| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
* drop private-dev from wireshark.profile
* add comment about private-dev in wireshark.profile
Add a comment as suggested in https://github.com/netblue30/firejail/pull/4958#issuecomment-1044732769.
|
|
|
|
|
|
|
| |
* Create onionshare.profile
* Create onionshare-cli.profile
* add onionshare redirects to firecfg.config
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Having `read-only /tmp` yields the following:
$ man ls
[...]
man: /usr/share/man/man1/ls.1.gz: SYSERR: mkstemp: /tmp/man.XXXXxxxxxx: Read-only file system
[...]
It also causes the pager (e.g.: less(1)) to not be called, which means
that the entire man page is just printed all at once on the terminal.
Environment: mandoc 1.14.6-1 on Artix Linux.
Fixes #4927.
Reported-by: @hyder365
|
|
|
|
| |
Relates to #4912 #4916 #4930 #4933.
|
|\
| |
| | |
Disable/comment message about nogroups being ignored
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added on commit 7abce0b4c ("Fix keeping certain groups with nogroups",
2021-11-30) / PR #4732.
As reported by @rusty-snake on #4930, conflicting messages are printed
when using whitelist-run-common.inc with nogroups:
$ cat test.profile
include whitelist-run-common.inc
nogroups
$ firejail --profile=./test.profile groups
Reading profile ./test.profile
Reading profile /etc/firejail/whitelist-run-common.inc
Parent pid 1234, child pid 1235
Warning: logind not detected, nogroups command ignored <--- is a lie
Warning: cleaning all supplementary groups
Child process initialized in 30.00 ms
rusty-snake <---- running `groups` outside of the sandbox shows more so groups are actually cleaned
Parent is shutting down, bye...
This probably happens because wrc causes /run/systemd to be hidden in
the sandbox and because check_can_drop_all_groups is called multiple
times, seemingly both before and after the whitelisting goes into
effect. So disable the message about nogroups being ignored, but keep
the message about cleaning all supplementary groups (which is unlikely
to be printed unless it really happens).
Fixes #4930.
|
|\ \
| | |
| | | |
Update security policy for 0.9.68 release
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Additional fixes:
Ubuntu 16.04 ais EOL. This means that Firejail 0.9.38 is (to
reasonable knowledge) not supported by any mainstream distros.
Ubuntu 21.04 is also EOL.
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
netblue30/dependabot/github_actions/github/codeql-action-1.1.0
Bump github/codeql-action from 1.0.31 to 1.1.0
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.31 to 1.1.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/1a927e9307bc11970b2c679922ebc4d03a5bd980...474bbf07f9247ffe1856c6a0f94aeeb10e7afee6)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \ \
| |_|/
|/| | |
testing: fix expect matching of numbers
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The sandbox timestamp should not be available for matching
when output is already expected from the next command
(this is only a problem if numeric output if expected from the
first command in the sandbox).
A possible alternative would be to flush the expect output buffer
with 'expect "*"' after the sandbox is up.
|
|/ /
| |
| |
| |
| |
| | |
0319fbd enabled whitelisting in /usr/share for iridium but wusc
was still ignore causing iridium to crash.
Fixes #4917
|
|\ \
| |/
|/| |
keepassx: restore nou2f
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I could not find anything to confirm that keepassx supports hardware
keys. And as mentioned by @rusty-snake[1]:
> The yubikey support in kpxc seems to be based on
> https://github.com/kylemanna/keepassx /
> https://github.com/keepassx/keepassx/pull/52
> which was never merged. For me it looks like kpx never got official
> support for it.
>
> keepass seems to support hw keys (via plugin).
Also of note is the PR that added yubikey support to keepassxc:
https://github.com/keepassxreboot/keepassxc/pull/127
This partially reverts commit 09ac1a73e ("keepass*: remove nou2f",
2022-02-05) / PR #4903. See also commit 91b04172b ("keepass*: fix typo
in private-dev note", 2022-02-06).
Closes #4883.
[1] https://github.com/netblue30/firejail/issues/4883#issuecomment-1031172309
|
| | |
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | | |
* fix globalcfg help string
* fix --disable-globalcfg explanation
|
|/ / |
|
|\ \
| | |
| | | |
CI: replace centos (EOL) with almalinux
|
| | | |
|
|/ / |
|
|\ \
| | |
| | | |
push changelog date, so that it's different from the previous one
|
| | |
| | |
| | |
| | | |
otherwise the gitlab CI will complain
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
netblue30/dependabot/github_actions/github/codeql-action-1.0.31
Bump github/codeql-action from 1.0.30 to 1.0.31
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.30 to 1.0.31.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/8b37404d562d866ad6a65d0ecb4fa5131e047ca4...1a927e9307bc11970b2c679922ebc4d03a5bd980)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
|
| | |
|
|/ |
|
|
|
|
|
|
|
| |
s/nou2f/private-dev/
This amends commit 8a718ff4a ("keepass*: note that private-dev blocks
access to new hardware keys", 2022-02-05).
|
| |
|
| |
|
| |
|
|\
| |
| | |
keepass*: remove nou2f & add note about private-dev
|
| |
| |
| |
| |
| |
| | |
Which may be surprising to some users (see #4883).
Fixes #4883.
|
| |
| |
| |
| |
| |
| |
| | |
At least keepassxc supports U2F and password managers seem like they
would be a common use case for it.
See the discussion on #4883.
|
| |
| |
| |
| | |
Relates to #4413 #4479 #4515 #4561.
|
| |
| |
| |
| | |
Relates to #4606.
|
| |
| |
| |
| | |
Relates to #3226 #4521 #4628.
|
| |
| |
| |
| |
| |
| | |
And move the profile checks item to the ci section.
Relates to #2739 #4643 #4774.
|
| |
| |
| |
| | |
Relates to #4594 #4695 #4712.
|
| |
| |
| |
| | |
Relates to #4724.
|
| |
| |
| |
| | |
Relates to #2739 #4643 #4855.
|
|/
|
|
| |
regressed in c764520b5aa343c00c3a73633511df039645973c
|
|
|
|
| |
Relates to #4626.
|
|
|
|
| |
Relates to #4151.
|
|
|
|
|
|
|
| |
Interestingly, some really old issues were fixed in this release (#408
is from 2016).
Relates to #408 #928 #3042.
|
|\
| |
| | |
Organize relnotes
|
| |
| |
| |
| | |
Relates to #4078 #4632 #4689 #4725 #4732 #4851.
|
| |
| |
| |
| |
| |
| |
| | |
To make it easier to see at a glance what each item is about.
Note: Other than "removal", the prefixes are taken from previous
releases.
|