| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Changes:
* Generate firejail.vim from firejail.vim.in
* Generate firejail-profile.lang from firejail-profile.lang.in
* Update the manual syntax file steps on the new command checklist on
CONTRIBUTING.md to use `make syntax` instead
Relates to #2679 #5502 #5577 #5612.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
* Use the commands from contrib/vim/syntax/firejail.vim to create
makefile targets to generate syntax lists in contrib/syntax/lists
* Add contrib/syntax/files/example.in as an example of how to generate
syntax files
* Generate and add the syntax lists, to make it easier to spot if they
are properly updated when a new command is added or if their recipes
also need changes
* Add "syntax" and "contrib" makefile targets
Note: The generation commands are executed mostly silently to avoid
generating too much noise when also making other targets.
Note2: In some generation commands, a `$$` escape is used to pass `$` to
the shell, to avoid being interpreted by make as the start of a macro.
Note3: `@make_input@` is used in example.in to make it clear that the
file is generated (and that it is generated by make rather than
configure), similarly to how `@configure_input@` is used in configure
input files. See also apparmor.vim:
$ head -n 2 /usr/share/vim/vimfiles/syntax/apparmor.vim
" generated from apparmor.vim.in by create-apparmor.vim.py
" do not edit this file - edit apparmor.vim.in or create-apparmor.vim.py instead
Environment: apparmor 3.1.2-1 on Artix Linux.
Relates to #2679 #5502 #5577 #5612.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Having all of syntax files in the same directory makes it easier to
reference all of them at once on a makefile (such as with
`contrib/syntax/files/*.in`).
Also, this makes the path to the gtksourceview language-spec shorter.
Current path/new path:
* contrib/gtksourceview-5/language-specs/firejail-profile.lang
* contrib/syntax/files/firejail-profile.lang
Currently, adding a rule to the root Makefile to generate the
language-spec in the same directory as an input file would take at least
95 characters (with only a single dependency):
contrib/gtksourceview-5/language-specs/%.lang: contrib/gtksourceview-5/language-specs/%.lang.in
With this commit, the above shortened to 59 characters:
contrib/syntax/files/%.lang: contrib/syntax/files/%.lang.in
Which should make it more readable.
Relates to #2679 #5502.
|
| |
|
|
|
|
|
|
|
|
| |
The seccomp filters are used by firejail itself at runtime (and are
installed to `$(libdir)`), while the man pages are used by an external
program (and installing them is optional; see `HAVE_MAN`), so reorder
them.
Misc: The seccomp filter targets were apparently added on commit
64431c712 ("seccomp work 1", 2016-11-20).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
And also add an "error: " prefix, to make the output clearer.
Before:
$ rm -f config.mk; make config.mk
printf 'run ./configure to generate %s\n' "config.mk" >&2
run ./configure to generate config.mk
false
make: *** No rule to make target 'config.mk'. Stop.
After:
$ rm -f config.mk; make config.mk
error: run ./configure to generate config.mk
make: *** No rule to make target 'config.mk'. Stop.
This amends commit e21637ca8 ("makefiles: add generated files as
dependencies", 2022-06-23) / PR #5219.
|
| |
|
|
|
| |
See commit 9bf5e453c ("ci: sort items on paths-ignore lists",
2022-07-12) / PR #5481.
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | |
| |
| |
| | |
Closes #5601
|
| |/ |
|
| |
|
|
| |
groups added
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
It is currently only used on the "install" target.
This amends commit 16afd8c8e ("Add basic gtksourceview language-spec
(#5502)", 2022-12-04).
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* zoom.profile: whitelist ~/.config/zoom.conf
With Zoom version 5.12.6, Zoom changed how they handle encrypting the local
database. This change resulted in the new file zoom.conf being used. As it is
not allowed by the current profile, this could lead to users losing their chat
history if they cannot be retrieved from the cloud (e.g. when e2e encryption is
used).
* zoom.profile: noblacklist ~/.config/zoom.conf
Additional blacklisting for other programs to the configuration file.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.38 to 2.1.39.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/515828d97454b8354517688ddc5b48402b723750...a34ca99b4610d924e04c68db79e503e1f79f9f02)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
|
| |\
| |
| | |
private-etc rework fixes
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| |
|
|
| |
feature
|
| |
|
|
| |
Relates to #5589 #5599 #5600.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commands used to find the profiles and print the RELNOTES items:
$ git log --reverse --pretty= --name-only --diff-filter=A \
0.9.70..0.9.72 -- etc/inc etc/net etc/profile-* | cut -f 3 -d / |
sed -E -e 's/^([^.]+)\.profile$/\1/' -e 's/$/,/' | tr '\n' ' ' |
fold -s -w 61 | sed 's/^/ * new profiles: /'; echo
Based on the commands from commit a320957a1 ("RELNOTES: add missing new
profiles", 2022-06-09) / PR #5184.
Note: 61 is used in fold because it's 79 (the default `textwidth` / `tw`
in vim) minus 18 (the length of " * new profiles: ").
Note2: ".profile" is only trimmed if it's the only suffix, to make it
clear that a new etc/profile-a-l/foo.inc.profile is not a new
etc/inc/foo.inc profile.
Note3: Keep the commas at the end because removing them could need
another `fold` to make the output exactly equivalent to
writing/formatting the items manually.
Note4: There were no profiles removed in 0.9.72:
$ git log --reverse --pretty= --name-only --diff-filter=D \
0.9.70..0.9.72 -- etc/inc etc/net etc/profile-*
$
|
| |\
| |
| | |
modif: Stop forwarding own double-dash to the shell
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, if double-dash ("--") is passed to firejail, it is forwarded
to the user shell:
$ firejail --debug --noprofile -- echo test 2>&1 |
grep -e execvp -e test
Building quoted command line: 'echo' 'test'
Building quoted command line: 'echo' 'test'
Running 'echo' 'test' command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: --
execvp argument 3: 'echo' 'test'
test
This causes issues when the user shell does not accept "--" / is not
POSIX-compatible:
$ /bin/bash -c -- 'echo test'
test
$ /bin/fish -c -- 'echo test'
fish: Unknown command: --
fish:
--
^
Fixes #5599.
Relates to #3434.
Reported-by: @iltep64
Reported-by: @ferreum
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |\ \ |
|
| | | |
| | |
| | |
| | | |
(in Debian CI only sh is getting printed)
|
| |/ / |
|
| |\ \ |
|
| | |\ \
| | | |
| | | | |
docs: remove apparmor options in --help when building without apparmor support
|
| | | | | |
|
| | | | | |
|
Kelvin M. Klann
netblue30
Alexandre Provencio
fkrone
Mohammed Anas
dependabot[bot]
glitsj16
Reiner Herrmann
nya1