| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
Output variables in general may contain values with spaces in them.
Example: `CC=gcc -foo`.
Relates to #5140.
|
|
|
|
| |
Relates to #5248 #5249 #5251.
|
|
|
|
| |
Relates to #5240 #5242.
|
|\
| |
| | |
introduce new option restrict-namespaces
|
| | |
|
| | |
|
|\ \
| | |
| | | |
improve force-nonewprivs security guarantees
|
| | | |
|
|\ \ \
| | | |
| | | | |
build: add autoconf auto-generation comment to input files
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To note on the output files that they are generated and to clarify how
they are generated.
From the manual of GNU Autoconf (version 2.69):
> -- Variable: configure_input
> A comment saying that the file was generated automatically by
> 'configure' and giving the name of the input file. 'AC_OUTPUT'
> adds a comment line containing this variable to the top of every
> makefile it creates. For other files, you should reference this
> variable in a comment at the top of each input file. For
> example, an input shell script should begin like this:
>
> #!/bin/sh
> # @configure_input@
>
> The presence of that line also reminds people editing the file
> that it needs to be processed by 'configure' in order to be used.
Resulting output on config.mk:
# config.mk. Generated from config.mk.in by configure.
Relates to #5140.
|
|\ \ \ \
| | | | |
| | | | | |
ci: ignore git-related paths and the project license
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add the following paths to the ignore lists:
- .git-blame-ignore-revs
- .gitignore
- COPYING
To avoid running CI unnecessarily.
Commands used to show only the root files:
$ git ls-files | grep -v /
Misc: I noticed the missing paths on #5248.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
build: add dist build directory to .gitignore
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Ignore it only on the repository root path, as a directory that matches
`firejail-*` could eventually be added.
Note that the dist archive is already ignored since commit da6b131c3
("chore(.gitignore) ignore built packages", 2018-01-15) / PR #1733.
Example paths:
* build dir: firejail-0.9.71/
* archive: firejail-0.9.71.tar.xz
See `$(NAME)-$(VERSION)` and `$(NAME)-$(VERSION).tar.xz` in the "dist"
target on the root Makefile.
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
CI: bump ubuntu to 22.04 and use newer compilers / analyzers
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
to check
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
runner
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
firejail is no longer detecting that /etc/hosts is getting opened.
in strace it can still be seen that the file is opened via syscall,
but on C library layer (which firejail is tracing) it's probably
implemented differently now.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
grep was returning non-zero exit code if it did NOT find the
error marker, and zero if it did.
|
| | | | | | |
|
| | | | | | |
|
|/ / / / / |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This directory contains the MAC address for connections available
Tested working with torbrowser-launcher and onionshare
Signed-off-by: Tad <tad@spotco.us>
|
| |_|/ /
|/| | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.15 to 2.1.16.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/3f62b754e23e0dd60f91b744033e1dc1654c0ec6...3e7e3b32d0fb8283594bb0a76cc60a00918b0969)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |_|/
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* remmina.profile: allow python
* Update etc/profile-m-z/remmina.profile
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
now covers syscalls up to including process_madvise (440)
group assignment was blindly copied from systemd:
https://github.com/systemd/systemd/blob/729d2df8065ac90ac606e1fff91dc2d588b2795d/src/shared/seccomp-util.c#L305
the only exception is close_range, which was added to both @basic-io and @file-system
this commit adds the following syscalls to the default blacklist:
pidfd_getfd,fsconfig,fsmount,fsopen,fspick,move_mount,open_tree
|
|/
|
|
|
|
| |
produced using commands documented in src/lib/syscall.c:
awk '/__NR_/ { print "{ \"" gensub("__NR_", "", "g", $2) "\", " $3 " },"; }' < /usr/include/x86_64-linux-gnu/asm/unistd_64.h
awk '/__NR_/ { print "{ \"" gensub("__NR_", "", "g", $2) "\", " $3 " },"; }' < /usr/include/x86_64-linux-gnu/asm/unistd_32.h
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following leverages the fact that when using a normal merge (as
opposed to "rebase and merge" or "squash and merge") on GitHub, the pull
request number is put in the commit message title and the title of the
PR is added to the commit message body.
Commands used to find and print the items for the RELNOTES:
$ git log --grep='^build:' --merges --reverse --pretty='%s %b' 0.9.70.. |
sed -E -n 's/Merge pull request (#[0-9]+) from [^ ]+ (.*)/ * \2 (\1)/p'
* build: deduplicate configure-time vars into new config files (#5140)
* build: fix file mode of shell scripts (644 -> 755) (#5206)
* build: reduce autoconf input files from 32 to 2 (#5219)
Commands used to generate the message below:
$ git log --grep='^build:' --merges --reverse --pretty='%s %b' 0.9.70.. |
sed -E -n 's/Merge pull request (#[0-9]+).*/\1/p' | sort | tr '\n' ' ' |
sed -E 's/^(.*) /Relates to \1./'
Relates to #5140 #5206 #5219.
Relates to #5140 #5206 #5219.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
copy using file descriptors, similar
to implementation of get option
|
|
|
|
|
|
|
|
| |
As a reminder to create a profile for winetricks instead of allowing
access to its paths to programs used by winetricks (see #5238).
Added on commit 0ec1c66b5 ("aria2c.profile: allow access to
~/.cache/winetricks") / PR #5238.
|
| |
|
|\
| |
| | |
Warn when encountering EIO during remount
|
| |
| |
| |
| |
| |
| | |
Instead of simply erroring out, just warn the user that a filesystem was
unable to be remounted due to EIO. This is helpful for FUSE filesystems
which might be buggy or having issues.
|
|\ \
| |/
|/| |
aria2c.profile: allow access to ~/.cache/winetricks
|
|/
|
|
| |
Otherwise winetricks fails to download packages.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.14 to 2.1.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/41a4ada31ba866a7f1196b9602703a89edd69e22...3f62b754e23e0dd60f91b744033e1dc1654c0ec6)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
|\
| |
| |
| |
| | |
netblue30/dependabot/github_actions/github/codeql-action-2.1.14
build(deps): bump github/codeql-action from 2.1.12 to 2.1.14
|