| Commit message (Collapse) | Author | Age |
... | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Ignore the following file:
- src/firecfg/firecfg.config
To avoid running CodeQL when only adding a new profile.
Note: This is already ignored on .github/workflows/build-extra.yml since
commit 23ea15fd7 ("Add some more paths-ignore to build-extra.yml",
2021-04-24).
Misc: I noticed this on #5289.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Ensure that the following file is ignored everywhere, except on its own
workflow:
- .github/workflows/codeql-analysis.yml
To avoid running CI unnecessarily.
This should also make the CI checks finish faster on most PRs opened by
dependabot, as they're often only about bumping the version of
codeql-action and are opened about once a week (see
.github/dependabot.yml).
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Ensure that the following files are ignored everywhere:
- .github/dependabot.yml
- .gitlab-ci.yml
To avoid running CI unnecessarily.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Ensure that the following paths are ignored everywhere:
- '.github/ISSUE_TEMPLATE/*'
- .github/pull_request_template.md
To avoid running CI unnecessarily.
Currently, they're only ignored on .github/workflows/build-extra.yml.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Leave quotes only on paths with wildcards so that they are sorted before
normal paths, then sort everything.
Note that in the current workflow files, ignored directories always use
wildcards, so this also ensures that ignored directories (along with all
other paths with wildcards) are always listed before ignored files
(similarly to `--group-directories-first` in GNU `ls`).
This order is similar to the one on
.github/workflows/profile-checks.yml.
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
[email-common.profile] add localtime to private-etc
|
|/ / / / |
|
|\ \ \ \
| | | | |
| | | | | |
lutris.profile: fix running League of Legends
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
@Latrolage on Oct 20, 2022[1]:
> When I open the game the only error line which appears is this
> `modify_ldt: Operation not permitted`
So as suggested by @Latrolage[1] and @rusty-snake[2], allow the
`modify_ldt` syscall in seccomp.
Fixes #5430.
[1] https://github.com/netblue30/firejail/discussions/5430#discussion-4488996
[2] https://github.com/netblue30/firejail/discussions/5430#discussioncomment-3924098
Reported-by: @Latrolage
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Profile fixes
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
build: sort.py improvements
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
With this, the help section remains consistent regardless of how the
script is called and even if the filename is changed. For example, if
someone renames "sort.py" to "firejail-sort" and puts it somewhere in
`$PATH`.
Example outputs of the script name (using `print(argv[0]); return`):
$ ./contrib/sort.py
./contrib/sort.py
$ python contrib/sort.sh
contrib/sort.py
$ (cd contrib && ./sort.py)
./sort.py
Note: This depends on `os.path` and `sys.argv`, so the imports have to
appear before the docstring. In which case, the docstring has to be
explicitly assigned to `__doc__` (as it ceases to be the first statement
in the file).
Note2: When running `pydoc ./contrib/sort.py`, `argv[0]` becomes
"/usr/bin/pydoc" (using python 3.10.8-1 on Artix Linux).
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
And return a specific exit code, as suggested by @rusty-snake[1].
Escape the first line in the docstring to avoid printing a blank line as
the first line of the output.
[1] https://github.com/netblue30/firejail/pull/5429#discussion_r999637842
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Where applicable, instead of creating custom ones.
Example error messages:
rm -f 123 && ./contrib/sort.py 123
[ Error ] [Errno 2] No such file or directory: '123'
touch 123 && chmod -rwx 123 && ./contrib/sort.py 123
[ Error ] [Errno 13] Permission denied: '123'
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Misc: The trailing comma is due to using the opinionated `black` Python
formatter (which seems to be a relatively common one). This was the
only change made, so the code seems to already be following the format
used by this tool.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Changes:
* Line-wrap comments at 79 characters
* Make comments clearer
* Make main docstring more similar to a command "usage" output
See the result with the following command, which generates a
man-page-like output and opens it in the man pager (such as in `less`):
$ pydoc ./contrib/sort.py
See also PEP-257, "Docstring Conventions"[1].
[1] https://peps.python.org/pep-0257/
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
To make it clearer.
There are 3 different instances of protocol-related objects being used
in the fix_protocol function:
* The input
* The array of common sorted lines
* The (sorted) output
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
To make it clearer.
Both the input and output of the sort_alphabetical function are strings
of comma-separated items, so there is no format conversion of any kind
being done (from "raw" to "not raw"), only sorting.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Which also makes it fit in under 80 characters.
Always print "profile(s)" instead of changing the message based on the
argument count.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
To the sort function, instead of wrapping it in a lambda function.
|
| | |_|_|_|/
| |/| | | |
| | | | | |
| | | | | | |
Instead of manually adding 1 to lineno.
|
| | | | | |
| | | | | |
| | | | | | |
Co-authored-by: pirate486743186 <>
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* Add python3 support to nicotine
* Revert private-bin changes
Adding shell and python3 support to private-bin kept breaking nicotine for the user who reported it on IRC. Let's revert it as suggested by @rusty-snake.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
netblue30/dependabot/github_actions/step-security/harden-runner-2.0.0
build(deps): bump step-security/harden-runner from 1.5.0 to 2.0.0
|
| | |_|_|_|/
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 1.5.0 to 2.0.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/2e205a28d0e1da00c5f53b161f4067b052c61f34...ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |_|_|_|/
|/| | | |
| | | | |
| | | | | |
Relates to #5188 #5217 #5271.
|
| | | | |
| | | | |
| | | | |
| | | | | |
Relates to #5398 #5402 #5451.
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
docs: clarify that --appimage should appear before --profile
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
And fix the argument order in the examples to reflect that.
Background: The order in which these options appeared in the
documentation was inconsistent. src/man/firejail.txt used --appimage
before --profile and src/man/firejail-profile.txt used --profile before
--appimage. Then commit 44fefcac0 ("Make appimage examples consistent
with --appimage option short description", 2022-10-05) / PR #5402 was
made, which standardized on --profile before --appimage in both places.
But as mentioned by @rusty-snake[1], --appimage has be specified before
--profile in order for any `?HAS_APPIMAGE` conditionals inside of the
profile to evaluate to true.
So change the documentation to use and recommend the latter form.
Also, add --quiet to one example to make it clear that --appimage does
not have to be the first option (nor the last option before --profile).
[1] https://github.com/netblue30/firejail/pull/5402#issuecomment-1274889618
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Create cinelerra-gg
* add cinelerra-gg to `New profiles` section
* Add cinelerra-gg to firecfg.config
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.29 to 2.1.31.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6...c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | | | |
| | | | |
| | | | | |
Fixes #5463 by adding netlink to the list of allowed protocols
|
|/ / / /
| | | |
| | | |
| | | |
| | | | |
* Create godot3.profile
* Add godot3 redirect to firecfg.config
|
| | | |
| | | |
| | | |
| | | | |
Relates to #5421 #5431.
|
| |_|/
|/| |
| | |
| | | |
Relates to #5356.
|
| | |
| | |
| | | |
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.28 to 2.1.29.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/cc7986c02bac29104a72998e67239bb5ee2ee110...ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
| |
| |
| | |
Closes #5437
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.27 to 2.1.28.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/807578363a7869ca324a79039e6db9c843e0e100...cc7986c02bac29104a72998e67239bb5ee2ee110)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Fix musl warnings
|
| | |
| | |
| | |
| | | |
in musl they are just redefines of the non-64 versions
|