| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.0 to 3.23.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/e5f05b81d5b6ff8cfa111c80c22c5fd02a384118...0b21cf2492b6b02c465a3e5d7c473717ad7721ba)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
| |
Relates to #5245 #6153 #6158 #6159.
|
|\
| |
| | |
build: use full paths on compile/link targets
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes the compile commands clearer when building in parallel (with
`make -j`) and ensures that `__FILE__` includes the full build-time path
(relative to the root of the repository) whenever it is referenced, such
as in failed assert() messages (currently the full path is only shown in
errExit() messages). Example:
Before:
firejail: main.c:100: main: Assertion `1 == 2' failed.
Error src/firecfg/main.c:100: main: malloc: Cannot allocate memory
After:
firejail: ../../src/firejail/main.c:100: main: Assertion `1 == 2' failed.
Error ../../src/firecfg/main.c:100: main: malloc: Cannot allocate memory
Commands used to search and replace:
$ git grep -Ilz '^MOD_DIR =' -- '*Makefile' | xargs -0 -I '{}' \
sh -c "printf '%s\n' \"\$(sed -E \
-e 's|^MOD_DIR = src/(.*)|MOD = \\1\\nMOD_DIR = \$(ROOT)/src/\$(MOD)|' \
-e 's:^(PROG|SO) = [^.]+(\.so)?$:\\1 = \$(MOD_DIR)/\$(MOD)\2:' \
'{}')\" >'{}'"
$ git grep -Ilz '^HDRS :=' -- '*.mk' | xargs -0 -I '{}' \
sh -c "printf '%s\n' \"\$(sed -E \
-e 's|wildcard (\*\..)|wildcard \$(MOD_DIR)/\\1|' '{}')\" >'{}'"
Note: config.mk.in, src/fnettrace/Makefile and src/include/common.h were
edited manually.
This is a follow-up to #5871.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make it more similar to the assert() message format for consistency.
Example:
Before:
firejail: main.c:100: main: Assertion `1 == 2' failed.
Error src/firecfg/main.c:100 main(): malloc: Cannot allocate memory
After:
firejail: main.c:100: main: Assertion `1 == 2' failed.
Error src/firecfg/main.c:100: main: malloc: Cannot allocate memory
This amends commit b963fe41a ("Improve errExit error messages",
2023-06-16) / PR #5871.
|
|\ \
| | |
| | | |
build: use CPPFLAGS instead of INCLUDE in compile targets
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
With this, CFLAGS and CPPFLAGS are used when compiling and LDFLAGS when
linking, just like in the built-in GNU make rules. From `make -p`:
COMPILE.c = $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c
LINK.c = $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $(TARGET_ARCH)
LINK.o = $(CC) $(LDFLAGS) $(TARGET_ARCH)
Note: It is unclear where the `INCLUDE` variable comes from; it is not
documented in autoconf nor GNU make and automake (which itself is not
used in this repository) only mentions `INCLUDES`:
`INCLUDES`
This does the same job as `AM_CPPFLAGS` (or any per-target
`_CPPFLAGS` variable if it is used). It is an older name for
the same functionality. This variable is deprecated; we
suggest using `AM_CPPFLAGS` and per-target `_CPPFLAGS` instead.
Environment: automake 1.16.5-2 and GNU make 4.4.1 on Artix Linux.
See also commit 671c3f249 ("build: actually set LDFLAGS and LIBS in
makefiles", 2022-11-30) / PR #5504.
|
|\ \
| | |
| | | |
firecfg: use ignorelist also for .profile/.desktop files
|
| | |
| | |
| | |
| | |
| | |
| | | |
Closes #5245.
Relates to #5876.
|
| | |
| | |
| | |
| | | |
And make it const.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes:
* Export `in_ignorelist` function
* Allow only building the ignorelist without setting the symlinks
* Rename the functions to reflect the above
* Add a function that parses all config files (`parse_config_all`)
Also, make sure that `parse_config_all` only parses config files once,
even if called multiple times.
Relates to #5876.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently it is only used when parsing the configuration files:
* /etc/firecfg.d/*.conf
* /etc/firecfg.config
Use it when searching for profile filenames as well:
* ~/.config/firejail/*.profile
Relates to #5876.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Committer note: For each profile there is both XXX-gtk and gtk-XXX (such
as lbry-viewer-gtk and gtk-lbry-viewer).
XXX-gtk is the symlink
gtk-XXX is the actual file
Co-authored-by: exponential <echo ZXhwb25lbnRpYWxtYXRyaXhAcHJvdG9ubWFpbC5jb20K | base64 -d>
|
| |/
|/|
| | |
Co-authored-by: exponential <echo ZXhwb25lbnRpYWxtYXRyaXhAcHJvdG9ubWFpbC5jb20K | base64 -d>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.23.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/012739e5082ff0c22ca6d6ab32e07c36df03c4a4...e5f05b81d5b6ff8cfa111c80c22c5fd02a384118)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To ensure that it includes luajit paths as well:
* /usr/share/lua
* /usr/share/luajit-2.1
And remove all entries of the same path without the wildcard, to avoid
redundancy.
Misc: The wildcard entries were added on commit 56b60dfd0 ("additional
Lua blacklisting (#3246)", 2020-02-24) and the entries without the
wildcard were partially removed on commit 721a984a5 ("Fix Lua in
disable-interpreters.inc", 2020-02-24).
This is a follow-up to #6128.
Reported-by: @pirate486743186
|
|
|
|
|
| |
Added on commit 2d8ff695a ("WIP: Blacklist common programming
interpreters. (#1837)", 2018-04-02).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.11 to 3.22.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/b374143c1149a9115d881581d29b8390bbcbb59c...012739e5082ff0c22ca6d6ab32e07c36df03c4a4)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
| |
Relates to #2097 #5876 #6032 #6078 #6109 #6115 #6125.
|
|
|
| |
gropdf (`man -Tpdf`) needs Perl (see #6142).
|
|
|
|
| |
Relates to #6104 #6126.
|
|
|
|
|
|
|
| |
Reverted by commit 8f33e7284 ("Revert "Lookup xauth in PATH."",
2023-12-13) / PR #6129.
Relates to #6006 #6087.
|
|
|
|
|
|
|
| |
For consistency; see the RELNOTES of version 0.9.68.
Added on commit db09546f2 ("remove LTS and FIRETUNNEL support",
2023-12-23).
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
Revert "Lookup xauth in PATH."
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 407c05ebefe23e725f858b6170b3e52659e044a2.
If --private-lib is used (and firejail is configured with
--enable-private-lib), the following error occurs:
$ firejail --quiet --noprofile --private-lib true
firejail: fs_lib.c:56: find_in_path: Assertion `geteuid() != 0' failed.
Error: proc 10000 cannot sync with peer: unexpected EOF
Peer 10001 unexpectedly killed (Segmentation fault)
Given that it causes an uid assertion failure, the logic appears to not
be correct and the current behavior may be unsafe, so for now revert
that commit until the issue is properly addressed.
Relates to #6006 #6087.
Fixes #6113.
|
|\ \
| | |
| | | |
mpv: whitelist /usr/share/mpv
|
| |/
| |
| |
| |
| |
| | |
Use case: You install scripts in `/usr/share/mpv` but they remain
inactive. You then symlink them to `/etc/mpv` to activate them if you
want.
|
|\ \
| | |
| | | |
build: mkrpm.sh: append instead of override configure args
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For consistency with mkdeb.sh.
Note: The default arguments and support for argument overriding was
added to to mkrpm.sh on commit 3d97332fd ("Add configure options when
building rpm (#3422)", 2020-05-19).
The support for appending arguments was added to mkdeb.sh on commit
9a0fbbd71 ("mkdeb.sh.in: pass remaining arguments to ./configure",
2022-05-13) / PR #5154.
|
|\ \
| | |
| | | |
landlock: move commands into profile and add landlock.enforce
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes:
* Move commands from --landlock and --landlock.proc= into
etc/inc/landlock-common.inc
* Remove --landlock and --landlock.proc=
* Add --landlock.enforce
Instead of hard-coding the default commands (and having a separate
command just for /proc), move them into a dedicated profile to make it
easier for users to interact with the entries (view, copy, add ignore
entries, etc).
Only enforce the Landlock commands if --landlock.enforce is supplied.
This allows safely adding Landlock commands to (upstream) profiles while
keeping their enforcement opt-in. It also makes it simpler to
effectively disable all Landlock commands, by using
`--ignore=landlock.enforce`.
Relates to #6078.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Avoid checking if Landlock is supported in ll_add_profile(), as it may
result in a warning being printed in ll_is_supported() in the next
commit.
Relates to #6078.
|
| | |
| | |
| | |
| | | |
Relates to #6078.
|
| |/
| |
| |
| |
| |
| |
| | |
This includes macros such as `${HOME}` and `${RUNUSER}`, but not
`${PATH}`, which may expand to multiple strings.
Relates to #6078.
|
|\ \
| | |
| | | |
minecraft-launcher.profile: allow keyring access
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.9 to 3.22.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2...b374143c1149a9115d881581d29b8390bbcbb59c)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| | |
Some plugins may require it[1]:
error: os_dlopen([...]): libluajit-5.1.so.2: [...]: Permission denied
warning: Module '/usr//lib/obs-plugins/frontend-tools.so' not loaded
[1] https://github.com/netblue30/firejail/issues/6130#issue-2040800338
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The build on Alpine fails due to `__u32` not being defined. It seems
that musl itself does not define it, so linux/types.h would have to be
included (for example, by including linux/landlock.h).
Error from `build_src_package`[1]:
make -C src/firejail/
make[1]: Entering directory '/builds/Firejail/firejail_ci/src/firejail'
gcc [...] -DMOD_DIR='"src/firejail"' [...] -c appimage.c -o appimage.o
In file included from appimage.c:23:
firejail.h:977:17: error: unknown type name '__u32'
977 | int ll_restrict(__u32 flags);
| ^~~~~
make[1]: Leaving directory '/builds/Firejail/firejail_ci/src/firejail'
make[1]: *** [../../src/prog.mk:16: appimage.o] Error 1
make: *** [Makefile:58: src/firejail/firejail] Error 2
This amends commit 13b2c566d ("feature: add Landlock support",
2023-10-24) / PR #6078.
[1] https://gitlab.com/Firejail/firejail_ci/-/jobs/5729692038
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changes:
* Print everything to stderr (to ensure that the messages are shown in
order)
* Print debug messages at the beginning of most functions
* Include the function name and access flags used
Relates to #6078.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
curl supports several locations for the rc file according to its man
page:
[...]
When curl is invoked, it (unless -q, --disable is used) checks for a
default config file and uses it if found, even when -K, --config is
used. The default config file is checked for in the following places in
this order:
1) "$CURL_HOME/.curlrc"
2) "$XDG_CONFIG_HOME/curlrc" (Added in 7.73.0)
3) "$HOME/.curlrc"
[...]
|
| | |
|