| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
docs: mention risk of SUID binaries and also firejail-users(5)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On the introduction of firejail(1), mention the main risk of SUID
binaries and that by default, only trusted users should be allowed to
run firejail (and how to accomplish that).
Note: The added comment line is completely discarded (so there is no
extraneous blank line); see groff_man(7) for details.
Suggested by @emerajid on #5288.
Relates to #4601.
|
| |\ \
| | |
| | | |
vmware.profile: snapshot requires /etc/mtab
|
| | |/
| |
| |
| |
| |
| |
| | |
This patch avoid the following error:
Error: One of the parameters supplied is invalid
Tested with VMware Workstation 16.2.4
|
| | | |
|
| |\ \
| | |
| | | |
Add support for custom AppArmor profiles (--apparmor=)
|
| | |/ |
|
| | |
| |
| |
| | |
Relates to #5283 #5284.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
neomutt won't write to these locations. Processes it spawns might read
to some of them, but creating an empty file doesn't help. This just
pollutes user's $HOME with empty files and directories.
I've kept a few paths that MAY be written to by neomutt; it's not ideal,
but I want to minimise the risk of potential data loss, even if it is
corener cases.
See: https://github.com/netblue30/firejail/discussions/5276
|
| |\ \
| | |
| | | |
build: config.sh.in: quote variables and fix shellcheck issues
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix the following error and warnings:
$ shellcheck --version | grep ^version:
version: 0.8.0
$ shellcheck config.sh.in
In config.sh.in line 1:
# @configure_input@
^-- SC2148 (error): Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
In config.sh.in line 3:
NAME=@PACKAGE_NAME@
^--^ SC2034 (warning): NAME appears unused. Verify use (or export if used externally).
In config.sh.in line 4:
VERSION=@PACKAGE_VERSION@
^-----^ SC2034 (warning): VERSION appears unused. Verify use (or export if used externally).
For more information:
https://www.shellcheck.net/wiki/SC2148 -- Tips depend on target shell and y...
https://www.shellcheck.net/wiki/SC2034 -- NAME appears unused. Verify use (...
Relates to #5140.
|
| | |/
| |
| |
| |
| |
| |
| | |
Output variables in general may contain values with spaces in them.
Example: `CC=gcc -foo`.
Relates to #5140.
|
| |\ \
| | |
| | | |
build: Add files `make uninstall` forgot to remove
|
| | | |
| | |
| | |
| | |
| | | |
There were a couple of files leftover after `make uninstall`. This
patch fixes that.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* fix(audacity): !5281 sharedlib bug on Arch/Fedora
removed `private-bin` line from audacity profile as it appears to block
access to shared libraries needed to start audacity on some
distributions.
Relates to github issue #5281
* fix(audacity): Disabling apparmor and reenabling private-bin
|
| |\ \ \
| | | |
| | | | |
makepkg: add description
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* add gdu to 'new profiles' section
* Create gdu.profile
* add gdu to firecfg
* harden gdu sandbox
* fix protocol
* simulate empty protocol in gdu
* more user-friendly gdu sandboxing
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.17 to 2.1.18.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/0c670bbf0414f39666df6ce8e718ec5662c21e03...2ca79b6fa8d3ec278944088b4aa5f46912db5d63)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.16 to 2.1.17.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/3e7e3b32d0fb8283594bb0a76cc60a00918b0969...0c670bbf0414f39666df6ce8e718ec5662c21e03)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
| |
| |
| | |
Relates to #5248 #5249 #5251.
|
| |/
|
|
| |
Relates to #5240 #5242.
|
| |\
| |
| | |
introduce new option restrict-namespaces
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
improve force-nonewprivs security guarantees
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
build: add autoconf auto-generation comment to input files
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To note on the output files that they are generated and to clarify how
they are generated.
From the manual of GNU Autoconf (version 2.69):
> -- Variable: configure_input
> A comment saying that the file was generated automatically by
> 'configure' and giving the name of the input file. 'AC_OUTPUT'
> adds a comment line containing this variable to the top of every
> makefile it creates. For other files, you should reference this
> variable in a comment at the top of each input file. For
> example, an input shell script should begin like this:
>
> #!/bin/sh
> # @configure_input@
>
> The presence of that line also reminds people editing the file
> that it needs to be processed by 'configure' in order to be used.
Resulting output on config.mk:
# config.mk. Generated from config.mk.in by configure.
Relates to #5140.
|
| |\ \ \ \
| | | | |
| | | | | |
ci: ignore git-related paths and the project license
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add the following paths to the ignore lists:
- .git-blame-ignore-revs
- .gitignore
- COPYING
To avoid running CI unnecessarily.
Commands used to show only the root files:
$ git ls-files | grep -v /
Misc: I noticed the missing paths on #5248.
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
build: add dist build directory to .gitignore
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Ignore it only on the repository root path, as a directory that matches
`firejail-*` could eventually be added.
Note that the dist archive is already ignored since commit da6b131c3
("chore(.gitignore) ignore built packages", 2018-01-15) / PR #1733.
Example paths:
* build dir: firejail-0.9.71/
* archive: firejail-0.9.71.tar.xz
See `$(NAME)-$(VERSION)` and `$(NAME)-$(VERSION).tar.xz` in the "dist"
target on the root Makefile.
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
CI: bump ubuntu to 22.04 and use newer compilers / analyzers
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
to check
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
runner
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
firejail is no longer detecting that /etc/hosts is getting opened.
in strace it can still be seen that the file is opened via syscall,
but on C library layer (which firejail is tracing) it's probably
implemented differently now.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
grep was returning non-zero exit code if it did NOT find the
error marker, and zero if it did.
|
| | | | | | | |
|
| | | | | | | |
|
| |/ / / / / |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This directory contains the MAC address for connections available
Tested working with torbrowser-launcher and onionshare
Signed-off-by: Tad <tad@spotco.us>
|
| | |_|/ /
|/| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.15 to 2.1.16.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/3f62b754e23e0dd60f91b744033e1dc1654c0ec6...3e7e3b32d0fb8283594bb0a76cc60a00918b0969)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |_|/
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* remmina.profile: allow python
* Update etc/profile-m-z/remmina.profile
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
|
netblue30
Kelvin M. Klann
Davide Gerhard
Азалия Смарагдова
Hugo Osvaldo Barrera
Tommy Nguyen
Christopher Morrow
pirate486743186
glitsj16
dependabot[bot]
smitsohu
Reiner Herrmann
Tad
NetSysFire