aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* mergesLibravatar netblue302023-07-16
|
* feature: stats support for --nettraceLibravatar netblue302023-07-16
|
* Merge branch 'master' of ssh://github.com/netblue30/firejailLibravatar netblue302023-07-16
|\
| * Merge pull request #5900 from kmk3/firecfg-support-doasLibravatar Kelvin M. Klann2023-07-16
| |\ | | | | | | feature: add doas support in firecfg and jailcheck
| | * feature: add doas support in firecfg and jailcheckLibravatar Kelvin M. Klann2023-07-14
| | | | | | | | | | | | | | | | | | Closes #5899. Suggested-by: @shaggonit
| | * firecfg: add const to a few functions/variablesLibravatar Kelvin M. Klann2023-07-14
| | | | | | | | | | | | To make it clearer that they are not modified later.
| | * firecfg: rename get_user to get_sudo_userLibravatar Kelvin M. Klann2023-07-14
| | | | | | | | | | | | To make it match the function used in src/jailcheck/utils.c.
| * | bleachbit.profile: allow erasing Trash contentsLibravatar ydididodat2023-07-16
| |/ | | | | | | | | | | | | Bleachbit is used to permanently delete files by overwriting the memory. So the most popular feature of Bleachbit is emptying the Trash. Relates to #5337.
| * Merge pull request #5387 from kmk3/dc-blacklist-sudoersLibravatar Kelvin M. Klann2023-07-14
| |\ | | | | | | disable-common.inc: blacklist sudo/doas paths in /etc
| | * disable-common.inc: blacklist sudo/doas paths in /etcLibravatar Kelvin M. Klann2023-07-14
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commands used to find the relevant paths in /etc: $ pacman -Qo /etc/* 2>/dev/null | grep sudo | LC_ALL=C sort /etc/pam.d/ is owned by sudo 1.9.14.p1-1 /etc/sudo.conf is owned by sudo 1.9.14.p1-1 /etc/sudo_logsrvd.conf is owned by sudo 1.9.14.p1-1 /etc/sudoers is owned by sudo 1.9.14.p1-1 /etc/sudoers.d/ is owned by sudo 1.9.14.p1-1 Environment: Artix Linux. Also, add missing paths sudo/doas to etc/ids.config and jailcheck. See also commit dbebd71db ("disable-common.inc: blacklist doas binary", 2022-10-05). Relates to #5385. Reported-by: Dieter Plaetinck <dieter@plaetinck.be>
| * Merge pull request #5881 from glitsj16/rssguardLibravatar netblue302023-07-13
| |\ | | | | | | New profile: rssguard
| | * RELNOTES: revert adding rssguard to new profiles sectionLibravatar glitsj162023-07-06
| | | | | | | | | As per review https://github.com/netblue30/firejail/pull/5881#pullrequestreview-1515652336
| | * Merge branch 'netblue30:master' into rssguardLibravatar glitsj162023-07-06
| | |\
| | * | rssguard.profile: add netlink to protocolLibravatar glitsj162023-07-05
| | | |
| | * | rssguard.profile: add seccomp.block-secondaryLibravatar glitsj162023-07-04
| | | |
| | * | disable-programs.inc: fix ordering rssguard entreeLibravatar glitsj162023-07-03
| | | | | | | | | | | | Grrrr
| | * | disable-programs.inc: fix rssguard entreeLibravatar glitsj162023-07-03
| | | | | | | | | | | | Apparently a path containing whitespace and ending with a single digit breaks CI: https://github.com/netblue30/firejail/actions/runs/5448790502.
| | * | firecfg.config: add rssguardLibravatar glitsj162023-07-03
| | | |
| | * | RELNOTES: add rssguard to 'new profiles' sectionLibravatar glitsj162023-07-03
| | | |
| | * | Create rssguard.profileLibravatar glitsj162023-07-03
| | | |
| | * | disable-programs.inc: add support for rssguardLibravatar glitsj162023-07-03
| | | |
| * | | Merge pull request #5893 from pirate486743186/fehLibravatar netblue302023-07-13
| |\ \ \ | | | | | | | | | | refresh feh.profile
| | * | | refresh feh.profileLibravatar pirate4867431862023-07-12
| | | | |
* | | | | fnettrace cleanupLibravatar netblue302023-07-15
|/ / / /
* | | | Merge pull request #5898 from kmk3/build-simplify-manLibravatar netblue302023-07-13
|\ \ \ \ | | | | | | | | | | build: simplify code related to man pages
| * | | | build: simplify code related to man pagesLibravatar Kelvin M. Klann2023-07-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Simplify the main targets and use wildcards instead of repeating the filenames manually. Also, restore the `man` target and building only when `HAVE_MAN` is enabled. Note: Make automatically removes intermediate files (.1 and .5), so in general only the .gz files have to be cleaned. Commands used to rename the man pages: cd src/man git mv firecfg.txt firecfg.1.in git mv firejail-login.txt firejail-login.5.in git mv firejail-profile.txt firejail-profile.5.in git mv firejail-users.txt firejail-users.5.in git mv firejail.txt firejail.1.in git mv firemon.txt firemon.1.in git mv jailcheck.txt jailcheck.1.in This is kind of a follow-up to commit 9e206b7f2 ("rework src/man Makefile", 2023-07-07).
| * | | | build: restore seccomp filter targetsLibravatar Kelvin M. Klann2023-07-13
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This partially reverts commit 2b34747db ("generate seccomp filters at install time", 2023-07-07). See also commit 6fa19aab9 ("feature: use seccomp filters build at install time for --restrict-namespaces", 2023-07-12). The seccomp filters were always being built because src/fseccomp/fseccomp (and other programs) are in `$(ALL_ITEMS)`, which is incorrectly marked as phony. This commit fixes that and restores the previous target logic, for consistency with the other targets and so that the seccomp filters are made at build time rather than at install time.
* | | | Merge branch 'master' of ssh://github.com/netblue30/firejailLibravatar netblue302023-07-12
|\ \ \ \
| * | | | build(deps): bump github/codeql-action from 2.20.1 to 2.20.3Libravatar dependabot[bot]2023-07-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.1 to 2.20.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f6e388ebf0efc915c6c5b165b019ee61a6746a38...46ed16ded91731b2df79a2893d3aea8e9f03b5c4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
| * | | | build: remove extraneous blank lines in makefilesLibravatar Kelvin M. Klann2023-07-12
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added in the following commits: * f3774678f ("compress static ip map for fnettrace at compile time", 2023-07-06) * 9e206b7f2 ("rework src/man Makefile", 2023-07-07)
* | | | feature: use seccomp filters build at install time for --restrict-namespacesLibravatar netblue302023-07-12
| | | |
* | | | fix server.profileLibravatar netblue302023-07-10
|/ / /
* | | Makefile fixLibravatar netblue302023-07-10
| | |
* | | fix random hostnameLibravatar netblue302023-07-10
| | |
* | | fix ani-cli.profile (#5892)Libravatar pirate4867431862023-07-10
| | | | | | | | | Co-authored-by: pirate486743186 <>
* | | generate seccomp filters at install timeLibravatar netblue302023-07-07
| | |
* | | rework src/man MakefileLibravatar netblue302023-07-07
| |/ |/|
* | Merge pull request #5885 from pirate486743186/lobsterLibravatar netblue302023-07-06
|\ \ | | | | | | fix lobster.profile
| * | fix lobster.profileLibravatar pirate4867431862023-07-05
| | |
* | | Merge pull request #5884 from pirate486743186/mov-cliLibravatar netblue302023-07-06
|\ \ \ | | | | | | | | fix mov-cli.profile
| * | | fix mov-cli.profileLibravatar pirate4867431862023-07-05
| |/ /
* | | compress static ip map for fnettrace at compile timeLibravatar netblue302023-07-06
| | |
* | | rename static-ip-map to static-ip-map.txtLibravatar netblue302023-07-05
|/ /
* | rebuild configure script for Debian 12 (run into some problems with ↵Libravatar netblue302023-07-05
| | | | | | | | PKG_CHECK_MODULES macro
* | virtualbox: gentoo fix (#5880)Libravatar glitsj162023-07-04
|/
* Merge pull request #5871 from kmk3/improve-errexitLibravatar Kelvin M. Klann2023-07-01
|\ | | | | modif: improve errExit error messages
| * Improve errExit error messagesLibravatar Kelvin M. Klann2023-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: * Move msg to the end of errExit (right before perror(3p)) * Include the full file path (within the repository) * Add "()" to function name for clarity Before: Error malloc: main.c:123 main: Cannot allocate memory After: Error src/firejail/main.c:123 main(): malloc: Cannot allocate memory Note: This clarifies which is the exact file that the error message comes from, as there are many source files with the same name. For example: $ git ls-files 'src/*/main.c' | wc -l 20
| * common.h: use __func__ instead of __FUNCTION__Libravatar Kelvin M. Klann2023-06-28
| | | | | | | | | | | | For increased portability. The former is in C99, the latter is from gcc.
| * common.h: line-wrap errExitLibravatar Kelvin M. Klann2023-06-28
| |
| * Deduplicate calls similar to errExitLibravatar Kelvin M. Klann2023-06-28
| | | | | | | | | | | | Use errExit in every place that uses __FILE__ and __LINE__ manually. Note: This currently only happens in the duplicated `is_dir` function.
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-30 15:43:28 +0000