aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* configure*: Add missing quotes to argumentsLibravatar Kelvin M. Klann2021-11-25
| | | | | | | | | | | | | | | | | | | | | | | | For increased safety and consistency. In addition, this should make it clearer where each argument starts and ends. See also the following item from autoconf NEWS[1]: > * Noteworthy changes in release 2.70 (2020-12-08) [stable] [...] > *** Many macros have become pickier about argument quotation. > > If you get a shell syntax error from your generated configure > script, or seemingly impossible misbehavior (e.g. entire blocks of > the configure script not getting executed), check first that all > macro arguments are properly quoted. The “M4 Quotation” section of > the manual explains how to quote macro arguments properly. > > It is unfortunately not possible for autoupdate to correct > quotation errors. [1] https://git.savannah.gnu.org/gitweb/?p=autoconf.git;a=blob;f=NEWS;h=ba418d1af5da752de77a2c388f9af56f8f1bf6a4;hb=97fbc5c184acc6fa591ad094eae86917f03459fa
* configure*: Fix wrong quote character in AC_MSG_ERRORLibravatar Kelvin M. Klann2021-11-24
| | | | | | | | | | | | | | | Square brackets are used as quotes in autoconf. From Section 8.1.1, Active Characters of the Autoconf manual[1]: > To fully understand where proper quotation is important, you first > need to know what the special characters are in Autoconf: ‘#’ > introduces a comment inside which no macro expansion is performed, ‘,’ > separates arguments, ‘[’ and ‘]’ are the quotes themselves, ‘(’ and > ‘)’ (which M4 tries to match by pairs), and finally ‘$’ inside a macro > definition. [1] https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.70/autoconf.html#Active-Characters
* configure*: Trim trailing spaces on var assignmentsLibravatar Kelvin M. Klann2021-11-24
| | | | | | Command used to find them: grep ' "$' configure.ac
* configure.ac: Ensure whitespace after each commaLibravatar Kelvin M. Klann2021-11-24
| | | | | | | | | | | For increased consistency and readability. This restores the spaces removed on commit bf81cd6ad ("configure.ac: run autoupdate to fix autoconf warning") / PR #4316. Command used to check for the lack of whitespace: grep ',[^ ]' configure.ac
* readme updateLibravatar netblue302021-11-23
|
* Merge pull request #4688 from Bundy01/masterLibravatar netblue302021-11-23
|\ | | | | Update firejail-local for Brave + ipfs
| * Update firejail-local for Brave + ipfsLibravatar Bundy012021-11-14
| |
* | cleanupLibravatar netblue302021-11-23
| |
* | Merge pull request #4438 from caydey/masterLibravatar netblue302021-11-23
|\ \ | | | | | | Added `quiet` to some CLI profiles
| * \ Merge branch 'netblue30:master' into masterLibravatar caydey2021-08-03
| |\ \
| * | | Added "quiet" to profileLibravatar caydey2021-08-03
| | | |
| * | | Added ~/Private blacklistLibravatar caydey2021-08-02
| | | |
* | | | Merge pull request #4632 from kmk3/consider-nosound-novideo-groupsLibravatar smitsohu2021-11-20
|\ \ \ \ | | | | | | | | | | Consider nosound and novideo when keeping groups & misc refactors
| * | | | Consider nosound and novideo when keeping groupsLibravatar Kelvin M. Klann2021-10-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Even when `nogroups` is not used, avoid keeping the audio and video groups when `nosound` and `novideo` are used, respectively. Based on @rusty-snake's suggestion: https://github.com/netblue30/firejail/issues/4603#issuecomment-944046299 Relates to #4603.
| * | | | util.c: check array size on copy_group_ifcontLibravatar Kelvin M. Klann2021-10-22
| | | | | | | | | | | | | | | | | | | | Check if new_groups already is full before trying to add to it.
| * | | | util.c: [ref] move group find/copy into new functionsLibravatar Kelvin M. Klann2021-10-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move the logic from clean_supplementary_groups into the following new functions: * find_group * copy_group_ifcont These will be reused later. Misc: The latter function's signature is based on getgrouplist(2), which is used on clean_supplementary_groups.
| * | | | main.c: [ref] fix indentation and whitespace around group handlingLibravatar Kelvin M. Klann2021-10-22
| | | | |
* | | | | testingLibravatar smitsohu2021-11-20
| | | | |
* | | | | build: Stop linking pthread (#4695)Libravatar Kelvin M. Klann2021-11-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added on commit 137985136 ("Baseline firejail 0.9.28", 2015-08-08). See also commit ad6bb83fa ("consolidate makefiles", 2018-03-31). It is not used anywhere. And it looks like it has never been used anywhere: $ git log --oneline -Gpthread.h 137985136..master $ Issue mentioned by @rusty-snake: https://github.com/netblue30/firejail/issues/4642#issuecomment-955795463
* | | | | zsh-comp: update description of machine-id to match --helpLibravatar Kelvin M. Klann2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This amends commit b5de1d0f9 ("Fix inconsistent descriptions of machine-id option"). Relates to #4689.
* | | | | Merge pull request #4690 from kmk3/docs-fix-machine-idLibravatar netblue302021-11-15
|\ \ \ \ \ | | | | | | | | | | | | Fix inconsistent descriptions of machine-id option
| * | | | | Fix inconsistent descriptions of machine-id optionLibravatar Kelvin M. Klann2021-11-15
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some places say that it "preserves" the file and other places say that it "spoofs" the file. Based on the fs_machineid function on src/firejail/fs_etc.c, the latter one is correct. This amends commit d0cc960c9 ("spoof machine-id", 2016-12-05). Fixes #4689. Reported-by: @svc88
* / | | | RELNOTES: mention move of firecfg.config to /etc/firejail/Libravatar Kelvin M. Klann2021-11-15
|/ / / / | | | | | | | | | | | | Relates to #4669.
* | | | Profile fixesLibravatar rusty-snake2021-11-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Update RELNOTES and README.md - disable-common.inc - blacklist ${HOME}/.local/share/ibus-typing-booster - blacklist /run/timeshift (closes #4660) - fix audacity.profile (closes #4659)
* | | | --ids-check/--ids-init documentationLibravatar netblue302021-11-13
| | | |
* | | | mergesLibravatar netblue302021-11-13
| | | |
* | | | mergesLibravatar netblue302021-11-13
| | | |
* | | | Merge pull request #4635 from smitsohu/noorphansLibravatar netblue302021-11-13
|\ \ \ \ | | | | | | | | | | deterministic-shutdown option
| * | | | deterministic-shutdown optionLibravatar smitsohu2021-10-28
| | | | |
* | | | | Merge pull request #4681 from jmetrius/openstego-profileLibravatar netblue302021-11-13
|\ \ \ \ \ | | | | | | | | | | | | Add OpenStego profile
| * | | | | implement review suggestionsLibravatar Jan Sonntag2021-11-12
| | | | | |
| * | | | | sort.py cleanupLibravatar Jan Sonntag2021-11-12
| | | | | |
| * | | | | Add OpenStego profileLibravatar Jan Sonntag2021-11-12
| | | | | |
* | | | | | Merge pull request #4679 from pirate486743186/patch-3Libravatar netblue302021-11-13
|\ \ \ \ \ \ | | | | | | | | | | | | | | update yt-dlp.profile
| * | | | | | update yt-dlp.profileLibravatar pirate4867431862021-11-11
| |/ / / / / | | | | | | | | | | | | ffprobe used for embedding images in difficult cases.
* | | | | | Merge pull request #4680 from kmk3/dc-fix-slock-pathLibravatar netblue302021-11-13
|\ \ \ \ \ \ | | | | | | | | | | | | | | disable-common.inc: fix paths of slock and physlock
| * | | | | | disable-common.inc: fix paths of slock and physlockLibravatar Kelvin M. Klann2021-11-11
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added on commit f0adf06c3 ("disable-common.inc: more SUID", 2021-11-09). Relates to #4668.
* / / / / / telnet and ftpLibravatar netblue302021-11-12
|/ / / / /
* | | | | readme updateLibravatar netblue302021-11-10
| | | | |
* | | | | Merge pull request #4676 from hlein/firejail_envchecksLibravatar netblue302021-11-11
|\ \ \ \ \ | | | | | | | | | | | | Make env/arg sanity check failure messages more useful
| * | | | | Make env/arg sanity check failure messages more usefulLibravatar Hank Leininger2021-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change doesn't alter any checks, but it gives more specific errors when a sanity check of env vars or argv does not pass, which can point to limits to raise or at least give us better detailed bug reports. Signed-off-by: Hank Leininger <hlein@korelogic.com> Bug: https://github.com/netblue30/firejail/issues/3678 Bug: https://github.com/netblue30/firejail/issues/3851 Bug: https://github.com/netblue30/firejail/issues/4633
* | | | | | Merge pull request #4652 from kmk3/fix-toctou-easyLibravatar netblue302021-11-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix TOCTOU/CodeQL CWE-367 warnings (easy ones + fs.c)
| * | | | | | fs.c: Fix TOCTOU/CodeQL CWE-367 warningLibravatar Kelvin M. Klann2021-10-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Relates to #4503.
| * | | | | | Fix TOCTOU/CodeQL CWE-367 warnings (easy ones)Libravatar Kelvin M. Klann2021-10-30
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This should fix all such warnings on the following files: * src/fids/main.c * src/firejail/seccomp.c Misc: Besides the above reason, these are some of the more straightforward TOCTOU warning fixes and they are done without any additional refactor commits, so that's the reason for "easy ones". List of TOCTOU warnings: https://github.com/netblue30/firejail/security/code-scanning?query=id%3Acpp%2Ftoctou-race-condition See https://cwe.mitre.org/data/definitions/367.html Relates to #4503.
* | | | | | Merge pull request #4669 from hlein/firecfg_locationLibravatar netblue302021-11-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | Relocate firecfg.config to /etc/firejail/
| * | | | | | Relocate firecfg.config to /etc/firejail/Libravatar Hank Leininger2021-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This should make it easier for users, and distributions, to customize which programs they want firejail to wrap. Also fixed some firecfg.cfg -> firecfg.config references. Signed-off-by: Hank Leininger <hlein@korelogic.com> Closes: https://github.com/netblue30/firejail/issues/408 Bug: https://github.com/netblue30/firejail/issues/2097 Bug: https://github.com/netblue30/firejail/issues/2829 Bug: https://github.com/netblue30/firejail/issues/3665
* | | | | | | Merge pull request #4675 from glitsj16/ssh-fixesLibravatar netblue302021-11-11
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | more ssh fixes
| * | | | | | change Fedora ssh fixLibravatar glitsj162021-11-10
| | | | | | | | | | | | | | | | | | | | | Suggested in https://github.com/netblue30/firejail/pull/4675#discussion_r746510840. Makes sense!
| * | | | | | add Fedora fixLibravatar glitsj162021-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Added Fedora path as per https://github.com/netblue30/firejail/pull/4675#pullrequestreview-802438767. NOTE: there are several other profiles touching /usr/libexec, so untill someone on Fedora can shed some light on what files are installed under /usr/libexec, I only blacklisted ssh-keysign. I'll pick this up tomorrow, a bit pressed for time in the non-digital worlds...
| * | | | | | add Fedora fixesLibravatar glitsj162021-11-10
| | | | | | | | | | | | | | | | | | | | | Added Fedora path as per https://github.com/netblue30/firejail/pull/4675#pullrequestreview-802438767.
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-07 00:34:22 +0000