| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
| |
runner
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
firejail is no longer detecting that /etc/hosts is getting opened.
in strace it can still be seen that the file is opened via syscall,
but on C library layer (which firejail is tracing) it's probably
implemented differently now.
|
| |
|
|
|
| |
grep was returning non-zero exit code if it did NOT find the
error marker, and zero if it did.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This directory contains the MAC address for connections available
Tested working with torbrowser-launcher and onionshare
Signed-off-by: Tad <tad@spotco.us>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.15 to 2.1.16.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/3f62b754e23e0dd60f91b744033e1dc1654c0ec6...3e7e3b32d0fb8283594bb0a76cc60a00918b0969)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* remmina.profile: allow python
* Update etc/profile-m-z/remmina.profile
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
now covers syscalls up to including process_madvise (440)
group assignment was blindly copied from systemd:
https://github.com/systemd/systemd/blob/729d2df8065ac90ac606e1fff91dc2d588b2795d/src/shared/seccomp-util.c#L305
the only exception is close_range, which was added to both @basic-io and @file-system
this commit adds the following syscalls to the default blacklist:
pidfd_getfd,fsconfig,fsmount,fsopen,fspick,move_mount,open_tree
|
| |
|
|
|
|
| |
produced using commands documented in src/lib/syscall.c:
awk '/__NR_/ { print "{ \"" gensub("__NR_", "", "g", $2) "\", " $3 " },"; }' < /usr/include/x86_64-linux-gnu/asm/unistd_64.h
awk '/__NR_/ { print "{ \"" gensub("__NR_", "", "g", $2) "\", " $3 " },"; }' < /usr/include/x86_64-linux-gnu/asm/unistd_32.h
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following leverages the fact that when using a normal merge (as
opposed to "rebase and merge" or "squash and merge") on GitHub, the pull
request number is put in the commit message title and the title of the
PR is added to the commit message body.
Commands used to find and print the items for the RELNOTES:
$ git log --grep='^build:' --merges --reverse --pretty='%s %b' 0.9.70.. |
sed -E -n 's/Merge pull request (#[0-9]+) from [^ ]+ (.*)/ * \2 (\1)/p'
* build: deduplicate configure-time vars into new config files (#5140)
* build: fix file mode of shell scripts (644 -> 755) (#5206)
* build: reduce autoconf input files from 32 to 2 (#5219)
Commands used to generate the message below:
$ git log --grep='^build:' --merges --reverse --pretty='%s %b' 0.9.70.. |
sed -E -n 's/Merge pull request (#[0-9]+).*/\1/p' | sort | tr '\n' ' ' |
sed -E 's/^(.*) /Relates to \1./'
Relates to #5140 #5206 #5219.
Relates to #5140 #5206 #5219.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
copy using file descriptors, similar
to implementation of get option
|
| |
|
|
|
|
|
|
| |
As a reminder to create a profile for winetricks instead of allowing
access to its paths to programs used by winetricks (see #5238).
Added on commit 0ec1c66b5 ("aria2c.profile: allow access to
~/.cache/winetricks") / PR #5238.
|
| | |
|
| |\
| |
| | |
Warn when encountering EIO during remount
|
| | |
| |
| |
| |
| |
| | |
Instead of simply erroring out, just warn the user that a filesystem was
unable to be remounted due to EIO. This is helpful for FUSE filesystems
which might be buggy or having issues.
|
| |\ \
| |/
|/| |
aria2c.profile: allow access to ~/.cache/winetricks
|
| |/
|
|
| |
Otherwise winetricks fails to download packages.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.14 to 2.1.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/41a4ada31ba866a7f1196b9602703a89edd69e22...3f62b754e23e0dd60f91b744033e1dc1654c0ec6)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
|
| |\
| |
| |
| |
| | |
netblue30/dependabot/github_actions/github/codeql-action-2.1.14
build(deps): bump github/codeql-action from 2.1.12 to 2.1.14
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.12 to 2.1.14.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/27ea8f8fe5977c00f5b37e076ab846c5bd783b96...41a4ada31ba866a7f1196b9602703a89edd69e22)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |\ \
| | |
| | | |
add Paradox Launcher to Steam profile
|
| | | | |
|
| | |/ |
|
| |\ \
| |/
|/| |
build: reduce autoconf input files from 32 to 2
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
With the previous commit ("makefiles: stop failing when config.mk does
not exist", 2022-06-23), make will not immediately fail when trying to
build a target without having the proper compile-time flags (which are
defined on common.mk).
For example, when running the command below:
make distclean && make
It will throw an error only after (mis-)compiling multiple objects.
So add a dependency on config.mk on every target that uses output
variables (such as @NAME@ / $(NAME)) on its recipe. And add a
dependency on config.sh on targets that call shell scripts that use
output variables (such as @NAME@ / $NAME). Also, add a recipe for
config.mk / config.sh telling to run ./configure, to make it a bit more
obvious just in case.
With this commit, make will abort earlier, by detecting that the
config.mk / config.sh dependency does not exist. This happens before
trying to execute the recipe.
This also makes the dependencies more accurate, since if config.mk
(which defines some CFLAGS) is changed, the CFLAGS may also have
changed, so a target that uses CFLAGS should probably be considered out
of date in this case anyway.
Relates to #5140.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows running `make clean` and `make distclean` (and possibly
others) without having to run ./configure beforehand.
Note that some packaging-related targets still depend on the existence
of generated files. For example:
* dist: config.mk
* deb: config.sh
Commands used to search and replace:
$ git grep -Elz 'include *([^ ]*/)?config.mk' | xargs -0 -I '{}' \
sh -c "printf '%s\n' \
\"\$(sed -E 's|^include *(([^ ]*/)?config.mk)|-include \1|' '{}')\" >'{}'"
Relates to #5140.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Configure summary: autoconf essentially only parses configure.ac and
generates the configure script (that is, the "./configure" shell
script). The latter is what actually checks what is available on the
system and internally sets the value of the output variables. It then,
for every filename foo in AC_CONFIG_FILES (and for every output variable
name BAR in AC_SUBST), reads foo.in, replaces every occurrence of
`@BAR@` with the value of the shell variable `$BAR` and generates the
file foo from the result. After this, configure is finished and `make`
could be executed to start the build.
Now that (as of #5140) all output variables are only defined on
config.mk.in and on config.sh.in, there is no need to generate any
makefile nor any other mkfile or shell script at configure time. So
rename every "Makefile.in" to "Makefile", mkdeb.sh.in to mkdeb.sh,
src/common.mk.in to src/common.mk and leave just config.mk and config.sh
as the files to be generated at configure time.
This allows editing and committing all makefiles directly, without
potentially having to run ./configure in between.
Commands used to rename the makefiles:
$ git ls-files -z -- '*Makefile.in' | xargs -0 -I '{}' sh -c \
"git mv '{}' \"\$(dirname '{}')/Makefile\""
Additionally, from my (rudimentary) testing, this commit reduces the
time it takes to run ./configure by about 20~25% compared to commit
72ece92ea ("Transmission fixes: drop private-lib (#5213)", 2022-06-22).
Environment: dash 0.5.11.5-1, gcc 12.1.0-2, Artix Linux, ext4 on an HDD.
Commands used for benchmarking each commit:
$ : >time_configure && ./configure && make distclean &&
for i in $(seq 1 10); do
{ time -p ./configure; } 2>>time_configure; done
$ grep real time_configure |
awk '{ total += $2 } END { print total/NR }'
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Before running test/fs/private-lib.exp.
Inspired by the configuration changes that are done on
test/root/checkcfg.exp.
Reason: Since commit 9741d0b60 ("fix disabled private-lib in
/etc/firejail/firejail.config", 2022-06-23), the "build_and_test" job
fails with the following error[1]:
TESTING: private-lib (test/fs/private-lib.exp)
spawn /bin/bash
firejail --private-lib --private-bin=sh,bash,dash,ps,grep,ls,find,echo,stty
runner@fv-az489-993:~/work/firejail/firejail/test/fs$
<private-bin=sh,bash,dash,ps,grep,ls,find,echo,stty
Error: private-lib feature is disabled in Firejail configuration file
runner@fv-az489-993:~/work/firejail/firejail/test/fs$ TESTING ERROR 1
This fixes CI.
Fixes #5214.
Relates to #5190.
[1] https://github.com/netblue30/firejail/runs/7030862406
|
| | | |
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
| |
* drop private-lib
* drop private-lib
* drop private-lib
|
| | |
|
| |
|
|
|
|
|
| |
Logging is now default disabled in c7e4c8ed592fee7f1644152a23c3e1343b01b922
See https://github.com/netblue30/firejail/issues/5207
This reverts commit c0d314f945b405f1e90a1a43719059cd22f55de7.
|
| | |
|
| | |
|
Reiner Herrmann
Tad
NetSysFire
dependabot[bot]
smitsohu
Kelvin M. Klann
netblue30
Albert Kim
Davide Beatrici
0x9fff00
Serphentas
glitsj16