| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
| |
This amends commit ac6c8c038 ("fix #4078", 2022-01-21).
Fixes #4078.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Related to #4670. Firefox now does inter-process communication using
dbus.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ssh can start in master mode, which will spawn an additional long
running process, which keeps connections to a server open, so that
it can be reused by later connection attempts.
But the lingering master process will prevent the jail from shutting
down, when `firejail ssh` tries to exit.
This breaks for example ansible when using a firejailed ssh, as it
calls ssh with ControlMaster flags.
deterministic-shutdown will kill the other process when the parent
exits.
|
|
|
| |
AMD Open Source Driver For Vulkan (amdvlk) installs ICD files to /etc/vulkan.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Likely caused by commit 500a56efd ("more on nettrace", 2022-01-07).
From the build log of "debian_ci" for the above commit[1]:
make[1]: Leaving directory '/builds/Firejail/firejail_ci'
dh_fixperms -Nfirejail
debian/rules override_dh_missing
make[1]: Entering directory '/builds/Firejail/firejail_ci'
dh_missing -pfirejail --fail-missing
dh_missing: warning: etc/firejail/hostnames exists in debian/tmp but is not installed to anywhere
dh_missing: error: missing files, aborting
[1] https://gitlab.com/Firejail/firejail_ci/-/jobs/1952432676
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1.0.26 to 1.0.27.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/5f532563584d71fdef14ee64d17bafb34f751ce5...cd783c8a29bdcf5a5c79c5137889e24651fa626c)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
keep-fd option (#4845)
|
| | |
|
|\ \
| | |
| | | |
Keep vglusers group unless no3d is used (virtualgl)
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
virtualgl[1] runs `chown root:vglusers` on `/dev/nvidia*` and on devices
usually owned by the "render" group[2]. This makes them unavailable in
the sandbox if `noroot` (which causes groups to be dropped) is used.
Since firejail classifies all of the aforementioned devices as being
`DEV_3D` on fs_dev.c (which means that they are controlled by `no3d`),
treat the "vglusers" group the same as the "render" group (by always
keeping "vglusers" unless `no3d` is used).
See the discussion on #2042 (from this comment[3] onwards).
[1] https://virtualgl.org
[2] https://github.com/VirtualGL/virtualgl/blob/6f0b90be02d13171dfdfffb112485f4091a5904f/server/vglserver_config#L393
[3] https://github.com/netblue30/firejail/issues/2042#issuecomment-1007468715
Reported-by: @JCallicoat
|
| |
| |
| |
| | |
Relates to #4827.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
wget2 fixes
|
| | | |
|
|/ / |
|
|\ \
| |/
|/| |
Add wget2 support
|
| | |
|
| | |
|
| | |
|