| Commit message (Collapse) | Author | Age |
|\
| |
| | |
private-etc rework fixes
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
| |
feature
|
|
|
|
| |
Relates to #5589 #5599 #5600.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commands used to find the profiles and print the RELNOTES items:
$ git log --reverse --pretty= --name-only --diff-filter=A \
0.9.70..0.9.72 -- etc/inc etc/net etc/profile-* | cut -f 3 -d / |
sed -E -e 's/^([^.]+)\.profile$/\1/' -e 's/$/,/' | tr '\n' ' ' |
fold -s -w 61 | sed 's/^/ * new profiles: /'; echo
Based on the commands from commit a320957a1 ("RELNOTES: add missing new
profiles", 2022-06-09) / PR #5184.
Note: 61 is used in fold because it's 79 (the default `textwidth` / `tw`
in vim) minus 18 (the length of " * new profiles: ").
Note2: ".profile" is only trimmed if it's the only suffix, to make it
clear that a new etc/profile-a-l/foo.inc.profile is not a new
etc/inc/foo.inc profile.
Note3: Keep the commas at the end because removing them could need
another `fold` to make the output exactly equivalent to
writing/formatting the items manually.
Note4: There were no profiles removed in 0.9.72:
$ git log --reverse --pretty= --name-only --diff-filter=D \
0.9.70..0.9.72 -- etc/inc etc/net etc/profile-*
$
|
|\
| |
| | |
modif: Stop forwarding own double-dash to the shell
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, if double-dash ("--") is passed to firejail, it is forwarded
to the user shell:
$ firejail --debug --noprofile -- echo test 2>&1 |
grep -e execvp -e test
Building quoted command line: 'echo' 'test'
Building quoted command line: 'echo' 'test'
Running 'echo' 'test' command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: --
execvp argument 3: 'echo' 'test'
test
This causes issues when the user shell does not accept "--" / is not
POSIX-compatible:
$ /bin/bash -c -- 'echo test'
test
$ /bin/fish -c -- 'echo test'
fish: Unknown command: --
fish:
--
^
Fixes #5599.
Relates to #3434.
Reported-by: @iltep64
Reported-by: @ferreum
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \ |
|
| | |
| | |
| | |
| | | |
(in Debian CI only sh is getting printed)
|
|/ / |
|
|\ \ |
|
| |\ \
| | | |
| | | | |
docs: remove apparmor options in --help when building without apparmor support
|
| | | | |
|
| | | | |
|
|/ / / |
|
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.37 to 2.1.38.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/959cbb7472c4d4ad70cdfe6f4976053fe48ab394...515828d97454b8354517688ddc5b48402b723750)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5...18bf8ad2ca49c14cbb28b91346d626ccfb00c518)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
This amends commit a100cbe99 ("RELNOTES: move etc-hide-blacklisted item
to modif", 2023-01-16).
|
| |
| |
| |
| |
| |
| | |
And clarify it.
Relates to #5010 #5230 #5591 #5595.
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Rename etc-no-blacklisted to etc-hide-blacklisted
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Let users know that enabling this may break /etc/resolv.conf.
Added on commit ded50200e ("opt-in: skip blacklisted files in
private-etc - #5010, #5230", 2023-01-15) / PR #5591.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To make it clearer.
Added on commit ded50200e ("opt-in: skip blacklisted files in
private-etc - #5010, #5230", 2023-01-15) / PR #5591.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To avoid boolean confusion (`no-foo no` / `no-foo yes`) in
firejail.config:
etc-no-blacklisted no
etc-no-blacklisted yes
Commands used to search and replace:
git grep -Ilz -i 'etc.no.blacklisted' -- etc src |
xargs -0 -I '{}' sh -c "printf '%s\n' \"\$(sed \
-e 's/etc-no-blacklisted/etc-hide-blacklisted/' \
-e 's/ETC_NO_BLACKLISTED/ETC_HIDE_BLACKLISTED/' \
'{}')\" >'{}'"
Added on commit ded50200e ("opt-in: skip blacklisted files in
private-etc - #5010, #5230", 2023-01-15) / PR #5591.
|
|\ \ \
| |/ /
|/| | |
add timezone access to make libical functional
|
|/ /
| |
| | |
claws-mail vcalendar-plugin uses libical to get current timezone. Libical needs access to file `/etc/timezone` to work properly.
|
|\ \
| | |
| | | |
opt-in: hide blacklisted files in /etc
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
email-common refactoring
|