| Commit message (Collapse) | Author | Age |
|\ |
|
| |\
| | |
| | | |
fix compilation on musl (#4578)
|
| | | |
|
| | | |
|
| |\ \
| | | |
| | | | |
Revert "allow/deny fbuilder"
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit 4438f14f2892b5c88d158ae8fad0a80a2eebfd44.
Also, partially revert related commit e4307b409 ("fix whitelist/allow in
make test-utils") to keep the tests working.
The profiles are being generated using aliases, which are not used on
the profiles in the repository. So generate them using the normal
commands for consistency. See also commit dd13595b8 ("Revert
"allow/deny help and man pages"") / PR #4502.
Relates to #4410.
Misc: I noticed this on issue #4592.
|
| | | |
| | | |
| | | |
| | | | |
Added on commit 9af2c1472 ("Better debug handling.").
|
| |\ \ \
| | | | |
| | | | | |
Fix vscodium
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Both base names are valid:
$ grep '^NAME' /etc/os-release
NAME="Artix Linux"
$ pacman -Q vscodium-bin
vscodium-bin 1.60.2-2
$ pacman -Qlq vscodium-bin | grep -v -e '/$' -e /resources/ |
grep /bin/
/usr/bin/codium
/usr/bin/vscodium
/usr/share/vscodium-bin/bin/codium
Note: The first two paths are symlinks to the third one.
Fixes #3871.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
It creates the following directories on startup:
* ~/.config/VSCodium
* ~/.vscode-oss
Environment:
$ grep '^NAME' /etc/os-release
NAME="Artix Linux"
$ pacman -Q vscodium-bin
vscodium-bin 1.60.2-2
Note: The following entry is already on disable-programs.inc:
noblacklist ${HOME}/.vscode-oss
It was added on commit de90834a8 ("Update disable-programs.inc",
2019-03-02).
Relates to #3871.
|
| | |/ /
| | | |
| | | |
| | | | |
Added on commit 4bb7dee49 ("small changes", 2019-02-07).
|
| |\ \ \
| | | | |
| | | | | |
trace, tracelog: don't truncate /etc/ld.so.preload in sandbox
|
| | | | | |
|
| |\ \ \ \
| | | | | |
| | | | | | |
Issue template improvements2
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
As suggested by @rusty-snake.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
It is not uncommon for people to use other characters to try to mark an
item as checked (which usually screws up the html output), so be sure to
include an example with "[x]".
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This overrides all `LC_*` variables (and LANG) rather than just LANG.
From Section 8.2, Internationalization Variables of POSIX.1-2017[1]:
> LANG
> This variable shall determine the locale category for native
> language, local customs, and coded character set in the absence of
> the LC_ALL and other LC_* (LC_COLLATE, LC_CTYPE, LC_MESSAGES,
> LC_MONETARY, LC_NUMERIC, LC_TIME) environment variables. This can
> be used by applications to determine the language to use for error
> messages and instructions, collating sequences, date formats, and
> so on.
>
> LC_ALL
> This variable shall determine the values for all locale
> categories. The value of the LC_ALL environment variable has
> precedence over any of the other environment variables starting
> with LC_ (LC_COLLATE, LC_CTYPE, LC_MESSAGES, LC_MONETARY,
> LC_NUMERIC, LC_TIME) and the LANG environment variable.
[1] https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html
|
| |\ \ \ \ \
| | | | | | |
| | | | | | | |
Add new condition ALLOW_TRAY
|
| | | | | | | |
|
| |\ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Add profiles for build-systems (/package-managers)
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Profiles: bunler, cargo (refactor), cmake (untested), make, meson, pip
All redirect to build-systems-common.profile
Other fixes:
- blacklist ${HOME}/.bundle
- blacklist ${HOME}/.cargo/* -> blacklist ${HOME}/.cargo
- blacklist /usr/lib64/ruby
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
results from a systematic search for strncmp
calls with a suspicious (non-fitting) integer
literal as third argument
|
| |\ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Read mount id also on legacy kernels
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Enables recursive remounting on very old kernels, which has some relevance
for SailfishOS community ports.
|
| | | |_|_|_|/ /
| | |/| | | | | |
|
| |\ \ \ \ \ \ \
| | |/ / / / / /
| |/| | | | | | |
Correct amule.profile for upnp
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
In order UPnP to work netlink protocol must be enabled.
|
| |\ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
add more EUID improvements
|
| | | |_|_|_|/ /
| | |/| | | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* cheese
- fix: dbus-user.own org.gnome.Cheese
- fix: whitelist /usr/share/gstreamer-1.0
- fix: include allow-python3.inc
- hardening: include disable-shell.inc
- hardening: include whitelist-run-common.inc and whitelist /run/udev/data
- hardening: whitelist /usr/libexec/gstreamer-1.0/gst-plugin-scanner
- hardening: noinput
- hardening: nosound
- hardening: seccomp.block-secondary
- hardening: private-dev
* geekbench (closes #4576)
- fix: noblacklist /sbin and noblacklist /usr/sbin
- fix: noblacklist, blacklist, mkdir, whitelist, read-write ${HOME}/.geekbench5
- fix: comment/remove private-bin, private-lib, private-opt
* inkscape
- add quiet for cli usage
* musixmatch (#4518)
- allow chroot
* pandoc
- fix: include allow-bin-sh.inc
- fix: drop private-bin
- hardening: include whitelist-runuser-common.inc
- hardening: seccomp.block-secondary
|
| | |_|_|_|_|/
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
- Allow org.freedesktop.secrets, fixes #4584
- Improve comments about notifications and systray
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
firejail.h uses PATH_MAX when defining a macro. Note that ARG_MAX and
PATH_MAX are not guaranteed to be (and potentially should not be)
defined. From POSIX.1-2017's limits.h(0p)[1]:
> A definition of one of the symbolic constants in the following list
> shall be omitted from the <limits.h> header on specific
> implementations where the corresponding value is equal to or greater
> than the stated minimum, but where the value can vary depending on the
> file to which it is applied. The actual value supported for a
> specific pathname shall be provided by the pathconf() function.
Use linux/limits.h instead of limits.h because glibc's limits.h
deliberately undefines ARG_MAX. See glibc commit f96853beaf
("* sysdeps/unix/sysv/linux/bits/local_lim.h: Undefined ARG_MAX if",
2008-03-27)[2].
From /usr/include/bits/local_lim.h (glibc 2.33-5 on Artix Linux):
#ifndef ARG_MAX
# define __undef_ARG_MAX
#endif
/* The kernel sources contain a file with all the needed information. */
#include <linux/limits.h>
/* [...] */
/* Have to remove ARG_MAX? */
#ifdef __undef_ARG_MAX
# undef ARG_MAX
# undef __undef_ARG_MAX
#endif
So if a file uses ARG_MAX (currently only cmdline.c) and limits.h (or a
firejail.h that includes limits.h) is included before linux/limits.h,
then the build will fail on glibc. Build log from using limits.h
(instead of linux/limits.h) on firejail.h:
$ make clean >/dev/null && make >/dev/null
cmdline.c:145:12: error: use of undeclared identifier 'ARG_MAX'; did you mean 'CFG_MAX'?
if (len > ARG_MAX) {
^~~~~~~
CFG_MAX
./firejail.h:805:2: note: 'CFG_MAX' declared here
CFG_MAX // this should always be the last entry
^
[...]
Fixes #4578.
[1] https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/limits.h.html
[2] https://sourceware.org/git/?p=glibc.git;a=commit;h=f96853beafc26d4f030961b0b67a79b5bfad5733
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
None of the files affected use any macros from linux/limits.h:
$ git grep -Fl 'NGROUPS_MAX
ARG_MAX
LINK_MAX
MAX_CANON
MAX_INPUT
NAME_MAX
PATH_MAX
PIPE_BUF
XATTR_NAME_MAX
XATTR_SIZE_MAX
XATTR_LIST_MAX
RTSIG_MAX' -- src
src/firejail/cmdline.c
src/firejail/firejail.h
src/libtrace/libtrace.c
src/libtracelog/libtracelog.c
Environment:
$ grep '^NAME' /etc/os-release
NAME="Artix Linux"
$ pacman -Qo /usr/include/linux/limits.h
/usr/include/linux/limits.h is owned by linux-api-headers 5.12.3-1
Note: This include has been present on all of the affected files since
their inception. For restrict_users.c, that's on commit 4f003daec
("prevent leaking user information by modifying /home directory,
/etc/passwd and /etc/group") and for every other file, it's on commit
137985136 ("Baseline firejail 0.9.28").
Relates to #4578.
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | | |
Relates to #4578.
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
Trim excess whitespace
|
|/ / / / / |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
don't try to read /usr/bin/firejail if private-bin removed it
from the sandbox filesystem
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
users, and fldd in particular, might have no read permission
on the firejail executable, make that ok by running fldd
as root
|
| | | | | |
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
telegram: Enable private-bin
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Add ld.so.preload to all private-etc lines
|
| | |_|_|_|/
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Command:
sed -i -E "s/^private-etc /private-etc ld.so.preload,/" \
$(grep -LE "^private-etc .*ld.so.preload" etc/profile-*/*) \
&& python3 contrib/sort.py etc/profile-*/*
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Create goldendict.profile
|
| | | | | | | |
|