| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
|
| |
Closes https://github.com/netblue30/firejail/issues/5704
Signed-off-by: Marek Küthe <m.k@mk16.de>
|
| | |
|
| | |
|
| |\ |
|
| | |
| |
| | |
Co-authored-by: pirate486743186 <>
|
| |/ |
|
| | |
|
| |\ |
|
| | | |
|
| |/ |
|
| | |
|
| |\ |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.4 to 2.2.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/17573ee1cc1b9d061760f3a006fc4aac4f944fd5...32dc499307d133bb5085bae78498c0ac2cf762d5)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/18bf8ad2ca49c14cbb28b91346d626ccfb00c518...c8454efe5d0bdefd25384362fe217428ca277d57)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |/ |
|
| |
|
| |
Co-authored-by: pirate486743186 <>
|
| | |
|
| |
|
|
| |
Relates to #5674 #5677.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This partially reverts commit 375468008 ("docs: remove indents on
top-level lists and tables", 2023-02-01) from PR #5674.
Commands used to undo the changes:
$ f=.github/pull_request_template.md; \
git show 3754680087~1:"$f" >"$f"
I had assumed that a blank line after a list item would end the list
(and so I was confused by the amount of indentation used), but that is
apparently not the case. See the file rendered before/after the
commit[1] [2].
Relates to #2784.
Reported by @rusty-snake[3].
[1] https://github.com/netblue30/firejail/blob/f5d8d8cc7af8f8816c47623515babcefceb7e22f/.github/pull_request_template.md
[2] https://github.com/netblue30/firejail/blob/37546800876d977d77cc86d9b307f8cfa714c1dd/.github/pull_request_template.md
[3] https://github.com/netblue30/firejail/pull/5674#discussion_r1117892922
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As pointed out by @rusty-snake[1]:
> I think this is intentional to test if firejail can parse commands
> with leading spaces.
This amends commit b406b2420 ("tests: Fix mixed space/tabs indentation",
2023-02-19) / PR #5674.
Note: This is the only profile in test/ that the commit changed:
$ git show --pretty= --name-only b406b2420 -- test/
test/fs/private-whitelist.exp
test/network/firemon-route.exp
test/profiles/test2.profile
[1] https://github.com/netblue30/firejail/pull/5674#discussion_r1117891957
|
| |\ |
|
| | |\
| | |
| | | |
New profile: parsecd
|
| | | | |
|
| | | | |
|
| | |\ \
| | | |
| | | | |
build: Fix whitespace and add .editorconfig
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Commands used to list the file extensions used in the project:
$ git ls-files | sed -En 's/.*(\.[^.]+)$/\1/p' |
LC_ALL=C sort | uniq -c
For rules that are more specific to a given directory, put a dedicated
.editorconfig file in it.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes:
* Fix spaces being used for indentation in some lines in C
* Remove leading spaces before some goto labels
* Remove leading spaces before the start of some multiline comments
* Change leading spaces to tabs in some multiline macros
* Add missing asterisk to some multiline comments (to match other
multiline comments and because they are false positives in the
commands below)
Note: Leading spaces can be used for alignment (such as in function
parameters and function arguments in C) and for line continuation (such
as in long commands in shell scripts). However, in the above changes
the leading spaces are used for other reasons and do not seem to fit
with the style used.
Commands used to search for errors:
$ git grep -In '^ [^*]' | grep -E -v \
-e '(COPYING|README|RELNOTES|configure(.ac)?):' \
-e '^[^:]+.(md|yml|py):' -e '(bash|zsh)_completion/' \
-e '^contrib/syntax/' -e '^etc/templates/.*\.txt:' -e '^m4/' \
-e '^platform/debian/' -e '^src/man/.*\.txt:' \
-e '.*mkrpm.sh:' -e '.*extract_errnos.sh:'
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Almost all of the shell scripts in the repository use tabs for
indentation (or have no indentation at all):
$ git grep -Il '^\t' -- '*.sh' | wc -l
19
$ git grep -Il '^ ' -- '*.sh' | wc -l
5
$ git grep -IL '^[ \t]' -- '*.sh' | wc -l
25
So do the same in the few shell scripts that currently use spaces for
indentation.
Except for the following file:
* platform/rpm/mkrpm.sh
Not sure if it's following a packaging-specific scheme, so just fix the
one indentation inconsistency in it and otherwise leave it as is for
now.
Command used to search for shell scripts using spaces for indentation:
$ git grep -In '^ ' -- '*.sh'
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Command used to find the errors:
$ git grep -I '^ [^*]' -- test/
Misc: All of the affected files were added in 2016.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To match the common usage; see for example src/firejail/firejail.h.
Added on commit 960b4daba ("add tool to dump seccomp filters",
2020-02-17).
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This appears to be the only C file in the repository that uses spaces
for indentation.
Commands used to check for the above:
$ git grep '^ ' -- '*.c' '*.h'
Commands used to search and replace:
$ f=test/filters/namespaces.c; printf '%s\n' \
"$(sed 's/ /\t/g' "$f")" >"$f"
Note: The mmap call was aligned manually.
Added on commit 5116c1ced ("testing", 2022-12-24).
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
And the surrounding paragraphs.
Relates to #2784.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This fixes all of the "space before tab in indent" errors raised by git:
$ git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904..HEAD |
grep '^[^+]' | cut -f 3 -d : | LC_ALL=C sort | uniq -c
72 space before tab in indent.
Commands used to find the errors:
$ git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904..HEAD
$ git grep -In "$(printf '\t') "
Note: Unlike "space before tab in indent", the reverse ("space after tab
in indent") is not reported by git. That is because spaces could be
intentionally used for alignment or line continuation, but in some cases
they are being used for indentation together with tabs and in others the
formatting is misaligned. The second command was used to help find and
fix these other issues.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Git currently correctly detects them as binary; the changes are done to
avoid depending on the auto-detection and also for documentation.
Commands used to list all of the files that git detects as non-text
files:
$ git ls-files --eol | grep -e 'i/-text' -e 'w/-text'
i/-text w/-text attr/text=auto eol=lf etc-fixes/seccomp-join-bug/eecf35c-backports.zip
i/-text w/-text attr/text=auto eol=lf test/appimage/Leafpad-0.8.17-x86_64.AppImage
i/-text w/-text attr/text=auto eol=lf test/appimage/Leafpad-0.8.18.1.glibc2.4-x86_64.AppImage
i/-text w/-text attr/text=auto eol=lf test/filters/memwrexe
i/-text w/-text attr/text=auto eol=lf test/filters/memwrexe-32
i/-text w/-text attr/text=auto eol=lf test/filters/namespaces
i/-text w/-text attr/text=auto eol=lf test/filters/namespaces-32
Note: The committed seccomp filters do not have a file extension, so
ignore them for now.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This should make it easier to avoid whitespace errors, as long as the
editor used supports it (either natively or through a plugin).
See the editorconfig website for the editors that support it:
* https://editorconfig.org
Note: All text files appear to already be using LF and UTF-8 (or ASCII):
$ git ls-files --eol | grep -v -e '^i/lf w/lf' \
-e 'i/none w/none' -e 'i/-text w/-text'
i/ w/ attr/text=auto eol=lf ci/check/profiles/sort.py
$ git ls-files -z | xargs -0 file -i -h | sed 's/[^:]*: *//' |
grep -v -e 'charset=binary' -e 'charset=us-ascii' |
LC_ALL=C sort | uniq -c
1 text/html; charset=utf-8
2 text/plain; charset=utf-8
1 text/x-c; charset=utf-8
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Commands used to search and replace:
$ git grep -Ilz '[[:blank:]]$' |
xargs -0 -I '{}' sh -c "printf '%s\n' \"\$(sed -E \
's/[[:blank:]]+$//' '{}')\" >'{}'"
This fixes all of the "trailing whitespace" errors raised by git:
$ git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904..HEAD |
grep '^[^+]' | cut -f 3 -d : | LC_ALL=C sort | uniq -c
72 space before tab in indent.
4 trailing whitespace.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Commands used to search and replace:
$ git grep -Ilz '.' | xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\$(cat '{}')\" >'{}'"
The above commands ensure that there is exaclty 1 line terminator at EOF
(rather than 0 or more than 1) on all non-empty text files.
This fixes all of the "new blank line at EOF" errors raised by git:
$ git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904..HEAD |
grep '^[^+]' | cut -f 3 -d : | LC_ALL=C sort | uniq -c
21 new blank line at EOF.
72 space before tab in indent.
4 trailing whitespace.
|
| | |\ \ \
| | | | |
| | | | | |
Print the argument when failing with "too long arguments"
|
| | | |/ /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Also, s/arguments/argument/ since the message refers to one specific
argument.
Relates to commit 0d06369a8 ("Make env/arg sanity check failure messages
more useful", 2021-11-10) / PR #4676.
Relates to #5676.
|
| |/ / / |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Create qpdf.profile and redirects
qpdf (CLI) provides PDF metadata cleaning.
See privacy-handbuch.de[1] for details.
The site offers pdf-meta-clean.sh[2], which works very well with
firejailed qpdf.
[1] https://www.privacy-handbuch.de/handbuch_43a.htm
[2] https://www.privacy-handbuch.de/download/pdf-meta-clean.sh
* RELNOTES: add qpdf and redirects to new profiles section
* firecfg.config: add qpdf and redirects
* qpdf: use 'seccomp socket' instead of 'protocol unix'
See https://github.com/netblue30/firejail/issues/639. Thanks @rusty-snake in code review.
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Arch Linux got systemd v253:
https://github.com/archlinux/svntogit-packages/commit/05d0aedb2b83a2e1ba07cab47205772f82cb4814
It adds a few new files we should blacklist in `disable-common.inc`:
- /etc/credstore
- /etc/credstore.encrypted
- /run/credentials/systemd-sysctl.service
- /run/credentials/systemd-sysusers.service
- /run/credentials/systemd-tmpfiles-setup.service
- /run/credentials/systemd-tmpfiles-setup-dev.service
|
| | |
| |
| |
| | |
Relates to #5667 #5668.
|
| |\ \
| | |
| | | |
docs: selinux.c: Split Copyright notice & use same license as upstream
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The upstream file is licensed under the LGPLv2.1+ and it uses an SPDX
license identifier rather than an LGPL license notice[1].
And according to the GNU project, the LGPLv2.1+ is compatible with both
the GPLv2 (with the result being GPLv2) and the GPLv3 (with the result
being GPLv3), though the reverse (GPL -> LGPL) does not apply[2] [3].
This means that if we make changes that are only available under the
GPLv2, systemd would be unable to copy them back and release the result
under the LGPLv2.1 without being in violation of the GPLv2.
So replace the GPL license notice with the SPDX license identifier of
the upstream file ("LGPL-2.1-or-later"), to make it easier to share
changes between both projects.
See also the following systemd commits[4] [5] [6] [7]:
* 53e1b68390 ("Add SPDX license identifiers to source files under the
LGPL", 2017-11-18)
* db9ecf0501 ("license: LGPL-2.1+ -> LGPL-2.1-or-later", 2020-11-09)
[1] https://github.com/systemd/systemd/blob/254d1313ae5a69c08c9b93032aaaf3d6083cfc07/src/shared/selinux-util.c
[2] https://www.gnu.org/licenses/license-list.en.html#LGPLv2.1
[3] https://www.gnu.org/licenses/license-compatibility.html
[4] https://github.com/systemd/systemd/commit/53e1b683907c2f12330f00feb9630150196f064d
[5] https://github.com/systemd/systemd/pull/7386
[6] https://github.com/systemd/systemd/commit/db9ecf050165fd1033c6f81485917e229c4be537
[7] https://github.com/systemd/systemd/pull/17548
|
netblue30
Marek Küthe
pirate486743186
glitsj16
dependabot[bot]
Kelvin M. Klann
NetSysFire