--- compartment-1.1.0.orig/Makefile +++ compartment-1.1.0/Makefile @@ -1,10 +1,11 @@ CC=gcc OPTS=-Wall -O2 -BIN_DIR=/usr/sbin +PREFIX=/usr +BIN_DIR=${PREFIX}/sbin BIN_LIST=compartment -DOC_DIR=/usr/doc/packages/compartment +DOC_DIR=${PREFIX}/doc/packages/compartment DOC_LIST=README LICENCE CHANGES TODO -MAN_DIR=/usr/share/man/man1 +MAN_DIR=${PREFIX}/share/man/man1 MAN_LIST=compartment.1 all: compartment @@ -16,9 +17,14 @@ clean: rm -f ${BIN_LIST} core *~ -install: compartment +install: install-doc install-bin + +install-bin: compartment install -o root -g root -m 751 ${BIN_LIST} ${BIN_DIR} + +install-doc: install -d -o root -g root -m 755 ${DOC_DIR} install -o root -g root -m 644 ${DOC_LIST} ${DOC_DIR} install -d -o root -g root -m 755 ${MAN_DIR} install -o root -g root -m 644 ${MAN_LIST} ${MAN_DIR} + --- compartment-1.1.0.orig/compartment.1 +++ compartment-1.1.0/compartment.1 @@ -12,7 +12,7 @@ .SH DESCRIPTION The -.I SuSE Secure Compartment +.I Secure Compartment was designed to allow safe execution of priviliged and/or untrusted executables and services. It has got all features possible included, which can be used to minimize the risk of a trojanized or vulnerable program/service. @@ -107,6 +107,9 @@ an RPM file from the SuSE FTP servers. It can also be downloaded as a .tar.gz file from .I http://www.suse.de/~marc +.PP +It has been also part of the Debian GNU/Linux distribution since just +after woody (Debian 3.0) .SH LICENCE .Sp @@ -125,4 +128,4 @@ .I chroot (1), .I chroot -(2) \ No newline at end of file +(2) --- compartment-1.1.0.orig/debian/docs +++ compartment-1.1.0/debian/docs @@ -0,0 +1,2 @@ +README +TODO --- compartment-1.1.0.orig/debian/changelog +++ compartment-1.1.0/debian/changelog @@ -0,0 +1,62 @@ +compartment (1.1.0-3) unstable; urgency=low + + * Fix typo in package description (Closes: #363212) + * Use debhelper compatibility version 4 + * Bump standard versions (no changes needed) + + -- Javier Fernandez-Sanguino Pen~a Sun, 30 Apr 2006 13:01:14 +0200 + +compartment (1.1.0-2) unstable; urgency=low + + * Fix a FTBFS whe compiling with gcc-4 with a patch provided by + Andreas Jochens (Closes: #285596) + * Use dh_installman instead of dh_installmanpages + * Update FSF's address in debian/copyright + + -- Javier Fernandez-Sanguino Pen~a Fri, 25 Feb 2005 01:22:10 +0100 + +compartment (1.1.0-1) unstable; urgency=low + + * Forced bump of source version in order to remove binary from the + original sources (Closes: #222515) + * Fixed debian/copyright (proper GPL notice) + + -- Javier Fernandez-Sanguino Pen~a Wed, 24 Dec 2003 13:43:49 +0100 + +compartment (1.1-5) unstable; urgency=low + + * Updated Standard-Version + * Remove dh_make boilerplate + + -- Javier Fernandez-Sanguino Pen~a Tue, 28 Oct 2003 02:23:45 +0100 + +compartment (1.1-4) unstable; urgency=low + + * Removed multiline strings from compartment.c to compile properly + with gcc-3.3 (Closes: #194887) + + -- Javier Fernandez-Sanguino Pen~a Tue, 27 May 2003 23:34:01 +0200 + +compartment (1.1-3) unstable; urgency=low + + * Fixed maintainer field (missing a ~) + + -- Javier Fernandez-Sanguino Pen~a Mon, 27 May 2002 18:14:33 +0200 + +compartment (1.1-2) unstable; urgency=low + + * Fixed description (Closes: #147758) + + -- Javier Fernandez-Sanguino Pen~a Mon, 27 May 2002 17:40:28 +0200 + +compartment (1.1-1) unstable; urgency=low + + * Initial Release (Closes: #117997) + * Modified the Makefile so binaries are installed independently + * Added information on Debian on the manpage + * Small change to the sources so that logs appear with just + plain compartment. + + -- Javier Fernandez-Sanguino Pen~a Thu, 2 May 2002 01:33:20 +0200 + + --- compartment-1.1.0.orig/debian/control +++ compartment-1.1.0/debian/control @@ -0,0 +1,15 @@ +Source: compartment +Section: admin +Priority: optional +Maintainer: Javier Fernandez-Sanguino Pen~a +Build-Depends: debhelper +Standards-Version: 3.6.2 + +Package: compartment +Architecture: any +Depends: ${shlibs:Depends} +Description: Confine services in a limited environment + Compartment was designed to allow safe execution of privileged + and/or untrusted executables and services. It has got all possible + features included, which can be used to minimize the risk of a + trojanized or vulnerable program/service. --- compartment-1.1.0.orig/debian/copyright +++ compartment-1.1.0/debian/copyright @@ -0,0 +1,27 @@ +This package was debianized by +Javier Fernandez-Sanguino Pena +Fri, 14 Sep 2001 20:17:25 +0200. + +It was downloaded from http://www.suse.de/~marc/ + +Upstream Author: Marc Heuse + +Copyright: (c) 2001 by Marc Heuse + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, + MA 02111-1307 USA + +You can find a copy of it in your Debian system under +/usr/share/common-licenses/GPL-2 --- compartment-1.1.0.orig/debian/README.Debian +++ compartment-1.1.0/debian/README.Debian @@ -0,0 +1,7 @@ +compartment for Debian +---------------------- + +This package could be use to CHROOT some daemons in Debian, however, +that feature is not currently provided. + + -- Javier Fernandez-Sanguino Pen~a , Fri, 14 Sep 2001 20:17:25 +0200 --- compartment-1.1.0.orig/debian/rules +++ compartment-1.1.0/debian/rules @@ -0,0 +1,66 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatability version to use. +export DH_COMPAT=4 + +build: build-stamp +build-stamp: + dh_testdir + + + # Add here commands to compile the package. + #$(MAKE) + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + + # Add here commands to clean up after the build process. + -$(MAKE) clean + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/compartment + $(MAKE) install-bin PREFIX=`pwd`/debian/compartment/usr + + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install +# dh_testversion + dh_testdir + dh_testroot + dh_installdocs + dh_installexamples + dh_installmenu + dh_installman compartment.1 + dh_installchangelogs CHANGES + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- compartment-1.1.0.orig/debian/dirs +++ compartment-1.1.0/debian/dirs @@ -0,0 +1 @@ +usr/sbin --- compartment-1.1.0.orig/compartment.c +++ compartment-1.1.0/compartment.c @@ -35,7 +35,7 @@ #include #include -#define PROGRAM_NAME "SuSE secure compartment" +#define PROGRAM_NAME "Secure compartment" #define VERSION "v1.1" #define AUTHOR "Marc Heuse " #define POINTER "http://www.suse.de/~marc" @@ -74,18 +74,7 @@ void help() { fprintf(stderr, "%s %s %s %s\n\n", PROGRAM_NAME, VERSION, AUTHOR, POINTER); fprintf(stderr, "Syntax: %s [options] /full/path/to/program\n", prg); - fprintf(stderr, "Options: -\t --chroot path\t chroot to path -\t --user user\t change uid to this user -\t --group group\t change gid to this group -\t --init program\t execute this program/script before doing anything -\t --cap capset\t set capset name. This option can be used several times. -\t --verbose\t be verbose -\t --quiet\t do no logging (to syslog) -\t --fork\t\t fork (if everything is fine) -\nHints: always try to chroot; use --user&group if possible; chroot and chown all -files to another user than root if you use capabilties. Read the README file! -\nKnown capset names: none"); + fprintf(stderr, "Options:\n\t --chroot path\t chroot to path\n\t --user user\t change uid to this user\n\t --group group\t change gid to this group\n\t --init program\t execute this program/script before doing anything\n\t --cap capset\t set capset name. This option can be used several times.\n\t --verbose\t be verbose\n\t --quiet\t do no logging (to syslog)\n\t --fork\t\t fork (if everything is fine)\n\nHints: always try to chroot; use --user&group if possible; chroot and chown all\nfiles to another user than root if you use capabilties. Read the README file!\n\nKnown capset names: none"); tmp = 0; while(strlen(cap_set_names[tmp])>0) fprintf(stderr," %s",cap_set_names[tmp++]); @@ -173,13 +162,13 @@ help(); my_secure(); - openlog("SuSEcompartment", LOG_PID, LOG_DAEMON); + openlog("compartment", LOG_PID, LOG_DAEMON); if (sizeof(uid_t) == 4) { - (unsigned long int) uidrange = 65535; + uidrange = 65535; } else { if (sizeof(uid_t) == 8) { - (unsigned long int) uidrange = (unsigned long int) 2147483646; //4294967295; + uidrange = (unsigned long int) 2147483646; //4294967295; } else - fprintf(stderr, "Warning: weird uid size: %d\n", sizeof(uid_t)); + fprintf(stderr, "Warning: weird uid size: %ld\n", sizeof(uid_t)); } program_params = 1; @@ -418,11 +407,7 @@ if (access(_argv[0], X_OK) < 0) print_msg("Execute bit missing, or no permissions to execute %s\n", _argv[0]); else - print_msg("Could not properly execute %s - the chroot environment might not be -set up correctly: -Create the directories /etc and /lib in chroot_dir and run \"ldd %s\" -to see which libraries are needed. Copy these to chroot_dir/lib, then chdir to -chroot_dir and execute \"ldconfig -X -r .\"\n", _argv[0], _argv[0]); + print_msg("Could not properly execute %s - the chroot environment might not be\nset up correctly:\nCreate the directories /etc and /lib in chroot_dir and run \"ldd %s\"\nto see which libraries are needed. Copy these to chroot_dir/lib, then chdir to\nchroot_dir and execute \"ldconfig -X -r .\"\n", _argv[0], _argv[0]); } return 1;