@@ -95,6 +95,7 @@ (define-module (gnu packages linux)
#:use-module (gnu packages acl)
#:use-module (gnu packages admin)
#:use-module (gnu packages algebra)
+ #:use-module (gnu packages apparmor)
#:use-module (gnu packages audio)
#:use-module (gnu packages autotools)
#:use-module (gnu packages avahi)
@@ -10135,6 +10136,35 @@ (define-public kconfig-hardened-check
This tool supports checking Kconfig options and kernel cmdline parameters.")
(license license:gpl3)))
+(define-public firejail
+ (package
+ (name "firejail")
+ (version "0.9.72")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/netblue30/firejail/releases/download/" version
+ "/firejail-" version
+ ".tar.xz" ))
+ (sha256
+ (base32
+ "1x77xy1mwfgjrcsymdda82bjnqgl7z2yymcb10mzd1zwik27gqc2"))))
+ (arguments
+ (list #:phases
+ #~(modify-phases %standard-phases
+ (replace 'check
+ (lambda* (#:key tests? #:allow-other-keys)
+ (when tests?
+ (with-directory-excursion "test"
+ (invoke "make"))))))))
+ (build-system gnu-build-system)
+ (inputs
+ (list apparmor xdg-dbus-proxy))
+ (synopsis "Linux namespaces sandbox program")
+ (description
+ "Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities. The software includes sandbox profiles for a number of common Linux programs. Firejail should be added to the list of setuid programs in the system configuration to work properly.")
+ (home-page "https://github.com/netblue30/firejail")
+ (license license:gpl2)))
+
(define-public edac-utils
(package
(name "edac-utils")