("/etc/login.defs", "r");
-       if (!fp)
-               goto errexit;
+       if (!fp) {
+               fp = fopen("/usr/etc/login.defs", "r"); // openSUSE
+               if (!fp)
+                       goto errexit;
+       }
 
        char buf[MAXBUF];
        while (fgets(buf, MAXBUF, fp)) {

Reply via email to