| Commit message (Collapse) | Author | Age |
|
|
|
|
| |
* tightening zathura profile
* sort
|
| |
|
|
|
|
| |
[skip ci]
|
| |
|
|
|
|
| |
like it is declared in the man page itself and referenced by other pages.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create googler-common.profile
* Create googler.profile
* Create ddgr.profile
* Update firecfg.config
* sort fix
* space
* space
* tightening
* comment
* fix comment
* fix private-etc and ${DOWNLOADS}
* fix sort
* redundant ${DOWNLOADS}
|
|\
| |
| | |
cmdline.c: optionally quote the resulting command line
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If we were launched by sshd, do not add extra quotes to the command
line. This is because if firejail is a login shell, sshd will launch
firejail thusly:
* argv[0]: /path/to/firejail
* argv[1]: -c
* argv[2]: user's command to execute
For example, if the user executed "ssh othernode echo hello world",
argv[2] will be "echo hello world". Firejail will then add *extra*
quotes to it, resulting in argv[2] becoming "'echo hello world' "
(without the "", of course). The user's shell (e.g., bash) will see
the extra single quotes and will not split the token into multiple
tokens. The shell will be unable to find an executable or intrinsic
named "echo hello world ", so it will fail.
This commit changes the above behavior if firejail is launched by
sshd. In that case, firejail will *not* add the extra single quotes
around argv[2]. Specifically: all the tokens still end up in argv[2],
but there's no *extra* quotes around argv[2], so the shell will split
argv[2] into multiple tokens (if necessary). In the above example,
argv[2] will be "echo hello world" (without the ""), which will be
split. The shell will then look for an intrinsic or executable named
"echo", which will succeed, and "hello world" will ultimately be
emitted.
Signed-off-by: Jeff Squyres <jsquyres@cisco.com>
|
| | |
|
|\ \
| | |
| | | |
add firejail.config switch for private-{bin,etc,opt,srv}
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Curerently sys.argv is accessed without checks, resulting in an
IndexError:
```
Traceback (most recent call last):
File "/home/rusty-snake/Projects/firejail/contrib/jail_prober.py", line 205, in <module>
main()
File "/home/rusty-snake/Projects/firejail/contrib/jail_prober.py", line 170, in main
profile_path = sys.argv[1]
IndexError: list index out of range
```
This commit catches this IndexError and prints a more helpfull message
instaed:
```
USAGE: jail_prober.py <PROFILE-PATH> <PROGRAM>
```
|
|\ \ \
| | | |
| | | | |
jail_prober: enable absolut include directives
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The header of profile.template define this order:
IGNORES
NOBLACKLISTS
ALLOW INCLUDES
BLACKLISTS
DISABLE INCLUDES
|
| | | |
| | | |
| | | |
| | | | |
closes #4324
|
| | | | |
|
| | | | |
|
|\ \ \ \
| |/ / /
|/| | | |
Correct typo in telegram-desktop profile
|
|/ / / |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Create links-common.profile
* Update links.profile
* Create links2.profile
* Update links.profile
* Update links2.profile
* Update elinks.profile
* Update elinks.profile
* links2
* Update firecfg.config
* Update xlinks.profile
* .xlinks
* add dbus and whitelist-usr-share-common
* .xlinks doesn't exist
* revert
* Create xlinks2
* xlinks2
* Update xlinks2
* Update xlinks.profile
* no wayland
* no wayland
* doesn't use /tmp/.X11-unix
* doesn't use /tmp/.X11-unix
* noblacklist /tmp/.X11-unix
* noblacklist /tmp/.X11-unix
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Update vim syntax highlighting
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
this is a bit nicer, as it does not overwrite the filetype if it
already has been set.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
Restrict /usr/libexec
|
| | |_|/
| |/| | |
|
|\ \ \ \
| | | | |
| | | | | |
Configure improvements
|
| | | | |
| | | | |
| | | | |
| | | | | |
For simplicity and increased portability.
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This fixes the following warning:
$ autoconf
configure.ac:306: warning: AC_OUTPUT should be used without arguments.
configure.ac:306: You should run autoupdate.
Environment:
$ grep '^NAME' /etc/os-release
NAME="Artix Linux"
$ pacman -Q autoconf
autoconf 2.71-1
Though keep `AC_PREREQ` at 2.68 (released on 2010-09-23[1]), as version
2.71 (which autoupdate automatically bumps to) is rather recent
(released on 2021-01-28[2]) and the changes do not appear to require a
version bump, as on `AC_INIT` it only adds some quotes, and the rest of
the changes are consistent with the autoconf 2.68 manual. From Section
18.4, Obsolete Macros[3]:
> — Macro: AC_OUTPUT ([file]..., [extra-cmds], [init-cmds])
>
> The use of AC_OUTPUT with arguments is deprecated. This obsoleted
> interface is equivalent to:
>
> AC_CONFIG_FILES(file...)
> AC_CONFIG_COMMANDS([default],
> extra-cmds, init-cmds)
> AC_OUTPUT
>
> See AC_CONFIG_FILES, AC_CONFIG_COMMANDS, and AC_OUTPUT.
Note: The usage of the above format has been present since the inception
of configure.ac, on commit 137985136 ("Baseline firejail 0.9.28").
Misc: This is a continuation of #4293.
[1] https://lists.gnu.org/archive/html/info-gnu/2010-09/msg00013.html
[2] https://lists.gnu.org/archive/html/autoconf/2021-01/msg00126.html
[3] https://www.gnu.org/software/autoconf/manual/autoconf-2.68/html_node/Obsolete-Macros.html#index-AC_005fOUTPUT-2058
|
| | | | |
|
| | | | |
|
| |/ /
|/| | |
|
|/ /
| |
| |
| |
| | |
* ignore include disable-shell.inc
* allow-bin-sh.inc
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Create youtube-viewers-common.profile
* reorganising youtube viewers
* rm globals
* reorganise youtube viewers
* adding pipe-viewer
* adding gtk-pipe-viewer
* xterm and youtube-dl cache
* sort
* Update youtube-viewers-common.profile
* quiet
* quiet
* quiet
* Update firecfg.config
* rm vlc
* rm invalid binary
* noinput
* rm whitelist-runuser-common.inc
* rm whitelist-runuser-common.inc
* rm whitelist-runuser-common.inc
* whitelist-runuser-common.inc
|
|\ \
| | |
| | | |
Refine appimage example in docs
|
| | | |
|