aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
...
| * | | | ci: ignore firecfg.config in the codeql workflowLibravatar Kelvin M. Klann2022-11-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ignore the following file: - src/firecfg/firecfg.config To avoid running CodeQL when only adding a new profile. Note: This is already ignored on .github/workflows/build-extra.yml since commit 23ea15fd7 ("Add some more paths-ignore to build-extra.yml", 2021-04-24). Misc: I noticed this on #5289.
| * | | | ci: ignore codeql workflow file in other workflowsLibravatar Kelvin M. Klann2022-11-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensure that the following file is ignored everywhere, except on its own workflow: - .github/workflows/codeql-analysis.yml To avoid running CI unnecessarily. This should also make the CI checks finish faster on most PRs opened by dependabot, as they're often only about bumping the version of codeql-action and are opened about once a week (see .github/dependabot.yml).
| * | | | ci: ignore dependabot and gitlab-ci in all workflowsLibravatar Kelvin M. Klann2022-11-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensure that the following files are ignored everywhere: - .github/dependabot.yml - .gitlab-ci.yml To avoid running CI unnecessarily.
| * | | | ci: ignore github markdown templates in all workflowsLibravatar Kelvin M. Klann2022-11-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensure that the following paths are ignored everywhere: - '.github/ISSUE_TEMPLATE/*' - .github/pull_request_template.md To avoid running CI unnecessarily. Currently, they're only ignored on .github/workflows/build-extra.yml.
| * | | | ci: sort items on paths-ignore listsLibravatar Kelvin M. Klann2022-11-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Leave quotes only on paths with wildcards so that they are sorted before normal paths, then sort everything. Note that in the current workflow files, ignored directories always use wildcards, so this also ensures that ignored directories (along with all other paths with wildcards) are always listed before ignored files (similarly to `--group-directories-first` in GNU `ls`). This order is similar to the one on .github/workflows/profile-checks.yml.
* | | | | Merge pull request #5484 from glitsj16/localtime-fixLibravatar netblue302022-11-25
|\ \ \ \ \ | |/ / / / |/| | | | [email-common.profile] add localtime to private-etc
| * | | | [email-common.profile] add localtime to private-etcLibravatar glitsj162022-11-25
|/ / / /
* | | | Merge pull request #5449 from kmk3/lutris-fix-lolLibravatar Kelvin M. Klann2022-11-23
|\ \ \ \ | | | | | | | | | | lutris.profile: fix running League of Legends
| * | | | lutris.profile: fix running League of LegendsLibravatar Kelvin M. Klann2022-11-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | @Latrolage on Oct 20, 2022[1]: > When I open the game the only error line which appears is this > `modify_ldt: Operation not permitted` So as suggested by @Latrolage[1] and @rusty-snake[2], allow the `modify_ldt` syscall in seccomp. Fixes #5430. [1] https://github.com/netblue30/firejail/discussions/5430#discussion-4488996 [2] https://github.com/netblue30/firejail/discussions/5430#discussioncomment-3924098 Reported-by: @Latrolage
* | | | | Merge pull request #5442 from rusty-snake/fixesLibravatar Kelvin M. Klann2022-11-23
|\ \ \ \ \ | | | | | | | | | | | | Profile fixes
| * | | | | Update etc/profile-a-l/evince.profileLibravatar rusty-snake2022-10-30
| | | | | |
| * | | | | Fix #5311 -- Whalebird-4.6.2 does not work with the default whalebird.profileLibravatar rusty-snake2022-10-30
| | | | | |
| * | | | | Fix #4604 -- Brave browser takes a long time opening under FirejailLibravatar rusty-snake2022-10-30
| | | | | |
| * | | | | Fix #5392 -- Evince doesn't remember settingsLibravatar rusty-snake2022-10-30
| | | | | |
* | | | | | Merge pull request #5429 from kmk3/sort-py-improvementsLibravatar Kelvin M. Klann2022-11-23
|\ \ \ \ \ \ | | | | | | | | | | | | | | build: sort.py improvements
| * | | | | | sort.py: use script name in usage/main docstringLibravatar Kelvin M. Klann2022-10-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With this, the help section remains consistent regardless of how the script is called and even if the filename is changed. For example, if someone renames "sort.py" to "firejail-sort" and puts it somewhere in `$PATH`. Example outputs of the script name (using `print(argv[0]); return`): $ ./contrib/sort.py ./contrib/sort.py $ python contrib/sort.sh contrib/sort.py $ (cd contrib && ./sort.py) ./sort.py Note: This depends on `os.path` and `sys.argv`, so the imports have to appear before the docstring. In which case, the docstring has to be explicitly assigned to `__doc__` (as it ceases to be the first statement in the file). Note2: When running `pydoc ./contrib/sort.py`, `argv[0]` becomes "/usr/bin/pydoc" (using python 3.10.8-1 on Artix Linux).
| * | | | | | sort.py: print usage if there are no argumentsLibravatar Kelvin M. Klann2022-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | And return a specific exit code, as suggested by @rusty-snake[1]. Escape the first line in the docstring to avoid printing a blank line as the first line of the output. [1] https://github.com/netblue30/firejail/pull/5429#discussion_r999637842
| * | | | | | sort.py: print more standard error messagesLibravatar Kelvin M. Klann2022-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Where applicable, instead of creating custom ones. Example error messages: rm -f 123 && ./contrib/sort.py 123 [ Error ] [Errno 2] No such file or directory: '123' touch 123 && chmod -rwx 123 && ./contrib/sort.py 123 [ Error ] [Errno 13] Permission denied: '123'
| * | | | | | sort.py: print errors to stderrLibravatar Kelvin M. Klann2022-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Misc: The trailing comma is due to using the opinionated `black` Python formatter (which seems to be a relatively common one). This was the only change made, so the code seems to already be following the format used by this tool.
| * | | | | | sort.py: line-wrap and improve commentsLibravatar Kelvin M. Klann2022-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: * Line-wrap comments at 79 characters * Make comments clearer * Make main docstring more similar to a command "usage" output See the result with the following command, which generates a man-page-like output and opens it in the man pager (such as in `less`): $ pydoc ./contrib/sort.py See also PEP-257, "Docstring Conventions"[1]. [1] https://peps.python.org/pep-0257/
| * | | | | | sort.py: rename protocols to original_protocolsLibravatar Kelvin M. Klann2022-10-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To make it clearer. There are 3 different instances of protocol-related objects being used in the fix_protocol function: * The input * The array of common sorted lines * The (sorted) output
| * | | | | | sort.py: rename raw_items to original_itemsLibravatar Kelvin M. Klann2022-10-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To make it clearer. Both the input and output of the sort_alphabetical function are strings of comma-separated items, so there is no format conversion of any kind being done (from "raw" to "not raw"), only sorting.
| * | | | | | sort.py: simplify "checking" message codeLibravatar Kelvin M. Klann2022-10-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Which also makes it fit in under 80 characters. Always print "profile(s)" instead of changing the message based on the argument count.
| * | | | | | sort.py: pass the str.casefold function directlyLibravatar Kelvin M. Klann2022-10-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | To the sort function, instead of wrapping it in a lambda function.
| * | | | | | sort.py: enumerate lines from 1Libravatar Kelvin M. Klann2022-10-18
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | Instead of manually adding 1 to lineno.
* | | | | | fix opening links in firefox youtube-viewers-common.profile (#5352)Libravatar pirate4867431862022-11-23
| | | | | | | | | | | | | | | | | | Co-authored-by: pirate486743186 <>
* | | | | | Add python3 support/fixes to nicotine (#5459)Libravatar glitsj162022-11-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add python3 support to nicotine * Revert private-bin changes Adding shell and python3 support to private-bin kept breaking nicotine for the user who reported it on IRC. Let's revert it as suggested by @rusty-snake.
* | | | | | Merge pull request #5473 from ↵Libravatar Fred Barclay2022-11-22
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | netblue30/dependabot/github_actions/step-security/harden-runner-2.0.0 build(deps): bump step-security/harden-runner from 1.5.0 to 2.0.0
| * | | | | | build(deps): bump step-security/harden-runner from 1.5.0 to 2.0.0dependabot/github_actions/step-security/harden-runner-2.0.0Libravatar dependabot[bot]2022-11-14
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 1.5.0 to 2.0.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/2e205a28d0e1da00c5f53b161f4067b052c61f34...ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | | RELNOTES: add featuresLibravatar Kelvin M. Klann2022-11-22
| |_|_|_|/ |/| | | | | | | | | | | | | | Relates to #5188 #5217 #5271.
* | | | | RELNOTES: add docsLibravatar Kelvin M. Klann2022-11-20
| | | | | | | | | | | | | | | | | | | | Relates to #5398 #5402 #5451.
* | | | | Merge pull request #5451 from kmk3/docs-clarify-appimageLibravatar Kelvin M. Klann2022-11-20
|\ \ \ \ \ | |/ / / / |/| | | | docs: clarify that --appimage should appear before --profile
| * | | | docs: clarify that --appimage should appear before --profileLibravatar Kelvin M. Klann2022-11-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | And fix the argument order in the examples to reflect that. Background: The order in which these options appeared in the documentation was inconsistent. src/man/firejail.txt used --appimage before --profile and src/man/firejail-profile.txt used --profile before --appimage. Then commit 44fefcac0 ("Make appimage examples consistent with --appimage option short description", 2022-10-05) / PR #5402 was made, which standardized on --profile before --appimage in both places. But as mentioned by @rusty-snake[1], --appimage has be specified before --profile in order for any `?HAS_APPIMAGE` conditionals inside of the profile to evaluate to true. So change the documentation to use and recommend the latter form. Also, add --quiet to one example to make it clear that --appimage does not have to be the first option (nor the last option before --profile). [1] https://github.com/netblue30/firejail/pull/5402#issuecomment-1274889618
* | | | | Add support for cinelerra-gg (#5467)Libravatar glitsj162022-11-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Create cinelerra-gg * add cinelerra-gg to `New profiles` section * Add cinelerra-gg to firecfg.config
* | | | | build(deps): bump github/codeql-action from 2.1.29 to 2.1.31Libravatar dependabot[bot]2022-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.29 to 2.1.31. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6...c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Add netlink to list of allowed protocols (#5464)Libravatar Jan Sonntag2022-11-10
| | | | | | | | | | | | | | | Fixes #5463 by adding netlink to the list of allowed protocols
* | | | | Add godot3 redirect (#5456)Libravatar Frostbyte46642022-11-07
|/ / / / | | | | | | | | | | | | | | | | * Create godot3.profile * Add godot3 redirect to firecfg.config
* | | | RELNOTES: add build: Fix musl warningsLibravatar Kelvin M. Klann2022-11-03
| | | | | | | | | | | | | | | | Relates to #5421 #5431.
* | | | RELNOTES: add missing issue referenceLibravatar Kelvin M. Klann2022-11-03
| |_|/ |/| | | | | | | | Relates to #5356.
* | | [StepSecurity] ci: Harden GitHub ActionsLibravatar StepSecurity Bot2022-10-31
| | | | | | | | | Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
* | | build(deps): bump github/codeql-action from 2.1.28 to 2.1.29Libravatar dependabot[bot]2022-10-31
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.28 to 2.1.29. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/cc7986c02bac29104a72998e67239bb5ee2ee110...ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | Fix freetube mpris supportLibravatar rusty-snake2022-10-30
| | | | | | | | Closes #5437
* | build(deps): bump github/codeql-action from 2.1.27 to 2.1.28Libravatar dependabot[bot]2022-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.27 to 2.1.28. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/807578363a7869ca324a79039e6db9c843e0e100...cc7986c02bac29104a72998e67239bb5ee2ee110) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | compile fixLibravatar netblue302022-10-25
| |
* | nettrace: various fixesLibravatar netblue302022-10-25
| |
* | fix nolocal netfilterLibravatar netblue302022-10-25
| |
* | removed grsecurity supportLibravatar netblue302022-10-24
| |
* | --icmptraceLibravatar netblue302022-10-24
| |
* | Merge pull request #5431 from netblue30/musl_warningsLibravatar Reiner Herrmann2022-10-23
|\ \ | | | | | | Fix musl warnings
| * | check for availability of symbols instead of glibc definesLibravatar Reiner Herrmann2022-10-23
| | | | | | | | | | | | in musl they are just redefines of the non-64 versions
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 09:50:19 +0000